refactor(scanner): Generally relativize paths returned by scanners

Do not leave it to the scanner implementation to relativize paths (to
not expose any information about the system running ORT), but do it
generally when anyway post-processing license findings.

Signed-off-by: Sebastian Schuberth <[email protected]>

Author: sschuberth

model/src/main/kotlin/TextLocation.kt

@@ -19,6 +19,8 @@
 
 package org.ossreviewtoolkit.model
 
+import java.io.File
+
 import kotlin.math.abs
 import kotlin.math.min
 
@@ -90,4 +92,20 @@ data class TextLocation(
             linesOverlapWith(other) -> 0
             else -> min(abs(other.startLine - endLine), abs(startLine - other.endLine))
         }
+
+    /**
+     * Return a [TextLocation] whose path is relative to [basePath], or throw an [IllegalArgumentException] if the paths
+     * have different roots.
+     */
+    fun withRelativePath(basePath: File): TextLocation {
+        val pathAsFile = File(path)
+
+        val relativePath = when {
+            !pathAsFile.isAbsolute -> pathAsFile
+            basePath.isFile -> pathAsFile.relativeTo(basePath.parentFile)
+            else -> pathAsFile.relativeTo(basePath)
+        }
+
+        return copy(path = relativePath.invariantSeparatorsPath)
+    }
 }

plugins/scanners/askalono/src/main/kotlin/Askalono.kt

@@ -75,23 +75,19 @@ class Askalono internal constructor(
             if (stderr.isNotBlank()) logger.debug { stderr }
             if (isError) throw ScanException(errorMessage)
 
-            generateSummary(startTime, endTime, path, stdout)
+            generateSummary(startTime, endTime, stdout)
         }
     }
 
-    private fun generateSummary(startTime: Instant, endTime: Instant, scanPath: File, result: String): ScanSummary {
+    private fun generateSummary(startTime: Instant, endTime: Instant, result: String): ScanSummary {
         val licenseFindings = mutableSetOf<LicenseFinding>()
 
         result.lines().forEach { line ->
             val root = jsonMapper.readTree(line)
             root["result"]?.let { result ->
                 val licenseFinding = LicenseFinding(
                     license = result["license"]["name"].textValue(),
-                    location = TextLocation(
-                        // Turn absolute paths in the native result into relative paths to not expose any information.
-                        relativizePath(scanPath, File(root["path"].textValue())),
-                        TextLocation.UNKNOWN_LINE
-                    ),
+                    location = TextLocation(root["path"].textValue(), TextLocation.UNKNOWN_LINE),
                     score = result["score"].floatValue()
                 )
 

plugins/scanners/boyterlc/src/main/kotlin/BoyterLc.kt

@@ -84,13 +84,13 @@ class BoyterLc internal constructor(
             if (stderr.isNotBlank()) logger.debug { stderr }
             if (isError) throw ScanException(errorMessage)
 
-            generateSummary(startTime, endTime, path, resultFile).also {
+            generateSummary(startTime, endTime, resultFile).also {
                 resultFile.parentFile.safeDeleteRecursively(force = true)
             }
         }
     }
 
-    private fun generateSummary(startTime: Instant, endTime: Instant, scanPath: File, resultFile: File): ScanSummary {
+    private fun generateSummary(startTime: Instant, endTime: Instant, resultFile: File): ScanSummary {
         val licenseFindings = mutableSetOf<LicenseFinding>()
         val result = resultFile.readTree()
 
@@ -99,11 +99,7 @@ class BoyterLc internal constructor(
             file["LicenseGuesses"].map {
                 LicenseFinding(
                     license = it["LicenseId"].textValue(),
-                    location = TextLocation(
-                        // Turn absolute paths in the native result into relative paths to not expose any information.
-                        relativizePath(scanPath, filePath),
-                        TextLocation.UNKNOWN_LINE
-                    ),
+                    location = TextLocation(filePath.invariantSeparatorsPath, TextLocation.UNKNOWN_LINE),
                     score = it["Percentage"].floatValue()
                 )
             }

scanner/src/main/kotlin/CommandLinePathScannerWrapper.kt

@@ -19,8 +19,6 @@
 
 package org.ossreviewtoolkit.scanner
 
-import java.io.File
-
 import org.apache.logging.log4j.kotlin.Logging
 
 import org.ossreviewtoolkit.model.ScannerDetails
@@ -38,22 +36,4 @@ abstract class CommandLinePathScannerWrapper(name: String) : PathScannerWrapper,
     abstract val configuration: String
 
     override val details by lazy { ScannerDetails(name, getVersion(), configuration) }
-
-    /**
-     * Return the invariant relative path of the [scanned file][scannedFilename] with respect to the
-     * [scanned path][scanPath].
-     */
-    protected fun relativizePath(scanPath: File, scannedFilename: File): String {
-        val relativePathToScannedFile = if (scannedFilename.isAbsolute) {
-            if (scanPath.isFile) {
-                scannedFilename.relativeTo(scanPath.parentFile)
-            } else {
-                scannedFilename.relativeTo(scanPath)
-            }
-        } else {
-            scannedFilename
-        }
-
-        return relativePathToScannedFile.invariantSeparatorsPath
-    }
 }

scanner/src/main/kotlin/Scanner.kt

@@ -607,7 +607,10 @@ class Scanner(
                 val summaryWithMappedLicenses = summary.copy(
                     licenseFindings = summary.licenseFindings.mapTo(mutableSetOf()) {
                         val licenseString = it.license.toString()
-                        it.copy(license = licenseString.mapLicense(scannerConfig.detectedLicenseMapping).toSpdx())
+                        it.copy(
+                            license = licenseString.mapLicense(scannerConfig.detectedLicenseMapping).toSpdx(),
+                            location = it.location.withRelativePath(downloadDir)
+                        )
                     }
                 )
 

scanner/src/testFixtures/kotlin/AbstractPathScannerWrapperFunTest.kt

@@ -25,7 +25,8 @@ import io.kotest.core.spec.style.StringSpec
 import io.kotest.engine.spec.tempdir
 import io.kotest.inspectors.forAll
 import io.kotest.matchers.collections.shouldContainExactlyInAnyOrder
-import io.kotest.matchers.file.shouldNotStartWithPath
+import io.kotest.matchers.file.aFile
+import io.kotest.matchers.shouldBe
 
 import java.io.File
 
@@ -63,23 +64,21 @@ abstract class AbstractPathScannerWrapperFunTest(testTags: Set<Tag> = emptySet()
     init {
         "Scanning a single file succeeds".config(tags = testTags) {
             val result = scanner.scanPath(inputDir.resolve("LICENSE"), scanContext)
+            val findings = result.licenseFindings.map { it.copy(location = it.location.withRelativePath(inputDir)) }
 
-            with(result) {
-                licenseFindings shouldContainExactlyInAnyOrder expectedFileLicenses
-                licenseFindings.forAll {
-                    File(it.location.path) shouldNotStartWithPath inputDir
-                }
+            findings shouldContainExactlyInAnyOrder expectedFileLicenses
+            findings.forAll {
+                inputDir.resolve(it.location.path) shouldBe aFile()
             }
         }
 
         "Scanning a directory succeeds".config(tags = testTags) {
             val result = scanner.scanPath(inputDir, scanContext)
+            val findings = result.licenseFindings.map { it.copy(location = it.location.withRelativePath(inputDir)) }
 
-            with(result) {
-                licenseFindings shouldContainExactlyInAnyOrder expectedDirectoryLicenses
-                licenseFindings.forAll {
-                    File(it.location.path) shouldNotStartWithPath inputDir
-                }
+            findings shouldContainExactlyInAnyOrder expectedDirectoryLicenses
+            findings.forAll {
+                inputDir.resolve(it.location.path) shouldBe aFile()
             }
         }
     }