I am trying to run Dependency Check by mirroring the NVD database and using a Python PWS to connect to it. The main reason for doing so is to avoid getting into any proxy/firewall related issues.
However, I get the following exception which results in the check being aborted.
WARN - Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
2017-08-25 15:19:25,972 org.owasp.dependencycheck.Engine:678
DEBUG - Update Error
org.owasp.dependencycheck.data.update.exception.UpdateException: org.xml.sax.SAXParseException; systemId: file:/var/folders/gh/t16d_7tx0xx8cvfc0znmvp_9y384sn/T/dctempc61e02e2-b996-4f4f-b1ff-6138eb9ed6fa/cve_1_2_Modified_3131647077520596217.xml; lineNumber: 1; columnNumber: 10; DOCTYPE is disallowed when the feature "
http://apache.org/xml/features/disallow-doctype-decl" set to true.
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:170)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:118)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:45)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1472)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:914)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:841)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:327)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:328)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importXML(ProcessTask.java:147)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:166)
... 6 common frames omitted
2017-08-25 15:19:25,973 org.owasp.dependencycheck.Engine:911
ERROR - No documents exist
I understand this build is supposed to fix the SAXParseException, but it doesnt seem to in my case. Is this a known issue, when will a fix be availabile, is there a workaround?