From d96a3beb1fe690e690587198acef6e9242606b43 Mon Sep 17 00:00:00 2001 From: al-obrien <37438544+al-obrien@users.noreply.github.com> Date: Thu, 23 Nov 2023 18:33:01 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20al-obrie?= =?UTF-8?q?n/rosv@19b3f0f326f020b4d7c6d81a11efdc86f315c82f=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- news/index.html | 3 ++- pkgdown.yml | 2 +- reference/RosvDownload.html | 2 +- search.json | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/news/index.html b/news/index.html index e56e48f..a614f53 100644 --- a/news/index.html +++ b/news/index.html @@ -49,7 +49,8 @@

rosv (development version)

-
+

rosv 0.5.0

diff --git a/pkgdown.yml b/pkgdown.yml index ee52dc8..b976937 100644 --- a/pkgdown.yml +++ b/pkgdown.yml @@ -3,7 +3,7 @@ pkgdown: 2.0.7 pkgdown_sha: ~ articles: rosv: rosv.html -last_built: 2023-11-23T17:49Z +last_built: 2023-11-23T18:32Z urls: reference: https://al-obrien.github.io/rosv/reference article: https://al-obrien.github.io/rosv/articles diff --git a/reference/RosvDownload.html b/reference/RosvDownload.html index 322142f..64ed431 100644 --- a/reference/RosvDownload.html +++ b/reference/RosvDownload.html @@ -200,7 +200,7 @@

Examples
query <- RosvDownload$new(ecosystem = 'CRAN')
 query
 #> Request(s) made to: https://osv-vulnerabilities.storage.googleapis.com/CRAN 
-#> Save location:  /tmp/Rtmp7KJwFe/rosv/CRAN-c9cfa2da6b10c95f7c8f5187f44b4ab1 
+#> Save location:  /tmp/RtmpFO5VEu/rosv/CRAN-c9cfa2da6b10c95f7c8f5187f44b4ab1 
 #> Object contents:  NULL

diff --git a/search.json b/search.json index 55d03fd..bb9c979 100644 --- a/search.json +++ b/search.json @@ -1 +1 @@ -[{"path":"https://al-obrien.github.io/rosv/LICENSE.html","id":null,"dir":"","previous_headings":"","what":"MIT License","title":"MIT License","text":"Copyright (c) 2023 rosv authors Permission hereby granted, free charge, person obtaining copy software associated documentation files (“Software”), deal Software without restriction, including without limitation rights use, copy, modify, merge, publish, distribute, sublicense, /sell copies Software, permit persons Software furnished , subject following conditions: copyright notice permission notice shall included copies substantial portions Software. SOFTWARE PROVIDED “”, WITHOUT WARRANTY KIND, EXPRESS IMPLIED, INCLUDING LIMITED WARRANTIES MERCHANTABILITY, FITNESS PARTICULAR PURPOSE NONINFRINGEMENT. EVENT SHALL AUTHORS COPYRIGHT HOLDERS LIABLE CLAIM, DAMAGES LIABILITY, WHETHER ACTION CONTRACT, TORT OTHERWISE, ARISING , CONNECTION SOFTWARE USE DEALINGS SOFTWARE.","code":""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"package-purpose","dir":"Articles","previous_headings":"","what":"Package purpose","title":"Introduction to rosv","text":"{rosv} package provides two core purposes: Access information Open Source Vulnerability (OSV) database. Operate vulnerability information create formatted lists package administration. Consequently, functions {rosv} relate querying downloading content OSV, parsing JSON content, generating tables lists regarding key information package vulnerabilities. OSV database specific R related repositories CRAN; users can access information ecosystem available OSV. R users also dabble Python, can search package vulnerabilities within PyPI repository remaining R interface.","code":""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"basic-examples","dir":"Articles","previous_headings":"","what":"Basic Examples","title":"Introduction to rosv","text":"following examples outline assortment package functionality first must load package!","code":"library(rosv)"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"detect-vulnerable-packages","dir":"Articles","previous_headings":"Basic Examples","what":"Detect vulnerable packages","title":"Introduction to rosv","text":"One simplest queries provide package ecosystem return TRUE/FALSE response informing package ever listed vulnerability. number vulnerabilities detected package can also queried.","code":"is_pkg_vulnerable(c('dask', 'dash'), ecosystem = c('PyPI', 'PyPI')) #> dask dash #> TRUE FALSE osv_count_vulns(c('dask', 'readxl', 'dplyr'), c('PyPI', 'CRAN', 'CRAN')) #> dask readxl dplyr #> 1 3 0"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"list-package-vulnerabilities","dir":"Articles","previous_headings":"Basic Examples","what":"List package vulnerabilities","title":"Introduction to rosv","text":"basic usage {rosv} pull versions ecosystem’s packages (e.g. PyPI CRAN) listed OSV database. can achieved using high-level functions osv_query() create_osv_list(). start can query one package PyPI vulnerabilities. Use OSV query generate sorted de-duplicated list just package name version. Pull entire set PyPI vulnerability data de-duplicate","code":"pkg_vul <- osv_query('dask', ecosystem = 'PyPI', all_affected = FALSE) pkg_tbl <- create_osv_list(pkg_vul, as.data.frame = TRUE) head(pkg_tbl, 3) #> name versions #> 1 dask 0.10.0 #> 2 dask 0.10.1 #> 3 dask 0.10.2 pkg_vul <- osv_query(ecosystem = 'PyPI', all_affected = FALSE) pypi_vul <- create_osv_list(pkg_vul, as.data.frame = FALSE, NA_value = ' ') head(pypi_vul, 3) #> [1] \"aaiohttp\\t \" \"accesscontrol\\t2.13.0\" \"accesscontrol\\t2.13.1\""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"scan-an-r-project","dir":"Articles","previous_headings":"","what":"Scan an R project","title":"Introduction to rosv","text":"Packages discovered within R project ({renv} LOCK files installed packages .libPaths()) can parsed scanned directly using osv_scan(). data.frame returned package name logical value specifying vulnerability discovered OSV database. particular scanning mode exist, similar functionality can created package list associated version information passed is_pkg_vulnerable().","code":"osv_scan('r_project') #> name version ecosystem is_vul #> 1 commonmark 1.9.0 CRAN TRUE #> 2 jsonlite 1.8.7 CRAN TRUE #> 3 askpass 1.2.0 CRAN FALSE #> 4 base 4.3.1 CRAN FALSE"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"use-api-helpers-directly","dir":"Articles","previous_headings":"","what":"Use API helpers directly","title":"Introduction to rosv","text":"Lower-level functions return detail API request response contained within R6 object. flexible higher-level alternatives. default, results functions cached. can overriden specifying cache = FALSE. higher-level API query function osv_query() builds upon helpers align format returned content, making preferred choice typical use-cases.","code":"# Returns entire response object to parse as you please. osv_query_1('dask', ecosystem = 'PyPI') # Returns the vulnerability IDs for packages in list osv_querybatch('dask', ecosystem = 'PyPI') # Return vulnerabilities from different ecosystems as vectors osv_querybatch(c('dask', 'readxl'), ecosystem = c('PyPI', 'CRAN')) # Grab details by vulns ID osv_vulns('PYSEC-2021-387') # Download vulns for an ecosystem osv_download('PYSEC-2021-387', 'PyPI') osv_download(ecosystem = 'PyPI', download_only = TRUE)"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"result-caching","dir":"Articles","previous_headings":"","what":"Result caching","title":"Introduction to rosv","text":"default, results queries using API helpers (e.g. osv_query() osv_querybatch()) cache results using memoise::memoise(). caching can turned directly using function parameters globally reset using clear_osv_cache(). Caching default behavior help enforce polite access OSV API. clearing cache, vulnerability files saved disk temporary R session location also removed (refer environment variable ROSV_CACHE_GLOBAL).","code":"# Query without caching osv_query('dask', ecosystem = 'PyPI', cache = FALSE) # File will be saved to disk osv_download('PYSEC-2021-387', 'PyPI') # Clear cache, as needed clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"creating-a-cross-referenced-whitelist","dir":"Articles","previous_headings":"","what":"Creating a cross-referenced whitelist","title":"Introduction to rosv","text":"using product {miniCRAN} Posit Package Manager may corporate requirements limit packages users can install. Although whitelist often recommended, either specify exact versions approved exclude packages known vulnerabilities. Given sheer amount packages versions, often difficult. following method take vector packages (PyPI) cross-reference OSV database. packages identified either entirely dropped, specific versions flagged vulnerabilities excluded.","code":"# List of packages of interest python_pkg <- c('dask', 'dash', 'keras') # Create the xref whitelist xref_pkg_list <- create_xref_whitelist(python_pkg, ecosystem = 'PyPI', output_format = 'requirements.txt') # Output requirements.txt which can be used with PPM product writeLines(xref_pkg_list, file.path(tempdir(), 'requirements.txt'))"},{"path":"https://al-obrien.github.io/rosv/authors.html","id":null,"dir":"","previous_headings":"","what":"Authors","title":"Authors and Citation","text":"Allen OBrien. Author, maintainer, copyright holder.","code":""},{"path":"https://al-obrien.github.io/rosv/authors.html","id":"citation","dir":"","previous_headings":"","what":"Citation","title":"Authors and Citation","text":"OBrien (2023). rosv: Client Access Operate 'Open Source Vulnerability' API. R package version 0.5.0.9000, https://github.com/al-obrien/rosv, https://al-obrien.github.io/rosv/.","code":"@Manual{, title = {rosv: Client to Access and Operate on the 'Open Source Vulnerability' API}, author = {Allen OBrien}, year = {2023}, note = {R package version 0.5.0.9000, https://github.com/al-obrien/rosv}, url = {https://al-obrien.github.io/rosv/}, }"},{"path":[]},{"path":"https://al-obrien.github.io/rosv/index.html","id":"overview","dir":"","previous_headings":"","what":"Overview","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"{rosv} package API client Open Source Vulnerability (OSV) database. high low level functions available query database vulnerabilities package repositories across various open source ecosystems CRAN, Bioconductor, PyPI, many . Queries made OSV database useful check package vulnerabilities (including specific versions) enumerated package management files requirements.txt (Python) renv.lock (R). Checking valid query construction, API response pagination, parsing content handled {rosv}. Various helper functions assist administration Posit Package Manager similar services. Packages can routinely examined new vulnerabilities aide creation updating curated repositories well assigning block lists. details OSV project associated API can found : https://google.github.io/osv.dev/.","code":""},{"path":"https://al-obrien.github.io/rosv/index.html","id":"installation","dir":"","previous_headings":"","what":"Installation","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"latest development version, can install {rosv} GitHub:","code":"install.packages('rosv') library(rosv) remotes::install_github('al-obrien/rosv')"},{"path":"https://al-obrien.github.io/rosv/index.html","id":"basic-usage","dir":"","previous_headings":"","what":"Basic usage","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"fastest simplest way get started {rosv} use osv_query() function. Provide package name related ecosystem fetch identified vulnerabilities. Query multiple packages time across ecosystems. Return results packages provided others may part vulnerability. Download vulnerabilities listed ecosystem.","code":"osv_query('dask', ecosystem = 'PyPI') osv_query(c('dask', 'readxl', 'dplyr'), ecosystem = c('PyPI', 'CRAN', 'CRAN')) osv_query('apache-airflow', ecosystem = 'PyPI', all_affected = FALSE) osv_query(ecosystem = 'CRAN', all_affected = FALSE)"},{"path":"https://al-obrien.github.io/rosv/index.html","id":"development-notes","dir":"","previous_headings":"","what":"Development notes","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"{rosv} leverages {httr2} {httptest2} core API client functionality uses R6 classes low-level interface OSV API. also plans types returned details parsing content.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Database Downloads — RosvDownload","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"R6 class provide lower-level interface download OSV database GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"R6 object operate data downloaded OSV GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"vulnerability IDs provided, entire set downloaded ecosystem's .zip file. JSON files downloaded R session's temporary folder dictated environment variable ROSV_CACHE_GLOBAL. Due similarity parsing process, simply inherits method parent class RosvQuery1. ecosystems listed can downloaded.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"rosv::RosvQuery1 -> RosvDownload","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"public-fields","dir":"Reference","previous_headings":"","what":"Public fields","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"osv_cache_dir Location cached vulnerability JSON files. content Content downloading vulnerabilities. time_stamp Time stamp associated run. date_stamp_hash Hashed date time stamp. ecosystem ecosystem used upon creation. vuln_ids vulnerability IDs, provided. request URLs request downloaded files.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"rosv::RosvQuery1$parse()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"RosvDownload$new() RosvDownload$download() RosvDownload$run() RosvDownload$print() RosvDownload$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$new(vuln_ids = NULL, ecosystem)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"vuln_ids Character vector vulnerability IDs. ecosystem Ecosystem package lives within (must set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-download-","dir":"Reference","previous_headings":"","what":"Method download()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Download vulnerabilities provided ecosystem disk, location recorded osv_cache_dir field. overwrite existing files cache.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$download()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Load vulnerabilities R session. entire contents vulnerability file loaded. Subsequent use parse() method shrink memory footprint contents carried across.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-4","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"query <- RosvDownload$new(ecosystem = 'CRAN') query #> Request(s) made to: https://osv-vulnerabilities.storage.googleapis.com/CRAN #> Save location: /tmp/Rtmp7KJwFe/rosv/CRAN-c9cfa2da6b10c95f7c8f5187f44b4ab1 #> Object contents: NULL"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Query Endpoint — RosvQuery1","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"R6 class provide lower-level interface query endpoint OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"R6 object operate OSV query endpoint.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Pageination implemented via httr2::req_perform_iterative() private method extracting tokens automatically. initialized, page_token set NULL; token generated large results process handled internally. response object contain list returned responses formatting occurred. content field contain list vulnerabilities may parsed table format.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"public-fields","dir":"Reference","previous_headings":"","what":"Public fields","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"request Request object made httr2. content Body contents response OSV API. response Response object returned OSV API.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"RosvQuery1$new() RosvQuery1$run() RosvQuery1$parse() RosvQuery1$print() RosvQuery1$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$new( commit = NULL, version = NULL, name = NULL, ecosystem = NULL, purl = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"commit Commit hash query (use version set). version Version package. name Name package. ecosystem Ecosystem package lives within (must set using name). purl URL package (use name ecosystem set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-parse-","dir":"Reference","previous_headings":"","what":"Method parse()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Parse contents returned tidier format. Can use future plans help parallelize. contents parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$parse()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-4","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"query <- RosvQuery1$new(commit = '6879efc2c1596d11a6a6ad296f80063b558d5e0f') query #> Request made to: NA #> Successful responses of total: NA #> Successful content size (bytes): NA"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"R6 class provide lower-level interface querybatch endpoint OSV API. Batches enforced process commit hash, purl, name+ecosystem. avoids confusion taken preferentially simplifies query creation.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"R6 object operate OSV querybatch endpoint.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Pageination implemented via httr2::req_perform_iterative() private method extracting tokens automatically. initialized, page_token set NULL; token generated large results process handled internally. response object contain list returned responses formatting occurred. content field contain list results vulnerabilities may parsed table format.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"rosv::RosvQuery1 -> RosvQueryBatch","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"rosv::RosvQuery1$print()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"RosvQueryBatch$new() RosvQueryBatch$run() RosvQueryBatch$parse() RosvQueryBatch$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$new( commit = NULL, version = NULL, name = NULL, ecosystem = NULL, purl = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"commit Commit hash query (use version set). version Version package. name Name package. ecosystem Ecosystem package lives within (must set using name). purl URL package (use name ecosystem set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-parse-","dir":"Reference","previous_headings":"","what":"Method parse()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Parse contents returned tidier format.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$parse()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"details-1","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"result found, empty list returned API, parsing dropped list flattened. However, index list still accessible dropped items can easily identified results column. contents parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"pkgs <- c('jinja2', 'dask') ecosystem <- rep('PyPI', length(pkgs)) batchquery <- RosvQueryBatch$new(name = pkgs, ecosystem = ecosystem) batchquery #> Request made to: NA #> Successful responses of total: NA #> Successful content size (bytes): NA"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Vulns Endpoint — RosvVulns","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"R6 class provide lower-level interface vulnerability endpoint OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"R6 object operate OSV vulns endpoint.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"rosv::RosvQuery1 -> RosvVulns","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"rosv::RosvQuery1$parse()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"RosvVulns$new() RosvVulns$run() RosvVulns$print() RosvVulns$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$new(vuln_ids)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"vuln_ids Character vector vulnerability IDs.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"vulns <- RosvVulns$new(c('RSEC-2023-6', 'GHSA-jq35-85cj-fj4p')) vulns #> Request made to: NA #> Response status of: NA"},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":null,"dir":"Reference","previous_headings":"","what":"Check input against possible ecosystems available — check_ecosystem","title":"Check input against possible ecosystems available — check_ecosystem","text":"Internal function ensures inputs ecosystem valid based upon available OSV database.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Check input against possible ecosystems available — check_ecosystem","text":"","code":"check_ecosystem(ecosystem, suppressMessages = TRUE)"},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Check input against possible ecosystems available — check_ecosystem","text":"ecosystem Character value ecosystem(s) check. suppressMessages Boolean value whether suppress messages.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Check input against possible ecosystems available — check_ecosystem","text":"character vector, input valid ecosystem names.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Check input against possible ecosystems available — check_ecosystem","text":"attempt grab latest file cache current R session. session access online version, use local copy shipped package.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":null,"dir":"Reference","previous_headings":"","what":"Reset cached results of OSV calls — clear_osv_cache","title":"Reset cached results of OSV calls — clear_osv_cache","text":"thin wrapper around forget clear cached results deletes cached files ROSV_CACHE_GLOBAL environment variable location.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Reset cached results of OSV calls — clear_osv_cache","text":"","code":"clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Reset cached results of OSV calls — clear_osv_cache","text":"Invisibly returns logical value TRUE cache cleared without error.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Reset cached results of OSV calls — clear_osv_cache","text":"","code":"clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":null,"dir":"Reference","previous_headings":"","what":"Copy a {rosv} object — copy_rosv","title":"Copy a {rosv} object — copy_rosv","text":"Create copy {rosv} R6 class objects ensure original also updated future changes.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Copy a {rosv} object — copy_rosv","text":"","code":"copy_rosv(x, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Copy a {rosv} object — copy_rosv","text":"x Object copy. ... Additional parameters sent R6's clone method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Copy a {rosv} object — copy_rosv","text":"R6 class object.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Copy a {rosv} object — copy_rosv","text":"Since R6 classes reference semantics, escape updating original objects clone can made function.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Copy a {rosv} object — copy_rosv","text":"","code":"original_obj <- RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN') new_obj <- copy_rosv(original_obj)"},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":null,"dir":"Reference","previous_headings":"","what":"List packages identified in the OSV database — create_osv_list","title":"List packages identified in the OSV database — create_osv_list","text":"Create list package names versions based upon vulnerabilities discovered OSV database using osv_query.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"List packages identified in the OSV database — create_osv_list","text":"","code":"create_osv_list( rosv_query = NULL, as.data.frame = TRUE, sort = TRUE, delim = \"\\t\", NA_value = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"List packages identified in the OSV database — create_osv_list","text":"rosv_query table vulnerabilities (created via osv_query()). .data.frame Boolean value determine data.frame returned. sort Boolean value determine results sorted name version. delim deliminator separate package version details (ignored .data.frame set TRUE). NA_value Character value replace missing versions (typically means versions impacted).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"List packages identified in the OSV database — create_osv_list","text":"data.frame() vector object containing package version details.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"List packages identified in the OSV database — create_osv_list","text":"Requires object type rosv_query created osv_query. can selection packages vulnerabilities ecosystem. Depending use-case, users may prefer vector based output pairs package names versions separated provided value. Since name versions returned, one ecosystem can operated time. Please note, default behaviour osv_query() return packages (versions) across ecosystems associated discovered vulnerabilities. package discovered across several vulnerabilities listed multiple times, default, returned content. Unlike osv_query(), create_osv_list() sort return unique set packages. circumstances, users create rosv_query (via osv_query()) all_affected parameter set FALSE package names interest returned.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"List packages identified in the OSV database — create_osv_list","text":"","code":"if (FALSE) { # interactive() # List of a few PyPI packages in data.frame output pypi_query <- osv_query(c('dask', 'dash', 'aaiohttp'), ecosystem = rep('PyPI', 3), all_affected = FALSE) pypi_vul <- create_osv_list(pypi_query) file_name1 <- file.path(tempdir(), 'pypi_vul.csv') writeLines(pypi_vul, file_name1) # All CRAN vulns in vector output cran_query <- osv_query(ecosystem = 'CRAN', all_affected = FALSE) cran_vul <- create_osv_list(cran_query, as.data.frame = FALSE, delim = ',') file_name2 <- file.path(tempdir(), 'cran_vul.csv') writeLines(cran_vul, file_name2) # Clean up try(unlink(c(file_name1, file_name2))) }"},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":null,"dir":"Reference","previous_headings":"","what":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Use OSV data accessed via osv_query create blacklist (.e. blocklist) commands Posit Package Manager product.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"","code":"create_ppm_blacklist(rosv_query, flags = NULL)"},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"rosv_query table vulnerabilities (created via osv_query()). flags Global flag append commands.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Character vector containing blacklist commands.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Although OSV many databases open source software, function relevant CRAN/Bioconductor PyPI. ensure blacklist applied appropriate target, encouraged specify name source used configuration additional flag parameter (see examples). one ecosystem can used time ensure mix packages across ecosystems applied incompatible sources.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"","code":"if (FALSE) { # interactive() # Blacklist all CRAN package versions with a listed vulnerability cran_vul <- osv_query(ecosystem = 'CRAN', all_affected = FALSE) cmd_blist <- create_ppm_blacklist(cran_vul, flags = '--source=cran') }"},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":null,"dir":"Reference","previous_headings":"","what":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"Search package names vulnerability information selectively drop packages define specific versions used curated repository.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"","code":"create_xref_whitelist(packages, ecosystem, output_format = NULL)"},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"packages Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. output_format Type output create (default NULL data.frame).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"data.frame character vector containing cross-referenced packages.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"Note version suffixes may compatibility issues. example, use *-git suffix may recognized may need dropped. details PyPI package version naming see https://peps.python.org/pep-0440/. Due variations formatting OSV API, responses versions associated directly compatible function. Although default output data.frame, PyPI packages requirements.txt format can created defines versions allowed based upon cross-referencing performed. can useful curating repositories Posit Package Manager.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"","code":"if (FALSE) { # interactive() # Return xref dataset for CRAN package selection cran_pkg <- c('readxl', 'dplyr') cran_xref <- create_xref_whitelist(cran_pkg, ecosystem = 'CRAN') # Create a requirements.txt with excluded versions python_pkgs <- c('dask', 'aaiohttp', 'keras') xref_pkg_list <- create_xref_whitelist(python_pkgs, ecosystem = 'PyPI', output_format = 'requirements.txt') file_name <- file.path(tempdir(), 'requirements.txt') writeLines(xref_pkg_list, file_name) # Clean up try(unlink(file_name)) }"},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":null,"dir":"Reference","previous_headings":"","what":"Fetch all available ecosystems — fetch_ecosystems","title":"Fetch all available ecosystems — fetch_ecosystems","text":"Internal function used fetch available ecosystems OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Fetch all available ecosystems — fetch_ecosystems","text":"","code":"fetch_ecosystems(offline = FALSE, refresh = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Fetch all available ecosystems — fetch_ecosystems","text":"offline Boolean, determine using list bundled package. refresh Boolean, force refresh cache using online list.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Fetch all available ecosystems — fetch_ecosystems","text":"data.frame containing ecosystem names available OSV database.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Fetch all available ecosystems — fetch_ecosystems","text":"refresh parameter can used force data pulled even one available cached location. Since fresh pull performed R session, unlikely parameter required primarily reserved future use functionality necessitates.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":null,"dir":"Reference","previous_headings":"","what":"Retrieve contents field from {rosv} R6 object — get_content","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"Retrieve contents field {rosv} R6 object","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"","code":"get_content(x)"},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"x object made {rosv}.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"Values contained content field object (data.frame list).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"","code":"test <- RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN') get_content(test) #> NULL"},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":null,"dir":"Reference","previous_headings":"","what":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"Search OSV database, package name respective ecosystem, determine vulnerability ever listed. package listed impacted vulnerability may warrant queries investigate specific versions affected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"","code":"is_pkg_vulnerable(name, ecosystem, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"name Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"named vector logical values indicating vulnerabilities.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"","code":"if (FALSE) { # interactive() is_pkg_vulnerable(c('dask', 'dplyr'), c('PyPI', 'CRAN')) }"},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":null,"dir":"Reference","previous_headings":"","what":"Is object made from {rosv} R6 class — is_rosv","title":"Is object made from {rosv} R6 class — is_rosv","text":"Determine object {rosv} type R6 class","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Is object made from {rosv} R6 class — is_rosv","text":"","code":"is_rosv(x)"},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Is object made from {rosv} R6 class — is_rosv","text":"x Object check.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Is object made from {rosv} R6 class — is_rosv","text":"Boolean value based x R6 class made {rosv}.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Is object made from {rosv} R6 class — is_rosv","text":"","code":"is_rosv(RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN')) #> [1] TRUE"},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":null,"dir":"Reference","previous_headings":"","what":"Normalize package name to PyPI expectation — normalize_pypi_pkg","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"Perform package name formatting PyPI case insensitive long runs underscore, period, hyphens recognized (- --).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"","code":"normalize_pypi_pkg(pkg_name)"},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"pkg_name Character vector package names.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"Character vector normalized PyPI package names","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"","code":"normalize_pypi_pkg(c('Dask', 'TenSorFlow')) #> [1] \"dask\" \"tensorflow\""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":null,"dir":"Reference","previous_headings":"","what":"Count the number of reported vulnerabilities — osv_count_vulns","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"Search OSV database, package name respective ecosystem, count number discovered vulnerabilities listed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"","code":"osv_count_vulns(name, ecosystem, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"name Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"named vector numeric values indicating vulnerabilities.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"","code":"if (FALSE) { # interactive() osv_count_vulns(c('dask', 'dplyr'), c('PyPI', 'CRAN')) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":null,"dir":"Reference","previous_headings":"","what":"Download vulnerabilities from the OSV database — osv_download","title":"Download vulnerabilities from the OSV database — osv_download","text":"Use vulnerability IDs /ecosystem name download vulnerability files OSV GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Download vulnerabilities from the OSV database — osv_download","text":"","code":"osv_download( vuln_ids = NULL, ecosystem, parse = TRUE, cache = TRUE, download_only = FALSE ) .osv_download(vuln_ids = NULL, ecosystem, parse = TRUE, download_only = FALSE) .osv_download_cache( vuln_ids = NULL, ecosystem, parse = TRUE, download_only = FALSE )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Download vulnerabilities from the OSV database — osv_download","text":"vuln_ids Vector vulnerability IDs (optional). ecosystem Ecosystem package lives within (must set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. download_only Boolean value determine JSON files downloaded disk.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Download vulnerabilities from the OSV database — osv_download","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Download vulnerabilities from the OSV database — osv_download","text":"Although end-result similar API functions, one specifically downloads .zip .json files OSV GCS buckets. result, two main benefits. First, can download entire set vulnerabilities listed ecosystem. Second, options save vulnerability files disk. files saved R session's temp space, defined environment variable ROSV_CACHE_GLOBAL. ecosystems listed can downloaded. one ecosystem can provided time.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Download vulnerabilities from the OSV database — osv_download","text":".osv_download(): Internal function run osv_download without caching. .osv_download_cache(): Internal function run memoise cached version osv_download.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Download vulnerabilities from the OSV database — osv_download","text":"","code":"if (FALSE) { # interactive() vulns <- osv_download(\"RSEC-2023-8\", \"CRAN\") get_content(vulns) # Clean up try(clear_osv_cache()) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for individual package vulnerabilities — osv_query","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"connect OSV API query vulnerabilities specified packages. Unlike query functions, osv_query return content response object. default vulnerabilities returned versions package flagged OSV. can subset manually via parameter all_affected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"","code":"osv_query( name = NULL, version = NULL, ecosystem = NULL, all_affected = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"name Character vector package names. version Character vector package versions, NA ignoring versions. ecosystem Character vector ecosystem(s) within package(s) exist. all_affected Boolean value, TRUE return package results found per vulnerability discovered. cache Boolean value determine use cached version function API results. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"data.frame query results parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"Since query batchquery API endpoints different outputs, function align contents list vulnerabilities. 'query' meant flattening returned list ; 'batchquery' returned IDs used fetch additional vulnerability information flattened list. ecosystem parameter provided, vulnerabilities selection downloaded OSV database parsed tidied table. Since vulnerabilities can exist across ecosystems, all_affected may need set FALSE. Since OSV database organized vulnerability, returned content may duplicate package details package, possibly version, may occur within several different reported vulnerabilities. avoid behaviour, set all_affected parameter FALSE. Due variations formatting OSV API, responses versions associated response instead use ranges. Filtering currently apply field may return versions affected within ranges. suspect ranges used instead specific version codes, examine response object using lower-level functions like osv_query_1(). speed process large ecosystems can set future::plan() parallelization; respected via furrr package. default run sequentially. performance impacts allow mixed ecosystems queried. packages many vulnerabilities, can faster perform separately vulnerabilities can pulled individually. Alternative approaches may implemented future versions.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"","code":"if (FALSE) { # interactive() # Single package pkg_vul <- osv_query('dask', ecosystem = 'PyPI') # Batch query name_vec <- c('dask', 'dash') ecosystem_vec <- rep('PyPI', length(name_vec)) pkg_vul <- osv_query(name_vec, ecosystem = ecosystem_vec) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"Query OSV API vulnerabilities include individual package interest. request automatically constructed provided elements returned values parsed data.frame.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"","code":"osv_query_1( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_query_1( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_query_1_cache( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"name Name package. version Version package. ecosystem Ecosystem package lives within (must set using name). commit Commit hash query (use version set). purl URL package (use name ecosystem set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. ... Additional parameters passed nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":".osv_query_1(): Internal function run osv_query_1 without caching. .osv_query_1_cache(): Internal function run memoise cached version osv_query_1.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"","code":"if (FALSE) { # interactive() osv_query_1(commit = '6879efc2c1596d11a6a6ad296f80063b558d5e0f') }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"Using vector input information, query OSV API associated vulnerability ID.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"","code":"osv_querybatch( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_querybatch( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_querybatch_cache( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"name Name package. version Version package. ecosystem Ecosystem package lives within (must set using name). commit Commit hash query (use version set). purl URL package (use name ecosystem set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. ... Additional parameters passed nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"query constructed provided set vectors. Default NULL thereby empty/null JSON request. values vector missing, use NA. many queries, conversion formatted JSON request can parallelized via {future}. returned information vulnerability IDs modified fields , per API instruction.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":".osv_querybatch(): Internal function run osv_querybatch without caching. .osv_querybatch_cache(): Internal function run memoise cached version osv_querybatch.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"","code":"if (FALSE) { # interactive() osv_querybatch(c(\"commonmark\", \"dask\"), ecosystem = c('CRAN', 'PyPI')) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":null,"dir":"Reference","previous_headings":"","what":"Use OSV database to scan for vulnerabilities — osv_scan","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"Scan project based upon specified mode determine vulnerable packages detected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"","code":"osv_scan(mode, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"mode kind scan perform. ... Parameters passed specific underlying functions mode selected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"data.frame specifying packages vulnerable .","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"available scanning modes : 'r_project', 'renv', 'r_libath'. 'r_libpath' mode simply performs R project related scans . Emphasis placed scans R related content. Additional parsing scanning modes added time needed. mode exist particular purpose, alternate functions is_pkg_vulnerable() can used list package names ecosystems available OSV database.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"","code":"if (FALSE) { # interactive() osv_scan('r_libpath') }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerability information based on ID — osv_vulns","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"Use vulnerability IDs extract detailed information, usually paired osv_querybatch().","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"","code":"osv_vulns(vuln_ids, parse = TRUE, cache = TRUE) .osv_vulns(vuln_ids, parse = TRUE) .osv_vulns_cache(vuln_ids, parse = TRUE)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"vuln_ids Vector vulnerability IDs. parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":".osv_vulns(): Internal function run osv_vulns without caching. .osv_vulns_cache(): Internal function run memoise cached version osv_vulns.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"","code":"if (FALSE) { # interactive() vulns <- osv_vulns(\"RSEC-2023-8\") get_content(vulns) }"},{"path":"https://al-obrien.github.io/rosv/reference/rosv-package.html","id":null,"dir":"Reference","previous_headings":"","what":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","title":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","text":"Connect, query, operate information available 'Open Source Vulnerability' database https://osv.dev/. Although 'CRAN' vulnerabilities listed, compared projects 'PyPI'. tighter integration 'R' 'Python', 'R' specific package access details vulnerabilities various sources worthwhile enterprise.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/rosv-package.html","id":"author","dir":"Reference","previous_headings":"","what":"Author","title":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","text":"Maintainer: Allen OBrien allen.g.obrien@gmail.com [copyright holder]","code":""},{"path":[]},{"path":[]},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"new-features-0-5-0","dir":"Changelog","previous_headings":"","what":"New features","title":"rosv 0.5.0","text":"Implemented pagination core functionality low-level functions (e.g. RosvQueryBatch()) Add osv_scan() high-level function scan various components project (focused R project content) Add osv_count_vulns() return number vulnerabilities package associated osv_query() now central high level queries gains functionality via osv_download() access vulnerabilities ecosystem","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"breaking-changes-0-5-0","dir":"Changelog","previous_headings":"","what":"Breaking changes","title":"rosv 0.5.0","text":"Upgraded {httr2} 1.0.0 Upgraded tests {httptest2} 1.0.0 Overhaul download_osv() use R6 objects memoise core caching functionality, rename download_osv() osv_download() standardize names","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"minor-changes-improvements-and-fixes-0-5-0","dir":"Changelog","previous_headings":"","what":"Minor changes, improvements, and fixes","title":"rosv 0.5.0","text":"Use httr2::req_perform_sequential() RosvVulns() methods get build-helpers available purrr::map() alone Corrected input de-duplicated certain situations create_osv_list() Remove page_token parameter mid-level functions, handled low-level automatically Add groupings pkgdown reference tab Add example outputs getting started vignette Add missing R6 dependency specify specific minimum versions List creation functions now use data.frames specifically created osv_query() Allow filtering downloading vulnerability files ecosystem ecosystems vulnerability included (e.g. GHSA-gq4p-4hxv-5rg9) Package documentation Rd added","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-042","dir":"Changelog","previous_headings":"","what":"rosv 0.4.2","title":"rosv 0.4.2","text":"CRAN release: 2023-11-10 Initial CRAN release","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-030-2023-11-01","dir":"Changelog","previous_headings":"","what":"rosv 0.3.0 (2023-11-01)","title":"rosv 0.3.0 (2023-11-01)","text":"Overhaul docs, basic tests, helper functions Add caching mechanism","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-020-2023-10-28","dir":"Changelog","previous_headings":"","what":"rosv 0.2.0 (2023-10-28)","title":"rosv 0.2.0 (2023-10-28)","text":"Update use R6 back-end","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-010","dir":"Changelog","previous_headings":"","what":"rosv 0.1.0","title":"rosv 0.1.0","text":"Initial project commits.","code":""}] +[{"path":"https://al-obrien.github.io/rosv/LICENSE.html","id":null,"dir":"","previous_headings":"","what":"MIT License","title":"MIT License","text":"Copyright (c) 2023 rosv authors Permission hereby granted, free charge, person obtaining copy software associated documentation files (“Software”), deal Software without restriction, including without limitation rights use, copy, modify, merge, publish, distribute, sublicense, /sell copies Software, permit persons Software furnished , subject following conditions: copyright notice permission notice shall included copies substantial portions Software. SOFTWARE PROVIDED “”, WITHOUT WARRANTY KIND, EXPRESS IMPLIED, INCLUDING LIMITED WARRANTIES MERCHANTABILITY, FITNESS PARTICULAR PURPOSE NONINFRINGEMENT. EVENT SHALL AUTHORS COPYRIGHT HOLDERS LIABLE CLAIM, DAMAGES LIABILITY, WHETHER ACTION CONTRACT, TORT OTHERWISE, ARISING , CONNECTION SOFTWARE USE DEALINGS SOFTWARE.","code":""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"package-purpose","dir":"Articles","previous_headings":"","what":"Package purpose","title":"Introduction to rosv","text":"{rosv} package provides two core purposes: Access information Open Source Vulnerability (OSV) database. Operate vulnerability information create formatted lists package administration. Consequently, functions {rosv} relate querying downloading content OSV, parsing JSON content, generating tables lists regarding key information package vulnerabilities. OSV database specific R related repositories CRAN; users can access information ecosystem available OSV. R users also dabble Python, can search package vulnerabilities within PyPI repository remaining R interface.","code":""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"basic-examples","dir":"Articles","previous_headings":"","what":"Basic Examples","title":"Introduction to rosv","text":"following examples outline assortment package functionality first must load package!","code":"library(rosv)"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"detect-vulnerable-packages","dir":"Articles","previous_headings":"Basic Examples","what":"Detect vulnerable packages","title":"Introduction to rosv","text":"One simplest queries provide package ecosystem return TRUE/FALSE response informing package ever listed vulnerability. number vulnerabilities detected package can also queried.","code":"is_pkg_vulnerable(c('dask', 'dash'), ecosystem = c('PyPI', 'PyPI')) #> dask dash #> TRUE FALSE osv_count_vulns(c('dask', 'readxl', 'dplyr'), c('PyPI', 'CRAN', 'CRAN')) #> dask readxl dplyr #> 1 3 0"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"list-package-vulnerabilities","dir":"Articles","previous_headings":"Basic Examples","what":"List package vulnerabilities","title":"Introduction to rosv","text":"basic usage {rosv} pull versions ecosystem’s packages (e.g. PyPI CRAN) listed OSV database. can achieved using high-level functions osv_query() create_osv_list(). start can query one package PyPI vulnerabilities. Use OSV query generate sorted de-duplicated list just package name version. Pull entire set PyPI vulnerability data de-duplicate","code":"pkg_vul <- osv_query('dask', ecosystem = 'PyPI', all_affected = FALSE) pkg_tbl <- create_osv_list(pkg_vul, as.data.frame = TRUE) head(pkg_tbl, 3) #> name versions #> 1 dask 0.10.0 #> 2 dask 0.10.1 #> 3 dask 0.10.2 pkg_vul <- osv_query(ecosystem = 'PyPI', all_affected = FALSE) pypi_vul <- create_osv_list(pkg_vul, as.data.frame = FALSE, NA_value = ' ') head(pypi_vul, 3) #> [1] \"aaiohttp\\t \" \"accesscontrol\\t2.13.0\" \"accesscontrol\\t2.13.1\""},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"scan-an-r-project","dir":"Articles","previous_headings":"","what":"Scan an R project","title":"Introduction to rosv","text":"Packages discovered within R project ({renv} LOCK files installed packages .libPaths()) can parsed scanned directly using osv_scan(). data.frame returned package name logical value specifying vulnerability discovered OSV database. particular scanning mode exist, similar functionality can created package list associated version information passed is_pkg_vulnerable().","code":"osv_scan('r_project') #> name version ecosystem is_vul #> 1 commonmark 1.9.0 CRAN TRUE #> 2 jsonlite 1.8.7 CRAN TRUE #> 3 askpass 1.2.0 CRAN FALSE #> 4 base 4.3.1 CRAN FALSE"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"use-api-helpers-directly","dir":"Articles","previous_headings":"","what":"Use API helpers directly","title":"Introduction to rosv","text":"Lower-level functions return detail API request response contained within R6 object. flexible higher-level alternatives. default, results functions cached. can overriden specifying cache = FALSE. higher-level API query function osv_query() builds upon helpers align format returned content, making preferred choice typical use-cases.","code":"# Returns entire response object to parse as you please. osv_query_1('dask', ecosystem = 'PyPI') # Returns the vulnerability IDs for packages in list osv_querybatch('dask', ecosystem = 'PyPI') # Return vulnerabilities from different ecosystems as vectors osv_querybatch(c('dask', 'readxl'), ecosystem = c('PyPI', 'CRAN')) # Grab details by vulns ID osv_vulns('PYSEC-2021-387') # Download vulns for an ecosystem osv_download('PYSEC-2021-387', 'PyPI') osv_download(ecosystem = 'PyPI', download_only = TRUE)"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"result-caching","dir":"Articles","previous_headings":"","what":"Result caching","title":"Introduction to rosv","text":"default, results queries using API helpers (e.g. osv_query() osv_querybatch()) cache results using memoise::memoise(). caching can turned directly using function parameters globally reset using clear_osv_cache(). Caching default behavior help enforce polite access OSV API. clearing cache, vulnerability files saved disk temporary R session location also removed (refer environment variable ROSV_CACHE_GLOBAL).","code":"# Query without caching osv_query('dask', ecosystem = 'PyPI', cache = FALSE) # File will be saved to disk osv_download('PYSEC-2021-387', 'PyPI') # Clear cache, as needed clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/articles/rosv.html","id":"creating-a-cross-referenced-whitelist","dir":"Articles","previous_headings":"","what":"Creating a cross-referenced whitelist","title":"Introduction to rosv","text":"using product {miniCRAN} Posit Package Manager may corporate requirements limit packages users can install. Although whitelist often recommended, either specify exact versions approved exclude packages known vulnerabilities. Given sheer amount packages versions, often difficult. following method take vector packages (PyPI) cross-reference OSV database. packages identified either entirely dropped, specific versions flagged vulnerabilities excluded.","code":"# List of packages of interest python_pkg <- c('dask', 'dash', 'keras') # Create the xref whitelist xref_pkg_list <- create_xref_whitelist(python_pkg, ecosystem = 'PyPI', output_format = 'requirements.txt') # Output requirements.txt which can be used with PPM product writeLines(xref_pkg_list, file.path(tempdir(), 'requirements.txt'))"},{"path":"https://al-obrien.github.io/rosv/authors.html","id":null,"dir":"","previous_headings":"","what":"Authors","title":"Authors and Citation","text":"Allen OBrien. Author, maintainer, copyright holder.","code":""},{"path":"https://al-obrien.github.io/rosv/authors.html","id":"citation","dir":"","previous_headings":"","what":"Citation","title":"Authors and Citation","text":"OBrien (2023). rosv: Client Access Operate 'Open Source Vulnerability' API. R package version 0.5.0.9000, https://github.com/al-obrien/rosv, https://al-obrien.github.io/rosv/.","code":"@Manual{, title = {rosv: Client to Access and Operate on the 'Open Source Vulnerability' API}, author = {Allen OBrien}, year = {2023}, note = {R package version 0.5.0.9000, https://github.com/al-obrien/rosv}, url = {https://al-obrien.github.io/rosv/}, }"},{"path":[]},{"path":"https://al-obrien.github.io/rosv/index.html","id":"overview","dir":"","previous_headings":"","what":"Overview","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"{rosv} package API client Open Source Vulnerability (OSV) database. high low level functions available query database vulnerabilities package repositories across various open source ecosystems CRAN, Bioconductor, PyPI, many . Queries made OSV database useful check package vulnerabilities (including specific versions) enumerated package management files requirements.txt (Python) renv.lock (R). Checking valid query construction, API response pagination, parsing content handled {rosv}. Various helper functions assist administration Posit Package Manager similar services. Packages can routinely examined new vulnerabilities aide creation updating curated repositories well assigning block lists. details OSV project associated API can found : https://google.github.io/osv.dev/.","code":""},{"path":"https://al-obrien.github.io/rosv/index.html","id":"installation","dir":"","previous_headings":"","what":"Installation","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"latest development version, can install {rosv} GitHub:","code":"install.packages('rosv') library(rosv) remotes::install_github('al-obrien/rosv')"},{"path":"https://al-obrien.github.io/rosv/index.html","id":"basic-usage","dir":"","previous_headings":"","what":"Basic usage","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"fastest simplest way get started {rosv} use osv_query() function. Provide package name related ecosystem fetch identified vulnerabilities. Query multiple packages time across ecosystems. Return results packages provided others may part vulnerability. Download vulnerabilities listed ecosystem.","code":"osv_query('dask', ecosystem = 'PyPI') osv_query(c('dask', 'readxl', 'dplyr'), ecosystem = c('PyPI', 'CRAN', 'CRAN')) osv_query('apache-airflow', ecosystem = 'PyPI', all_affected = FALSE) osv_query(ecosystem = 'CRAN', all_affected = FALSE)"},{"path":"https://al-obrien.github.io/rosv/index.html","id":"development-notes","dir":"","previous_headings":"","what":"Development notes","title":"Client to Access and Operate on the Open Source Vulnerability API","text":"{rosv} leverages {httr2} {httptest2} core API client functionality uses R6 classes low-level interface OSV API. also plans types returned details parsing content.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Database Downloads — RosvDownload","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"R6 class provide lower-level interface download OSV database GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"R6 object operate data downloaded OSV GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"vulnerability IDs provided, entire set downloaded ecosystem's .zip file. JSON files downloaded R session's temporary folder dictated environment variable ROSV_CACHE_GLOBAL. Due similarity parsing process, simply inherits method parent class RosvQuery1. ecosystems listed can downloaded.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"rosv::RosvQuery1 -> RosvDownload","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"public-fields","dir":"Reference","previous_headings":"","what":"Public fields","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"osv_cache_dir Location cached vulnerability JSON files. content Content downloading vulnerabilities. time_stamp Time stamp associated run. date_stamp_hash Hashed date time stamp. ecosystem ecosystem used upon creation. vuln_ids vulnerability IDs, provided. request URLs request downloaded files.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"rosv::RosvQuery1$parse()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"RosvDownload$new() RosvDownload$download() RosvDownload$run() RosvDownload$print() RosvDownload$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$new(vuln_ids = NULL, ecosystem)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"vuln_ids Character vector vulnerability IDs. ecosystem Ecosystem package lives within (must set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-download-","dir":"Reference","previous_headings":"","what":"Method download()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Download vulnerabilities provided ecosystem disk, location recorded osv_cache_dir field. overwrite existing files cache.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$download()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Load vulnerabilities R session. entire contents vulnerability file loaded. Subsequent use parse() method shrink memory footprint contents carried across.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"usage-4","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"RosvDownload$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvDownload.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Database Downloads — RosvDownload","text":"","code":"query <- RosvDownload$new(ecosystem = 'CRAN') query #> Request(s) made to: https://osv-vulnerabilities.storage.googleapis.com/CRAN #> Save location: /tmp/RtmpFO5VEu/rosv/CRAN-c9cfa2da6b10c95f7c8f5187f44b4ab1 #> Object contents: NULL"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Query Endpoint — RosvQuery1","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"R6 class provide lower-level interface query endpoint OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"R6 object operate OSV query endpoint.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Pageination implemented via httr2::req_perform_iterative() private method extracting tokens automatically. initialized, page_token set NULL; token generated large results process handled internally. response object contain list returned responses formatting occurred. content field contain list vulnerabilities may parsed table format.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"public-fields","dir":"Reference","previous_headings":"","what":"Public fields","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"request Request object made httr2. content Body contents response OSV API. response Response object returned OSV API.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"RosvQuery1$new() RosvQuery1$run() RosvQuery1$parse() RosvQuery1$print() RosvQuery1$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$new( commit = NULL, version = NULL, name = NULL, ecosystem = NULL, purl = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"commit Commit hash query (use version set). version Version package. name Name package. ecosystem Ecosystem package lives within (must set using name). purl URL package (use name ecosystem set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-parse-","dir":"Reference","previous_headings":"","what":"Method parse()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Parse contents returned tidier format. Can use future plans help parallelize. contents parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$parse()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"usage-4","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"RosvQuery1$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQuery1.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Query Endpoint — RosvQuery1","text":"","code":"query <- RosvQuery1$new(commit = '6879efc2c1596d11a6a6ad296f80063b558d5e0f') query #> Request made to: NA #> Successful responses of total: NA #> Successful content size (bytes): NA"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"R6 class provide lower-level interface querybatch endpoint OSV API. Batches enforced process commit hash, purl, name+ecosystem. avoids confusion taken preferentially simplifies query creation.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"R6 object operate OSV querybatch endpoint.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Pageination implemented via httr2::req_perform_iterative() private method extracting tokens automatically. initialized, page_token set NULL; token generated large results process handled internally. response object contain list returned responses formatting occurred. content field contain list results vulnerabilities may parsed table format.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"rosv::RosvQuery1 -> RosvQueryBatch","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"rosv::RosvQuery1$print()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"RosvQueryBatch$new() RosvQueryBatch$run() RosvQueryBatch$parse() RosvQueryBatch$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$new( commit = NULL, version = NULL, name = NULL, ecosystem = NULL, purl = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"commit Commit hash query (use version set). version Version package. name Name package. ecosystem Ecosystem package lives within (must set using name). purl URL package (use name ecosystem set).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-parse-","dir":"Reference","previous_headings":"","what":"Method parse()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"Parse contents returned tidier format.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$parse()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"details-1","dir":"Reference","previous_headings":"","what":"Details","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"result found, empty list returned API, parsing dropped list flattened. However, index list still accessible dropped items can easily identified results column. contents parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"RosvQueryBatch$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvQueryBatch.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Querybatch Endpoint — RosvQueryBatch","text":"","code":"pkgs <- c('jinja2', 'dask') ecosystem <- rep('PyPI', length(pkgs)) batchquery <- RosvQueryBatch$new(name = pkgs, ecosystem = ecosystem) batchquery #> Request made to: NA #> Successful responses of total: NA #> Successful content size (bytes): NA"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":null,"dir":"Reference","previous_headings":"","what":"R6 Class for OSV Vulns Endpoint — RosvVulns","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"R6 class provide lower-level interface vulnerability endpoint OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"R6 object operate OSV vulns endpoint.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"super-class","dir":"Reference","previous_headings":"","what":"Super class","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"rosv::RosvQuery1 -> RosvVulns","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"methods","dir":"Reference","previous_headings":"","what":"Methods","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"rosv::RosvQuery1$parse()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"public-methods","dir":"Reference","previous_headings":"","what":"Public methods","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"RosvVulns$new() RosvVulns$run() RosvVulns$print() RosvVulns$clone()","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-new-","dir":"Reference","previous_headings":"","what":"Method new()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Set core request details subsequent use called run() method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$new(vuln_ids)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"vuln_ids Character vector vulnerability IDs.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-run-","dir":"Reference","previous_headings":"","what":"Method run()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Perform request return response OSV API call.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-1","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$run()"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-print-","dir":"Reference","previous_headings":"","what":"Method print()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"Print basic details query object screen.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-2","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$print(...)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments-1","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"... Reserved possible future use.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"method-clone-","dir":"Reference","previous_headings":"","what":"Method clone()","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"objects class cloneable method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"usage-3","dir":"Reference","previous_headings":"","what":"Usage","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"RosvVulns$clone(deep = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"arguments-2","dir":"Reference","previous_headings":"","what":"Arguments","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"deep Whether make deep clone.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/RosvVulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"R6 Class for OSV Vulns Endpoint — RosvVulns","text":"","code":"vulns <- RosvVulns$new(c('RSEC-2023-6', 'GHSA-jq35-85cj-fj4p')) vulns #> Request made to: NA #> Response status of: NA"},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":null,"dir":"Reference","previous_headings":"","what":"Check input against possible ecosystems available — check_ecosystem","title":"Check input against possible ecosystems available — check_ecosystem","text":"Internal function ensures inputs ecosystem valid based upon available OSV database.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Check input against possible ecosystems available — check_ecosystem","text":"","code":"check_ecosystem(ecosystem, suppressMessages = TRUE)"},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Check input against possible ecosystems available — check_ecosystem","text":"ecosystem Character value ecosystem(s) check. suppressMessages Boolean value whether suppress messages.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Check input against possible ecosystems available — check_ecosystem","text":"character vector, input valid ecosystem names.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/check_ecosystem.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Check input against possible ecosystems available — check_ecosystem","text":"attempt grab latest file cache current R session. session access online version, use local copy shipped package.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":null,"dir":"Reference","previous_headings":"","what":"Reset cached results of OSV calls — clear_osv_cache","title":"Reset cached results of OSV calls — clear_osv_cache","text":"thin wrapper around forget clear cached results deletes cached files ROSV_CACHE_GLOBAL environment variable location.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Reset cached results of OSV calls — clear_osv_cache","text":"","code":"clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Reset cached results of OSV calls — clear_osv_cache","text":"Invisibly returns logical value TRUE cache cleared without error.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/clear_osv_cache.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Reset cached results of OSV calls — clear_osv_cache","text":"","code":"clear_osv_cache()"},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":null,"dir":"Reference","previous_headings":"","what":"Copy a {rosv} object — copy_rosv","title":"Copy a {rosv} object — copy_rosv","text":"Create copy {rosv} R6 class objects ensure original also updated future changes.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Copy a {rosv} object — copy_rosv","text":"","code":"copy_rosv(x, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Copy a {rosv} object — copy_rosv","text":"x Object copy. ... Additional parameters sent R6's clone method.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Copy a {rosv} object — copy_rosv","text":"R6 class object.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Copy a {rosv} object — copy_rosv","text":"Since R6 classes reference semantics, escape updating original objects clone can made function.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/copy_rosv.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Copy a {rosv} object — copy_rosv","text":"","code":"original_obj <- RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN') new_obj <- copy_rosv(original_obj)"},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":null,"dir":"Reference","previous_headings":"","what":"List packages identified in the OSV database — create_osv_list","title":"List packages identified in the OSV database — create_osv_list","text":"Create list package names versions based upon vulnerabilities discovered OSV database using osv_query.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"List packages identified in the OSV database — create_osv_list","text":"","code":"create_osv_list( rosv_query = NULL, as.data.frame = TRUE, sort = TRUE, delim = \"\\t\", NA_value = NULL )"},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"List packages identified in the OSV database — create_osv_list","text":"rosv_query table vulnerabilities (created via osv_query()). .data.frame Boolean value determine data.frame returned. sort Boolean value determine results sorted name version. delim deliminator separate package version details (ignored .data.frame set TRUE). NA_value Character value replace missing versions (typically means versions impacted).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"List packages identified in the OSV database — create_osv_list","text":"data.frame() vector object containing package version details.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"List packages identified in the OSV database — create_osv_list","text":"Requires object type rosv_query created osv_query. can selection packages vulnerabilities ecosystem. Depending use-case, users may prefer vector based output pairs package names versions separated provided value. Since name versions returned, one ecosystem can operated time. Please note, default behaviour osv_query() return packages (versions) across ecosystems associated discovered vulnerabilities. package discovered across several vulnerabilities listed multiple times, default, returned content. Unlike osv_query(), create_osv_list() sort return unique set packages. circumstances, users create rosv_query (via osv_query()) all_affected parameter set FALSE package names interest returned.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/create_osv_list.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"List packages identified in the OSV database — create_osv_list","text":"","code":"if (FALSE) { # interactive() # List of a few PyPI packages in data.frame output pypi_query <- osv_query(c('dask', 'dash', 'aaiohttp'), ecosystem = rep('PyPI', 3), all_affected = FALSE) pypi_vul <- create_osv_list(pypi_query) file_name1 <- file.path(tempdir(), 'pypi_vul.csv') writeLines(pypi_vul, file_name1) # All CRAN vulns in vector output cran_query <- osv_query(ecosystem = 'CRAN', all_affected = FALSE) cran_vul <- create_osv_list(cran_query, as.data.frame = FALSE, delim = ',') file_name2 <- file.path(tempdir(), 'cran_vul.csv') writeLines(cran_vul, file_name2) # Clean up try(unlink(c(file_name1, file_name2))) }"},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":null,"dir":"Reference","previous_headings":"","what":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Use OSV data accessed via osv_query create blacklist (.e. blocklist) commands Posit Package Manager product.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"","code":"create_ppm_blacklist(rosv_query, flags = NULL)"},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"rosv_query table vulnerabilities (created via osv_query()). flags Global flag append commands.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Character vector containing blacklist commands.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"Although OSV many databases open source software, function relevant CRAN/Bioconductor PyPI. ensure blacklist applied appropriate target, encouraged specify name source used configuration additional flag parameter (see examples). one ecosystem can used time ensure mix packages across ecosystems applied incompatible sources.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_ppm_blacklist.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Create blacklist commands for Posit Package Manager — create_ppm_blacklist","text":"","code":"if (FALSE) { # interactive() # Blacklist all CRAN package versions with a listed vulnerability cran_vul <- osv_query(ecosystem = 'CRAN', all_affected = FALSE) cmd_blist <- create_ppm_blacklist(cran_vul, flags = '--source=cran') }"},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":null,"dir":"Reference","previous_headings":"","what":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"Search package names vulnerability information selectively drop packages define specific versions used curated repository.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"","code":"create_xref_whitelist(packages, ecosystem, output_format = NULL)"},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"packages Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. output_format Type output create (default NULL data.frame).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"data.frame character vector containing cross-referenced packages.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"Note version suffixes may compatibility issues. example, use *-git suffix may recognized may need dropped. details PyPI package version naming see https://peps.python.org/pep-0440/. Due variations formatting OSV API, responses versions associated directly compatible function. Although default output data.frame, PyPI packages requirements.txt format can created defines versions allowed based upon cross-referencing performed. can useful curating repositories Posit Package Manager.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/create_xref_whitelist.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Cross reference a whitelist of packages to a vulnerability database — create_xref_whitelist","text":"","code":"if (FALSE) { # interactive() # Return xref dataset for CRAN package selection cran_pkg <- c('readxl', 'dplyr') cran_xref <- create_xref_whitelist(cran_pkg, ecosystem = 'CRAN') # Create a requirements.txt with excluded versions python_pkgs <- c('dask', 'aaiohttp', 'keras') xref_pkg_list <- create_xref_whitelist(python_pkgs, ecosystem = 'PyPI', output_format = 'requirements.txt') file_name <- file.path(tempdir(), 'requirements.txt') writeLines(xref_pkg_list, file_name) # Clean up try(unlink(file_name)) }"},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":null,"dir":"Reference","previous_headings":"","what":"Fetch all available ecosystems — fetch_ecosystems","title":"Fetch all available ecosystems — fetch_ecosystems","text":"Internal function used fetch available ecosystems OSV API.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Fetch all available ecosystems — fetch_ecosystems","text":"","code":"fetch_ecosystems(offline = FALSE, refresh = FALSE)"},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Fetch all available ecosystems — fetch_ecosystems","text":"offline Boolean, determine using list bundled package. refresh Boolean, force refresh cache using online list.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Fetch all available ecosystems — fetch_ecosystems","text":"data.frame containing ecosystem names available OSV database.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/fetch_ecosystems.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Fetch all available ecosystems — fetch_ecosystems","text":"refresh parameter can used force data pulled even one available cached location. Since fresh pull performed R session, unlikely parameter required primarily reserved future use functionality necessitates.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":null,"dir":"Reference","previous_headings":"","what":"Retrieve contents field from {rosv} R6 object — get_content","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"Retrieve contents field {rosv} R6 object","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"","code":"get_content(x)"},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"x object made {rosv}.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"Values contained content field object (data.frame list).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/get_content.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Retrieve contents field from {rosv} R6 object — get_content","text":"","code":"test <- RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN') get_content(test) #> NULL"},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":null,"dir":"Reference","previous_headings":"","what":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"Search OSV database, package name respective ecosystem, determine vulnerability ever listed. package listed impacted vulnerability may warrant queries investigate specific versions affected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"","code":"is_pkg_vulnerable(name, ecosystem, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"name Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"named vector logical values indicating vulnerabilities.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_pkg_vulnerable.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Detect if package within ecosystem has reported vulnerabilities — is_pkg_vulnerable","text":"","code":"if (FALSE) { # interactive() is_pkg_vulnerable(c('dask', 'dplyr'), c('PyPI', 'CRAN')) }"},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":null,"dir":"Reference","previous_headings":"","what":"Is object made from {rosv} R6 class — is_rosv","title":"Is object made from {rosv} R6 class — is_rosv","text":"Determine object {rosv} type R6 class","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Is object made from {rosv} R6 class — is_rosv","text":"","code":"is_rosv(x)"},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Is object made from {rosv} R6 class — is_rosv","text":"x Object check.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Is object made from {rosv} R6 class — is_rosv","text":"Boolean value based x R6 class made {rosv}.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/is_rosv.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Is object made from {rosv} R6 class — is_rosv","text":"","code":"is_rosv(RosvQuery1$new(name = 'readxl', ecosystem = 'CRAN')) #> [1] TRUE"},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":null,"dir":"Reference","previous_headings":"","what":"Normalize package name to PyPI expectation — normalize_pypi_pkg","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"Perform package name formatting PyPI case insensitive long runs underscore, period, hyphens recognized (- --).","code":""},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"","code":"normalize_pypi_pkg(pkg_name)"},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"pkg_name Character vector package names.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"Character vector normalized PyPI package names","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/normalize_pypi_pkg.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Normalize package name to PyPI expectation — normalize_pypi_pkg","text":"","code":"normalize_pypi_pkg(c('Dask', 'TenSorFlow')) #> [1] \"dask\" \"tensorflow\""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":null,"dir":"Reference","previous_headings":"","what":"Count the number of reported vulnerabilities — osv_count_vulns","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"Search OSV database, package name respective ecosystem, count number discovered vulnerabilities listed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"","code":"osv_count_vulns(name, ecosystem, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"name Character vector package names. ecosystem Character vector ecosystem(s) within package(s) exist. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"named vector numeric values indicating vulnerabilities.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_count_vulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Count the number of reported vulnerabilities — osv_count_vulns","text":"","code":"if (FALSE) { # interactive() osv_count_vulns(c('dask', 'dplyr'), c('PyPI', 'CRAN')) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":null,"dir":"Reference","previous_headings":"","what":"Download vulnerabilities from the OSV database — osv_download","title":"Download vulnerabilities from the OSV database — osv_download","text":"Use vulnerability IDs /ecosystem name download vulnerability files OSV GCS buckets.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Download vulnerabilities from the OSV database — osv_download","text":"","code":"osv_download( vuln_ids = NULL, ecosystem, parse = TRUE, cache = TRUE, download_only = FALSE ) .osv_download(vuln_ids = NULL, ecosystem, parse = TRUE, download_only = FALSE) .osv_download_cache( vuln_ids = NULL, ecosystem, parse = TRUE, download_only = FALSE )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Download vulnerabilities from the OSV database — osv_download","text":"vuln_ids Vector vulnerability IDs (optional). ecosystem Ecosystem package lives within (must set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. download_only Boolean value determine JSON files downloaded disk.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Download vulnerabilities from the OSV database — osv_download","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Download vulnerabilities from the OSV database — osv_download","text":"Although end-result similar API functions, one specifically downloads .zip .json files OSV GCS buckets. result, two main benefits. First, can download entire set vulnerabilities listed ecosystem. Second, options save vulnerability files disk. files saved R session's temp space, defined environment variable ROSV_CACHE_GLOBAL. ecosystems listed can downloaded. one ecosystem can provided time.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Download vulnerabilities from the OSV database — osv_download","text":".osv_download(): Internal function run osv_download without caching. .osv_download_cache(): Internal function run memoise cached version osv_download.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_download.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Download vulnerabilities from the OSV database — osv_download","text":"","code":"if (FALSE) { # interactive() vulns <- osv_download(\"RSEC-2023-8\", \"CRAN\") get_content(vulns) # Clean up try(clear_osv_cache()) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for individual package vulnerabilities — osv_query","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"connect OSV API query vulnerabilities specified packages. Unlike query functions, osv_query return content response object. default vulnerabilities returned versions package flagged OSV. can subset manually via parameter all_affected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"","code":"osv_query( name = NULL, version = NULL, ecosystem = NULL, all_affected = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"name Character vector package names. version Character vector package versions, NA ignoring versions. ecosystem Character vector ecosystem(s) within package(s) exist. all_affected Boolean value, TRUE return package results found per vulnerability discovered. cache Boolean value determine use cached version function API results. ... parameters pass nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"data.frame query results parsed.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"Since query batchquery API endpoints different outputs, function align contents list vulnerabilities. 'query' meant flattening returned list ; 'batchquery' returned IDs used fetch additional vulnerability information flattened list. ecosystem parameter provided, vulnerabilities selection downloaded OSV database parsed tidied table. Since vulnerabilities can exist across ecosystems, all_affected may need set FALSE. Since OSV database organized vulnerability, returned content may duplicate package details package, possibly version, may occur within several different reported vulnerabilities. avoid behaviour, set all_affected parameter FALSE. Due variations formatting OSV API, responses versions associated response instead use ranges. Filtering currently apply field may return versions affected within ranges. suspect ranges used instead specific version codes, examine response object using lower-level functions like osv_query_1(). speed process large ecosystems can set future::plan() parallelization; respected via furrr package. default run sequentially. performance impacts allow mixed ecosystems queried. packages many vulnerabilities, can faster perform separately vulnerabilities can pulled individually. Alternative approaches may implemented future versions.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_query.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for individual package vulnerabilities — osv_query","text":"","code":"if (FALSE) { # interactive() # Single package pkg_vul <- osv_query('dask', ecosystem = 'PyPI') # Batch query name_vec <- c('dask', 'dash') ecosystem_vec <- rep('PyPI', length(name_vec)) pkg_vul <- osv_query(name_vec, ecosystem = ecosystem_vec) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"Query OSV API vulnerabilities include individual package interest. request automatically constructed provided elements returned values parsed data.frame.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"","code":"osv_query_1( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_query_1( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_query_1_cache( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"name Name package. version Version package. ecosystem Ecosystem package lives within (must set using name). commit Commit hash query (use version set). purl URL package (use name ecosystem set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. ... Additional parameters passed nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":".osv_query_1(): Internal function run osv_query_1 without caching. .osv_query_1_cache(): Internal function run memoise cached version osv_query_1.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_query_1.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerabilities based upon an individual package — osv_query_1","text":"","code":"if (FALSE) { # interactive() osv_query_1(commit = '6879efc2c1596d11a6a6ad296f80063b558d5e0f') }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"Using vector input information, query OSV API associated vulnerability ID.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"","code":"osv_querybatch( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_querybatch( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... ) .osv_querybatch_cache( name = NULL, version = NULL, ecosystem = NULL, commit = NULL, purl = NULL, parse = TRUE, cache = TRUE, ... )"},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"name Name package. version Version package. ecosystem Ecosystem package lives within (must set using name). commit Commit hash query (use version set). purl URL package (use name ecosystem set). parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results. ... Additional parameters passed nested functions.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"query constructed provided set vectors. Default NULL thereby empty/null JSON request. values vector missing, use NA. many queries, conversion formatted JSON request can parallelized via {future}. returned information vulnerability IDs modified fields , per API instruction.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":".osv_querybatch(): Internal function run osv_querybatch without caching. .osv_querybatch_cache(): Internal function run memoise cached version osv_querybatch.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_querybatch.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerabilities given a vector of packages — osv_querybatch","text":"","code":"if (FALSE) { # interactive() osv_querybatch(c(\"commonmark\", \"dask\"), ecosystem = c('CRAN', 'PyPI')) }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":null,"dir":"Reference","previous_headings":"","what":"Use OSV database to scan for vulnerabilities — osv_scan","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"Scan project based upon specified mode determine vulnerable packages detected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"","code":"osv_scan(mode, ...)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"mode kind scan perform. ... Parameters passed specific underlying functions mode selected.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"data.frame specifying packages vulnerable .","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"details","dir":"Reference","previous_headings":"","what":"Details","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"available scanning modes : 'r_project', 'renv', 'r_libath'. 'r_libpath' mode simply performs R project related scans . Emphasis placed scans R related content. Additional parsing scanning modes added time needed. mode exist particular purpose, alternate functions is_pkg_vulnerable() can used list package names ecosystems available OSV database.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/osv_scan.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Use OSV database to scan for vulnerabilities — osv_scan","text":"","code":"if (FALSE) { # interactive() osv_scan('r_libpath') }"},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":null,"dir":"Reference","previous_headings":"","what":"Query OSV API for vulnerability information based on ID — osv_vulns","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"Use vulnerability IDs extract detailed information, usually paired osv_querybatch().","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"ref-usage","dir":"Reference","previous_headings":"","what":"Usage","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"","code":"osv_vulns(vuln_ids, parse = TRUE, cache = TRUE) .osv_vulns(vuln_ids, parse = TRUE) .osv_vulns_cache(vuln_ids, parse = TRUE)"},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"arguments","dir":"Reference","previous_headings":"","what":"Arguments","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"vuln_ids Vector vulnerability IDs. parse Boolean value set content field parsed JSON list format. cache Boolean value determine use cached version function API results.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"value","dir":"Reference","previous_headings":"","what":"Value","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"R6 object containing API query contents.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"functions","dir":"Reference","previous_headings":"","what":"Functions","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":".osv_vulns(): Internal function run osv_vulns without caching. .osv_vulns_cache(): Internal function run memoise cached version osv_vulns.","code":""},{"path":"https://al-obrien.github.io/rosv/reference/osv_vulns.html","id":"ref-examples","dir":"Reference","previous_headings":"","what":"Examples","title":"Query OSV API for vulnerability information based on ID — osv_vulns","text":"","code":"if (FALSE) { # interactive() vulns <- osv_vulns(\"RSEC-2023-8\") get_content(vulns) }"},{"path":"https://al-obrien.github.io/rosv/reference/rosv-package.html","id":null,"dir":"Reference","previous_headings":"","what":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","title":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","text":"Connect, query, operate information available 'Open Source Vulnerability' database https://osv.dev/. Although 'CRAN' vulnerabilities listed, compared projects 'PyPI'. tighter integration 'R' 'Python', 'R' specific package access details vulnerabilities various sources worthwhile enterprise.","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/reference/rosv-package.html","id":"author","dir":"Reference","previous_headings":"","what":"Author","title":"rosv: Client to Access and Operate on the 'Open Source Vulnerability' API — rosv-package","text":"Maintainer: Allen OBrien allen.g.obrien@gmail.com [copyright holder]","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-development-version","dir":"Changelog","previous_headings":"","what":"rosv (development version)","title":"rosv (development version)","text":"Missing :: functions (e.g. purrr::list_rbind())","code":""},{"path":[]},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"new-features-0-5-0","dir":"Changelog","previous_headings":"","what":"New features","title":"rosv 0.5.0","text":"Implemented pagination core functionality low-level functions (e.g. RosvQueryBatch()) Add osv_scan() high-level function scan various components project (focused R project content) Add osv_count_vulns() return number vulnerabilities package associated osv_query() now central high level queries gains functionality via osv_download() access vulnerabilities ecosystem","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"breaking-changes-0-5-0","dir":"Changelog","previous_headings":"","what":"Breaking changes","title":"rosv 0.5.0","text":"Upgraded {httr2} 1.0.0 Upgraded tests {httptest2} 1.0.0 Overhaul download_osv() use R6 objects memoise core caching functionality, rename download_osv() osv_download() standardize names","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"minor-changes-improvements-and-fixes-0-5-0","dir":"Changelog","previous_headings":"","what":"Minor changes, improvements, and fixes","title":"rosv 0.5.0","text":"Use httr2::req_perform_sequential() RosvVulns() methods get build-helpers available purrr::map() alone Corrected input de-duplicated certain situations create_osv_list() Remove page_token parameter mid-level functions, handled low-level automatically Add groupings pkgdown reference tab Add example outputs getting started vignette Add missing R6 dependency specify specific minimum versions List creation functions now use data.frames specifically created osv_query() Allow filtering downloading vulnerability files ecosystem ecosystems vulnerability included (e.g. GHSA-gq4p-4hxv-5rg9) Package documentation Rd added","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-042","dir":"Changelog","previous_headings":"","what":"rosv 0.4.2","title":"rosv 0.4.2","text":"CRAN release: 2023-11-10 Initial CRAN release","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-030-2023-11-01","dir":"Changelog","previous_headings":"","what":"rosv 0.3.0 (2023-11-01)","title":"rosv 0.3.0 (2023-11-01)","text":"Overhaul docs, basic tests, helper functions Add caching mechanism","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-020-2023-10-28","dir":"Changelog","previous_headings":"","what":"rosv 0.2.0 (2023-10-28)","title":"rosv 0.2.0 (2023-10-28)","text":"Update use R6 back-end","code":""},{"path":"https://al-obrien.github.io/rosv/news/index.html","id":"rosv-010","dir":"Changelog","previous_headings":"","what":"rosv 0.1.0","title":"rosv 0.1.0","text":"Initial project commits.","code":""}]