feat: support checking if versions exist in crates.io

Signed-off-by: Gareth Jones <[email protected]>

Author: G-Rath

tools/osv-linter/internal/pkgchecker/ecosystems.go

@@ -133,7 +133,7 @@ func VersionsExistInEcosystem(pkg string, versions []string, ecosystem string) e
 	case "CRAN":
 		return nil
 	case "crates.io":
-		return nil
+		return versionsExistInCrates(pkg, versions)
 	case "Debian":
 		return nil
 	case "GIT":

tools/osv-linter/internal/pkgchecker/ecosystems_test.go

@@ -2,6 +2,70 @@ package pkgchecker
 
 import "testing"
 
+func Test_versionsExistInCrates(t *testing.T) {
+	t.Parallel()
+
+	type args struct {
+		pkg      string
+		versions []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "multiple_versions_which_all_exist",
+			args: args{
+				pkg:      "defmt",
+				versions: []string{"0.0.0", "0.3.0", "0.3.100-rc.1", "1.0.0-rc.1", "1.0.1"},
+			},
+			wantErr: false,
+		},
+		{
+			name: "multiple_versions_with_one_that_does_not_exist",
+			args: args{
+				pkg:      "defmt",
+				versions: []string{"1.1", "0.3.6-beta", "1.1.2"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "an_invalid_version",
+			args: args{
+				pkg:      "defmt",
+				versions: []string{"!"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "an_invalid_package",
+			args: args{
+				pkg:      "!",
+				versions: []string{"1.0.0"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "a_package_that_does_not_exit",
+			args: args{
+				pkg:      "not-a-real-package-hopefully",
+				versions: []string{"1.0.0"},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			if err := versionsExistInCrates(tt.args.pkg, tt.args.versions); (err != nil) != tt.wantErr {
+				t.Errorf("versionsExistInCrates() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
 func Test_versionsExistInGo(t *testing.T) {
 	type args struct {
 		pkg      string
@@ -115,52 +179,26 @@ func Test_versionsExistInNpm(t *testing.T) {
 		wantErr bool
 	}{
 		{
-			name: "multiple_versions_which_all_exist",
+			name: "an unreleased package",
 			args: args{
-				pkg:      "semver",
-				versions: []string{"1.0.1", "2.0.0-beta", "5.7.1"},
+				pkg:      "github.com/nanobox-io/golang-nanoauth",
+				versions: nil,
 			},
 			wantErr: false,
 		},
 		{
-			name: "multiple_versions_with_one_that_does_not_exist",
-			args: args{
-				pkg:      "semver",
-				versions: []string{"1.1", "2.0.0-beta1", "3.1.5", "5.1rc1"},
-			},
-			wantErr: true,
-		},
-		{
-			name: "an_invalid_version",
-			args: args{
-				pkg:      "semver",
-				versions: []string{"!"},
-			},
-			wantErr: true,
-		},
-		{
-			name: "an_invalid_package",
-			args: args{
-				pkg:      "!",
-				versions: []string{"1.0.0"},
-			},
-			wantErr: true,
-		},
-		{
-			name: "a_package_that_does_not_exit",
+			name: "a released package",
 			args: args{
-				pkg:      "not-a-real-package-hopefully",
-				versions: []string{"1.0.0"},
+				pkg:      "github.com/oauth2-proxy/oauth2-proxy",
+				versions: []string{"1.1.1"},
 			},
-			wantErr: true,
+			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			t.Parallel()
-
-			if err := versionsExistInNpm(tt.args.pkg, tt.args.versions); (err != nil) != tt.wantErr {
-				t.Errorf("versionsExistInNpm() error = %v, wantErr %v", err, tt.wantErr)
+			if err := versionsExistInGo(tt.args.pkg, tt.args.versions); (err != nil) != tt.wantErr {
+				t.Errorf("versionsExistInGo() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}

tools/osv-linter/internal/pkgchecker/version_check.go

@@ -72,6 +72,19 @@ func versionsExistInGeneric(
 	return nil
 }
 
+// Confirm that all specified versions of a package exist in crates.io.
+func versionsExistInCrates(pkg string, versions []string) error {
+	// https://crates.io/api/v1/crates/A-Mazed
+	packageInstanceURL := fmt.Sprintf("%s/%s", EcosystemBaseURLs["crates.io"], pkg)
+
+	return versionsExistInGeneric(
+		pkg, versions,
+		"crates.io",
+		packageInstanceURL,
+		"versions", "num",
+	)
+}
+
 // Confirm that all specified versions of a package exist in Go.
 func versionsExistInGo(pkg string, versions []string) error {
 	if pkg == "stdlib" || pkg == "toolchain" {