Primary Key violation exception

17 views
Skip to first unread message

Corey Conway

unread,
Jun 16, 2020, 8:01:32 AM6/16/20
to Dependency Check
I was wondering if anyone else has run into this issue.  I was using 5.2.3 of the maven plugin to update my local MSSQL database and I started getting this error below.  Then I dropped the tables of my database, ran the initialize_mssql SQL to recreate the tables and then ran an update using the 5.3.2 version of the plugin and got the same error.  I've tried removing the rows it complains about and running the update again but that doesn't seem to work either.  

...
[INFO] Processing Started for NVD CVE - 2020
[INFO] Processing Started for NVD CVE - 2019
[ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-11042'
org.owasp.dependencycheck.data.update.exception.UpdateException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-11042'
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:156)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
    at java.lang.Thread.run (Thread.java:745)
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-11042'
    at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:887)
    at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:99)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
    at java.lang.Thread.run (Thread.java:745)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Violation of PRIMARY KEY constraint 'PK__cweEntry__C3F22D243510FBB1'. Cannot insert duplicate key in object 'dbo.cweEntry'. The duplicate key value is (93453, CWE-125).
    at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError (SQLServerException.java:259)
    at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult (SQLServerStatement.java:1547)
    at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement (SQLServerPreparedStatement.java:548)
    at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute (SQLServerPreparedStatement.java:479)
    at com.microsoft.sqlserver.jdbc.TDSCommand.execute (IOBuffer.java:7344)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand (SQLServerConnection.java:2713)
    at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand (SQLServerStatement.java:224)
    at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement (SQLServerStatement.java:204)
    at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.execute (SQLServerPreparedStatement.java:463)
    at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerabilityInsertCwe (CveDB.java:1114)
    at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:874)
    at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:99)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
    at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
    at java.lang.Thread.run (Thread.java:745)
...

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:update-only (default-cli) on project owasp-dependency-check-update-db: An exception occurred while downloading updates. Please see the log file for more details.: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-11042': Violation of PRIMARY KEY constraint 'PK__cweEntry__C3F22D243510FBB1'. Cannot insert duplicate key in object 'dbo.cweEntry'. The duplicate key value is (93453, CWE-125). -> [Help 1]

Jeremy Long

unread,
Jun 23, 2020, 7:53:59 AM6/23/20
to Dependency Check

Corey Conway

unread,
Jun 24, 2020, 8:48:07 AM6/24/20
to Dependency Check
Thank you that resolved the issue.  I created those tables with the initialization script originally in October 2019 and haven't run the initialize script in our prod environment since.  Do you know why it just started becoming an issue in the last month even though that primary key was there since last year?  

Thanks,
Corey

Jeremy Long

unread,
Jun 25, 2020, 8:21:04 AM6/25/20
to Dependency Check
I believe this only came up as an issue recently because of changes to the published NVD data. Previously, the data feeds did not have duplicate CWE entries.

--Jeremy

On Tuesday, June 16, 2020 at 8:01:32 AM UTC-4, Corey Conway wrote:
Reply all
Reply to author
Forward
0 new messages