Add example output to main getting started vignette

Use canned output so that it doesnt have to query to API directly at the cost of possible changes to functions that may affect the output and needs updates later...
al-obrien · Nov 16, 2023 · c39118b · c39118b
1 parent 4d6d26d
commit c39118b
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 7 deletions.
diff --git a/R/scans.R b/R/scans.R
@@ -109,7 +109,7 @@ osv_scan_r_project <- function(dir = '.', sort_by_vul = TRUE) {
   pkg_data$is_vul <- is_pkg_vulnerable(name = pkg_data$name, ecosystem = pkg_data$ecosystem, version = pkg_data$version)
 
   if(sort_by_vul) {
-    pkg_data[order(pkg_data$is_vul, pkg_data$name, pkg_data$version, decreasing = TRUE),]
+    pkg_data[order(-pkg_data$is_vul, pkg_data$name, pkg_data$version),]
   } else{
     pkg_data[order(pkg_data$name, pkg_data$version),]
   }
@@ -125,7 +125,7 @@ osv_scan_r_project <- function(dir = '.', sort_by_vul = TRUE) {
 #' simply performs all R project related scans at once. Emphasis is placed on scans of R related content.
 #' Additional parsing and scanning modes will be added over time as needed. If a mode does not exist for
 #' a particular purpose, alternate functions such as \code{is_pkg_vulnerable()} can be used with any list of
-#' package names for ecosystems available in the OSV database
+#' package names for ecosystems available in the OSV database.
 #'
 #' @seealso \code{\link{is_pkg_vulnerable}}
 #'
@@ -143,8 +143,8 @@ osv_scan <- function(mode, ...) {
                     choices = c('r_project', 'renv', 'r_libpath'),
                     several.ok = FALSE)
   switch(mode,
-         r_project = osv_scan_r_libpath(...),
+         r_project = osv_scan_r_project(...),
          renv = osv_scan_renv(...),
-         r_libpath = osv_scan_r_project(...))
+         r_libpath = osv_scan_r_libpath(...))
 }
 
diff --git a/man/osv_scan.Rd b/man/osv_scan.Rd
diff --git a/vignettes/rosv.Rmd b/vignettes/rosv.Rmd
@@ -40,6 +40,11 @@ informing you if that package has ever been listed with a vulnerability.
 is_pkg_vulnerable(c('dask', 'dash'), ecosystem = c('PyPI', 'PyPI'))
 ```
 
+```{r, echo = FALSE}
+c(dask = TRUE, dash = FALSE)
+```
+
+
 ### List package vulnerabilities
 
 The most basic usage of {rosv} is to pull all versions of an ecosystem's packages (e.g. PyPI or CRAN) listed 
@@ -48,13 +53,43 @@ in the OSV database. This can be achieved using high-level functions such as `os
 ```{r, eval = FALSE}
 # Query one package in PyPI for vulnerabilities
 pkg_vul <- osv_query('dask', ecosystem = 'PyPI')
-create_osv_list(pkg_vul)
+pkg_tbl <- create_osv_list(pkg_vul, as.data.frame = TRUE)
+head(pkg_tbl, 3)
+```
+
+```{r, echo = FALSE}
+data.frame(name = rep('dask', 3),
+           versions = c('0.10.0', '0.10.1', '0.10.2'))
 ```
 
+
 ```{r example, eval = FALSE}
 # Pull the entire set of PyPI vulnerability data
 pypi_vul <- create_osv_list(ecosystem = 'PyPI')
-pypi_vul
+head(pypi_vul, 3)
+```
+
+```{r, echo = FALSE}
+c("aaiohttp\t ", "accesscontrol\t2.13.0", "accesscontrol\t2.13.1")
+```
+
+
+## Scan an R project
+
+Packages discovered within an R project (such as {renv} LOCK files and installed packages at `.libPaths()`) can be 
+parsed and scanned directly using the `osv_scan()` function. A data.frame is returned with the package name and a logical value 
+specifying if a vulnerability was discovered in the OSV database. If a particular scanning mode does not exist, similar 
+functionality can be created if a package list and associated version information is passed to `is_pkg_vulnerable()`.
+
+```{r, eval = FALSE}
+osv_scan('r_project')
+```
+
+```{r, echo = FALSE}
+data.frame(name = c('commonmark', 'jsonlite', 'askpass', 'base'),
+           version = c( '1.9.0', '1.8.7', '1.2.0', '4.3.1'),
+           ecosystem = rep('CRAN', 4), 
+           is_vul = c(TRUE, TRUE, FALSE , FALSE))
 ```