Skip to contents

List packages identified in the OSV database

Source: R/create_lists.R
create_osv_list.Rd

Create a list of package names and versions based upon vulnerabilities discovered in the OSV database using osv_query.

Usage

create_osv_list(
  rosv_query = NULL,
  as.data.frame = TRUE,
  sort = TRUE,
  delim = "\t",
  NA_value = NULL
)

Arguments

rosv_query

A table of vulnerabilities (created via osv_query()).

as.data.frame

Boolean value to determine if a data.frame should be returned.

sort

Boolean value to determine if results should be sorted by name and version.

delim

The deliminator to separate the package and version details (ignored if as.data.frame set to TRUE).

NA_value

Character value to replace missing versions (typically means all versions impacted).

Value

A data.frame() or vector object containing the package and version details.

Details

Requires an object of type rosv_query created by osv_query. This can be a selection of packages or all vulnerabilities for an ecosystem. Depending on use-case, users may prefer the vector based output with pairs of package names and versions separated by a provided value. Since only name and versions are returned, only one ecosystem can be operated on at a time.

Please note, the default behaviour of osv_query() is to return all packages (and versions) across ecosystems associated with discovered vulnerabilities. If a package is discovered across several vulnerabilities it will be listed multiple times, by default, in the returned content. Unlike osv_query(), create_osv_list() will further sort and return a unique set of packages. In most circumstances, users will create the rosv_query (via osv_query()) with the all_affected parameter set to FALSE so that only the package names of interest are returned.

See also

osv_query

Examples

if (FALSE) { # interactive()

# List of a few PyPI packages in data.frame output
pypi_query <- osv_query(c('dask', 'dash', 'aaiohttp'),
                        ecosystem = rep('PyPI', 3),
                        all_affected = FALSE)
pypi_vul <- create_osv_list(pypi_query)
file_name1 <- file.path(tempdir(), 'pypi_vul.csv')
writeLines(pypi_vul, file_name1)

# All CRAN vulns in vector output
cran_query <- osv_query(ecosystem = 'CRAN', all_affected = FALSE)
cran_vul <- create_osv_list(cran_query, as.data.frame = FALSE, delim = ',')
file_name2 <- file.path(tempdir(), 'cran_vul.csv')
writeLines(cran_vul, file_name2)

# Clean up
try(unlink(c(file_name1, file_name2)))
}