NAME

Net::OSV - search known vulnerabilities on the Open Source Vulnerabilities Database (OSV)

SYNOPSIS

use Net::OSV;

my $osv = Net::OSV->new;

my @vulns = $osv->query( commit => '6879efc2c1596d11a6a6ad296f80063b558d5e0f' );

@vulns = $osv->query(
    package => { ecosystem => 'Debian:10', name => 'imagemagick' },
);

say $vulns[0]{details};

DESCRIPTION

This modules provides a Perl interface to the Open Source Vulnerabilities Database (OSV) , allowing developers to search and retrieve vulnerability and security advisory information from many open source projects and ecosystems.

METHODS

new()

my $osv = Net::OSV->new;

Instantiates a new object.

query( %options )

Returns a list with the vulnerabilities matching a search criteria.

  • commit - search for a specific commit hash. If specified, version should not be set.

  • version - version string to query for. A fuzzy match is done against upstream versions. If specified, commit should not be set.

  • package - a hashref containing any combinations of the keys name, ecosystem and purland their desired values. You can find the current list of ecosystems here.

NOTE: if you use 'commit', you cannot set 'version' (and vice-versa). Also, the 'package' is optional when you use 'commit'.

Please refer to OSV API Specification for more information on the search parameters above.

query_batch( @queries )

my @vulns = $osv->query_batch(
  { package => { ecosystem => 'Debian:10', name => 'imagemagick' } },
  { package => { ecosystem => 'npm', name => 'm.static' } },
  { package => { name => 'redis' }, version => '4.0.0' },
  { commit  => '6879efc2c1596d11a6a6ad296f80063b558d5e0f' },
);

Same as query() above, but lets you make several distinct queries at once. Returns a list of result objects, in the same order of the queries. NOTE in batch queries, only the 'vulnerability id' and 'modified' fields are returned.

vuln( $id )

my $details = $osv->vuln( 'OSV-2020-111' );

Returns vulnerability information related to the given vulnerability id.

LICENSE AND COPYRIGHT

Copyright 2023- Breno G. de Oliveira <garu at cpan.org>. All rights reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.

This product uses data from the Open Source Vulnerabilities Database (OSV) but is not endorsed or certified by the OSV.

DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENSE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.