我有一个使用 NVD API 提取漏洞数据的流程。多年来一直运行良好。
突然,我在日志中收到周期性错误,例如:
Downloaded 6000 CVEs.
Process finished at 2024-07-02 11:02:55
Total duration: 173.34 seconds
Downloaded 8000 CVEs.
Error: Invalid API key
Process finished at 2024-07-02 15:01:10
Total duration: 0.30 seconds
Downloaded 0 CVEs.
Process finished at 2024-07-02 17:00:37
Total duration: 1.92 seconds
Downloaded 0 CVEs.
Error: Invalid API key
我在这里用这段代码测试了这个问题:
import requests
import logging
import time
# Configure logging
logging.basicConfig(filename='/<dir>/api_key_check.log', level=logging.INFO, format='%(asctime)s:%(levelname)s:%(message)s')
def is_valid_api_key(apiKey, retries=3, delay=5, timeout=10):
test_url = 'https://services.nvd.nist.gov/rest/json/cves/2.0'
test_params = {'startIndex': 0, 'resultsPerPage': 1}
headers = {'apiKey': apiKey}
for attempt in range(retries):
try:
logging.info(f"Attempt {attempt + 1} to check API key.")
test_response = requests.get(test_url, params=test_params, headers=headers, timeout=timeout)
if test_response.status_code == 200:
logging.info("API key is valid.")
return True
elif test_response.status_code == 403:
logging.error("Forbidden: The API key might be invalid or rate-limited.")
return False
else:
logging.error(f"Unexpected status code {test_response.status_code} on attempt {attempt + 1}")
except requests.Timeout:
logging.error(f"Request timed out on attempt {attempt + 1}")
except requests.RequestException as e:
logging.error(f"Request failed on attempt {attempt + 1}: {e}")
time.sleep(delay)
logging.error("API key validation failed after multiple attempts.")
return False
# Replace 'your_api_key_here' with your actual API key
apiKey = 'your_api_key_here'
if is_valid_api_key(apiKey):
print("API key is valid.")
else:
print("Error: Invalid API key.")
我运行它,我得到:
Error: Invalid API key.
NIST 和 NVD 人员并不擅长回应。这已经坏了4天了。
他们的聊天群里有这个:
https://groups.google.com/a/list.nist.gov/g/nvd-news
有没有人遇到过这个问题,或者有什么指导?
我没有 API 密钥来尝试,但他们的 API 文档包括:
激活后,API 密钥可以作为请求者 URL 字符串的参数包含在内
我在文档中没有看到任何建议您可以将其作为标头提供的内容,我认为它很可能从未作为标头起作用,但 API 以前不需要密钥即可工作,而您只是遇到了他们的新功能更低的利率限制。