feat: support checking if packages exist for CRAN (#399)

Signed-off-by: Gareth Jones <3151613+G-Rath@users.noreply.github.com>

Author: G-Rath

tools/osv-linter/internal/pkgchecker/ecosystems.go

@@ -21,6 +21,7 @@ var SupportedEcosystems = []string{
 
 // EcosystemBaseURLs maps ecosystems to their base API URLs.
 var EcosystemBaseURLs = map[string]string{
+	"CRAN":      "https://crandb.r-pkg.org/",
 	"crates.io": "https://crates.io/api/v1/crates",
 	"Go":        "https://proxy.golang.org",
 	"Hackage":   "https://hackage.haskell.org/package",
@@ -48,7 +49,7 @@ func ExistsInEcosystem(pkg string, ecosystem string) bool {
 	case "Chainguard":
 		return true
 	case "CRAN":
-		return true
+		return existsInCran(pkg)
 	case "crates.io":
 		return existsInCrates(pkg)
 	case "Debian":
@@ -142,7 +143,7 @@ func VersionsExistInEcosystem(pkg string, versions []string, ecosystem string) e
 	case "Chainguard":
 		return nil
 	case "CRAN":
-		return nil
+		return versionsExistInCran(pkg, versions)
 	case "crates.io":
 		return versionsExistInCrates(pkg, versions)
 	case "Debian":

tools/osv-linter/internal/pkgchecker/ecosystems_test.go

@@ -2,6 +2,70 @@ package pkgchecker
 
 import "testing"
 
+func Test_versionsExistInCran(t *testing.T) {
+	t.Parallel()
+
+	type args struct {
+		pkg      string
+		versions []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "multiple_versions_which_all_exist",
+			args: args{
+				pkg:      "gdata",
+				versions: []string{"2.7.1", "2.12.0.2", "2.18.0.1", "2.19.0"},
+			},
+			wantErr: false,
+		},
+		{
+			name: "multiple_versions_with_one_that_does_not_exist",
+			args: args{
+				pkg:      "gdata",
+				versions: []string{"2.4.1", "2.9.1", "2.12.0"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "an_invalid_version",
+			args: args{
+				pkg:      "gdata",
+				versions: []string{"!"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "an_invalid_package",
+			args: args{
+				pkg:      "!",
+				versions: []string{"1.0.0"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "a_package_that_does_not_exit",
+			args: args{
+				pkg:      "not-a-real-package-hopefully",
+				versions: []string{"1.0.0"},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			if err := versionsExistInCran(tt.args.pkg, tt.args.versions); (err != nil) != tt.wantErr {
+				t.Errorf("versionsExistInCran() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
 func Test_versionsExistInCrates(t *testing.T) {
 	t.Parallel()
 

tools/osv-linter/internal/pkgchecker/package_check.go

@@ -8,6 +8,14 @@ import (
 	"github.com/ossf/osv-schema/linter/internal/faulttolerant"
 )
 
+// Validate the existence of a package in CRAN.
+func existsInCran(pkg string) bool {
+	ecosystem := "CRAN"
+	packageInstanceURL := fmt.Sprintf("%s/%s", EcosystemBaseURLs[ecosystem], pkg)
+
+	return checkPackageExists(packageInstanceURL)
+}
+
 // Validate the existence of a package in crates.io.
 func existsInCrates(pkg string) bool {
 	// Handle special case for rust standard library

tools/osv-linter/internal/pkgchecker/package_check_test.go

@@ -4,6 +4,32 @@ import (
 	"testing"
 )
 
+func Test_existsInCran(t *testing.T) {
+	tests := []struct {
+		name string
+		pkg  string
+		want bool
+	}{
+		{
+			name: "existing package",
+			pkg:  "igraph",
+			want: true,
+		},
+		{
+			name: "non-existing package",
+			pkg:  "non-existing-package",
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := existsInCran(tt.pkg); got != tt.want {
+				t.Errorf("existsInCran() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
 func Test_existsInCrates(t *testing.T) {
 	tests := []struct {
 		name string

tools/osv-linter/internal/pkgchecker/version_check.go

@@ -89,6 +89,18 @@ func versionsExistInGeneric(
 	return nil
 }
 
+// Confirm that all specified versions of a package exist in CRAN.
+func versionsExistInCran(pkg string, versions []string) error {
+	packageInstanceURL := fmt.Sprintf("%s/%s/all", EcosystemBaseURLs["CRAN"], pkg)
+
+	return versionsExistInGeneric(
+		pkg, versions,
+		"CRAN",
+		packageInstanceURL,
+		"versions.@keys",
+	)
+}
+
 // Confirm that all specified versions of a package exist in crates.io.
 func versionsExistInCrates(pkg string, versions []string) error {
 	packageInstanceURL := fmt.Sprintf("%s/%s", EcosystemBaseURLs["crates.io"], pkg)