fix: resolve ClientPayloadError on CVE downloading (issue #5779)#5787
fix: resolve ClientPayloadError on CVE downloading (issue #5779)#5787jeffrey-theog06 wants to merge 5 commits into
Conversation
Signed-off-by: Jeffrey Shalom <jeffshalom06@gmail.com>
Signed-off-by: Jeffrey Shalom <jeffshalom06@gmail.com>
d6e1c75 to
d05fe3b
Compare
|
Thanks for this PR, @Thierry4135 can you confirm if it fixes your issue? |
|
Please do check and let me know. Any clarifications? Am open to answer. If its acceptable.. Merging the PR would be appreciated. Thanks! |
|
HI, I tried the modification but it didn't fix my issue: |
Signed-off-by: Jeffrey Shalom <jeffshalom06@gmail.com>
|
Ok @Thierry4135 I have again fixed the issue and it has been pushed and you can try pulling the latest commits from your branch to verify. And let me know the results. |
|
Those modifications fix the crash of cve-bin-tool . Some data getting are in "timeout". Adn downloading achieved at 100%. |
|
Okay.. Happy to hear that it fixed your issue. And hope it gets merged in the main code soon |
|
I've taken a look and this particular rabbit hole is quite deep. Here are my notes:
All in all, my conclusion is: this PR is quite misguided and must not be merged as-is. The change in The changes in |
Signed-off-by: Jeffrey Shalom <jeffshalom06@gmail.com>
|
Hey @alex-ter , I have made the changes of reverting back as you wanted.. please go through and let me know.. ! |
Summary
This PR resolves issue #5779, where the CVE database downloading process (particularly when using
-n json-mirroror other multiple-file sources) hangs at 60% and crashes with:ClientPayloadError: Response payload is not completed: <ContentLengthError: 400, message='Not enough data to satisfy content length header.'>Root Cause
In
cve_bin_tool/fetch_json_db.py, the download tasks were created as rawsession.get(url)context managers inside list comprehensions. All connections (typically ~250 for a signed mirror database) were initiated concurrently. However, their response bodies were read sequentially in a single-threaded loop (await resp.read()). While the first few files were being read and saved to disk, the server ended up severing the remaining idle/un-read connections, leading to theClientPayloadError.Changes
download_file(self, session, url)wrapping the request inside a properasync withblock, forcing immediate read of the payload body and closing the connection.get_download_urlsto queueself.download_file(...)coroutines instead of raw request context manager objects.download_filesto run and await the queued download tasks concurrently.MockRequestContextManagerclass mimickingaiohttp._RequestContextManagerto support bothawaitandasync withprotocols, ensuring test mock compatibility.Verification