fix(fossid-webapp): Remove the archive prefix from the scan result

When the scan is created in archive upload mode, all the file paths are
prefixed with the name of the archive received by FossId e.g.
fossid-source-archive832364312005325574.zip/test.txt. Consequently, this
dynamic path names are visible in the snippet reports and no snippet choice
can be made as the path always changes.
This commit addresses the issue by removing this prefix when listing FossId
scan results. When a request affecting a file is sent (mark as identified,
add a comment), the prefix needs to be prepended to the file path again.

Signed-off-by: Nicolas Nobelis <[email protected]>

Author: nnobelis

plugins/scanners/fossid/src/main/kotlin/FossId.kt

@@ -39,6 +39,7 @@ import kotlinx.coroutines.withTimeoutOrNull
 import org.apache.logging.log4j.kotlin.logger
 
 import org.ossreviewtoolkit.clients.fossid.FossIdRestService
+import org.ossreviewtoolkit.clients.fossid.PolymorphicList
 import org.ossreviewtoolkit.clients.fossid.addComponentIdentification
 import org.ossreviewtoolkit.clients.fossid.addFileComment
 import org.ossreviewtoolkit.clients.fossid.checkResponse
@@ -55,6 +56,9 @@ import org.ossreviewtoolkit.clients.fossid.listSnippets
 import org.ossreviewtoolkit.clients.fossid.markAsIdentified
 import org.ossreviewtoolkit.clients.fossid.model.Project
 import org.ossreviewtoolkit.clients.fossid.model.Scan
+import org.ossreviewtoolkit.clients.fossid.model.identification.identifiedFiles.IdentifiedFile
+import org.ossreviewtoolkit.clients.fossid.model.identification.ignored.IgnoredFile
+import org.ossreviewtoolkit.clients.fossid.model.identification.markedAsIdentified.MarkedAsIdentifiedFile
 import org.ossreviewtoolkit.clients.fossid.model.result.MatchType
 import org.ossreviewtoolkit.clients.fossid.model.result.MatchedLines
 import org.ossreviewtoolkit.clients.fossid.model.status.ScanStatus
@@ -820,10 +824,16 @@ class FossId internal constructor(
             }
         }
 
+        // Here the search for the archive prefix cannot be conditioned to config.isArchiveUploadMode because the
+        // current run could be configured in clone repository mode but the scan is a previous scan created in archive
+        // upload mode.
+        val archivePrefix = getArchivePrefix(pendingFiles, identifiedFiles, markedAsIdentifiedFiles, listIgnoredFiles)
+
         val matchedLines = mutableMapOf<Int, MatchedLines>()
         val pendingFilesIterator = pendingFiles.iterator()
         val snippets = flow {
             while (pendingFilesIterator.hasNext()) {
+                // Here the pending files still have their prefix as it is required to list the snippets.
                 val file = pendingFilesIterator.next()
                 logger.info { "Listing snippet for $file..." }
 
@@ -862,20 +872,50 @@ class FossId internal constructor(
                     }
                 }
 
-                emit(file to filteredSnippets.toSet())
+                val fileWithoutPrefix = archivePrefix?.let { file.removePrefix(it) } ?: file
+
+                emit(fileWithoutPrefix to filteredSnippets.toSet())
             }
         }
 
-        return RawResults(
+        return RawResults.createAndRemovePrefix(
             identifiedFiles,
             markedAsIdentifiedFiles,
             listIgnoredFiles,
             pendingFiles,
             snippets,
-            matchedLines
+            matchedLines,
+            archivePrefix
         )
     }
 
+    /**
+     * When the scan is created in Archive upload mode, all the file paths are prefixed with the archive name e.g.
+     * fossid-source-archive832364312005325574.zip/test.txt. This function searches this prefix in the list of pending
+     * files or in the list of identified files. If no such prefix is found, null is returned.
+     */
+    internal fun getArchivePrefix(
+        pendingFiles: List<String>,
+        identifiedFiles: List<IdentifiedFile>,
+        markedAsIdentifiedFiles: List<MarkedAsIdentifiedFile>,
+        listIgnoredFiles: PolymorphicList<IgnoredFile>
+    ): String? {
+        val prefix = pendingFiles.findPrefix { it }
+            ?: identifiedFiles.findPrefix { it.file.path }
+            ?: markedAsIdentifiedFiles.findPrefix { it.file.path }
+            ?: listIgnoredFiles.findPrefix { it.path }
+
+        return prefix?.let {
+            logger.info { "Found archive prefix '$prefix' from snippets." }
+            "$prefix/"
+        }
+    }
+
+    private fun <T> List<T>.findPrefix(selector: (T) -> String?): String? =
+        firstOrNull()
+            ?.takeIf { selector(it)?.startsWith("fossid-source-archive") == true }
+            ?.let { selector(it)?.substringBefore("/") }
+
     /**
      * Construct the [ScanSummary] for this FossID scan.
      */
@@ -906,7 +946,8 @@ class FossId internal constructor(
             snippetChoices,
             snippetFindings,
             rawResults.listPendingFiles,
-            snippetLicenseFindings
+            snippetLicenseFindings,
+            rawResults.archivePrefix
         )
 
         val pendingFilesCount = (rawResults.listPendingFiles - newlyMarkedFiles.toSet()).size
@@ -948,7 +989,9 @@ class FossId internal constructor(
 
     /**
      * Mark all the files in [snippetChoices] as identified, only after searching in [snippetFindings] that they have no
-     * non-chosen source location remaining. Only files in [listPendingFiles] are marked.
+     * non-chosen source location remaining. Only files in [listPendingFiles] are marked. Prefix [archivePrefix]
+     * prepended to the files paths when the scan is done in archive upload mode needs to be prepended when sending
+     * requests that affect a specific file.
      * Files marked as identified have a license identification and a source location (stored in a comment), using
      * [licenseFindings] as reference.
      * Returns the list of files that have been marked as identified.
@@ -958,7 +1001,8 @@ class FossId internal constructor(
         snippetChoices: List<SnippetChoice> = emptyList(),
         snippetFindings: Set<SnippetFinding>,
         pendingFiles: List<String>,
-        licenseFindings: Set<LicenseFinding>
+        licenseFindings: Set<LicenseFinding>,
+        archivePrefix: String?
     ): List<String> {
         val licenseFindingsByPath = licenseFindings.groupBy { it.location.path }
         val result = mutableListOf<String>()
@@ -982,8 +1026,15 @@ class FossId internal constructor(
                                 "findings. The used reasons are: ${reasons.joinToString()}"
                         }
 
+                        val pathForRequest = archivePrefix?.let { "$it$path" } ?: path
                         requests += async {
-                            service.markAsIdentified(config.user.value, config.apiKey.value, scanCode, path, false)
+                            service.markAsIdentified(
+                                config.user.value,
+                                config.apiKey.value,
+                                scanCode,
+                                pathForRequest,
+                                false
+                            )
                             result += path
                         }
 
@@ -1012,7 +1063,7 @@ class FossId internal constructor(
                                         config.user.value,
                                         config.apiKey.value,
                                         scanCode,
-                                        path,
+                                        pathForRequest,
                                         artifact,
                                         version,
                                         false
@@ -1045,7 +1096,13 @@ class FossId internal constructor(
                                     "relevant count $notRelevantChoicesCount."
                             }
 
-                            service.addFileComment(config.user.value, config.apiKey.value, scanCode, path, jsonComment)
+                            service.addFileComment(
+                                config.user.value,
+                                config.apiKey.value,
+                                scanCode,
+                                pathForRequest,
+                                jsonComment
+                            )
                         }
                     }
                 }

plugins/scanners/fossid/src/main/kotlin/FossIdScanResults.kt

@@ -21,6 +21,9 @@ package org.ossreviewtoolkit.plugins.scanners.fossid
 
 import java.lang.invoke.MethodHandles
 
+import kotlin.collections.map
+import kotlin.text.removePrefix
+
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.transformWhile
 
@@ -68,8 +71,56 @@ internal data class RawResults(
     val listIgnoredFiles: List<IgnoredFile>,
     val listPendingFiles: List<String>,
     val listSnippets: Flow<Pair<String, Set<Snippet>>>,
-    val snippetMatchedLines: Map<Int, MatchedLines> = emptyMap()
-)
+    val snippetMatchedLines: Map<Int, MatchedLines> = emptyMap(),
+
+    /**
+     * If the scan was done in archive upload mode, this is the prefix FossId uses before each file path, e.g.
+     * fossid-source-archive832364312005325574.zip/.
+     */
+    val archivePrefix: String? = null
+) {
+    companion object {
+        @Suppress("LongParameterList")
+        fun createAndRemovePrefix(
+            identifiedFiles: List<IdentifiedFile>,
+            markedAsIdentifiedFiles: List<MarkedAsIdentifiedFile>,
+            listIgnoredFiles: List<IgnoredFile>,
+            listPendingFiles: List<String>,
+            listSnippets: Flow<Pair<String, Set<Snippet>>>,
+            snippetMatchedLines: Map<Int, MatchedLines> = emptyMap(),
+            archivePrefix: String?
+        ): RawResults =
+            if (archivePrefix == null) {
+                RawResults(
+                    identifiedFiles,
+                    markedAsIdentifiedFiles,
+                    listIgnoredFiles,
+                    listPendingFiles,
+                    listSnippets,
+                    snippetMatchedLines,
+                    null
+                )
+            } else {
+                identifiedFiles.forEach {
+                    it.file = it.file.copy(path = it.file.path?.removePrefix(archivePrefix))
+                }
+
+                markedAsIdentifiedFiles.forEach {
+                    it.file = it.file.copy(path = it.file.path?.removePrefix(archivePrefix))
+                }
+
+                RawResults(
+                    identifiedFiles,
+                    markedAsIdentifiedFiles,
+                    listIgnoredFiles.map { it.copy(path = it.path.removePrefix(archivePrefix)) },
+                    listPendingFiles.map { it.removePrefix(archivePrefix) },
+                    listSnippets,
+                    snippetMatchedLines,
+                    archivePrefix
+                )
+            }
+    }
+}
 
 /**
  * A data class to hold FossID mapped results.

plugins/scanners/fossid/src/test/kotlin/FossIdSnippetChoiceTest.kt

@@ -41,6 +41,8 @@ import org.ossreviewtoolkit.clients.fossid.PolymorphicList
 import org.ossreviewtoolkit.clients.fossid.PolymorphicResponseBody
 import org.ossreviewtoolkit.clients.fossid.addComponentIdentification
 import org.ossreviewtoolkit.clients.fossid.addFileComment
+import org.ossreviewtoolkit.clients.fossid.createScan
+import org.ossreviewtoolkit.clients.fossid.extractArchives
 import org.ossreviewtoolkit.clients.fossid.listIdentifiedFiles
 import org.ossreviewtoolkit.clients.fossid.listIgnoredFiles
 import org.ossreviewtoolkit.clients.fossid.listMarkedAsIdentifiedFiles
@@ -53,7 +55,9 @@ import org.ossreviewtoolkit.clients.fossid.model.result.MatchType
 import org.ossreviewtoolkit.clients.fossid.model.result.MatchedLines
 import org.ossreviewtoolkit.clients.fossid.model.result.Snippet
 import org.ossreviewtoolkit.clients.fossid.model.status.ScanStatus
+import org.ossreviewtoolkit.clients.fossid.removeUploadedContent
 import org.ossreviewtoolkit.clients.fossid.unmarkAsIdentified
+import org.ossreviewtoolkit.clients.fossid.uploadFile
 import org.ossreviewtoolkit.downloader.VersionControlSystem
 import org.ossreviewtoolkit.model.Severity
 import org.ossreviewtoolkit.model.TextLocation
@@ -70,6 +74,7 @@ import org.ossreviewtoolkit.utils.spdx.toSpdx
 /** Sample files in the results. **/
 private const val FILE_1 = "a.java"
 private const val FILE_2 = "b.java"
+private const val FILE_1_ARCHIVE_MODE = "fossid-source-archive832364312005325574.zip/a.java"
 
 /** A sample purl in the results. **/
 private const val PURL_1 = "pkg:github/fakeuser/[email protected]"
@@ -312,6 +317,89 @@ class FossIdSnippetChoiceTest : WordSpec({
             }
         }
 
+        "mark a file with all snippets chosen as identified when the scan has been created in archive mode" {
+            val branchName = "aTestBranch"
+            val projectCode = PROJECT
+            val scanCode = scanCode(PROJECT, null)
+            val config = createConfig(deltaScans = false, fetchSnippetMatchedLines = true, isArchiveMode = true)
+            val vcsInfo = createVcsInfo()
+            val scan = createScan(vcsInfo.url, "${vcsInfo.revision}_other", scanCode)
+            val pkgId = createIdentifier(index = 42)
+
+            val service = FossIdRestService.create(config.serverUrl)
+                .expectProjectRequest(projectCode)
+                .expectListScans(projectCode, listOf(scan))
+                .expectCheckScanStatus(scanCode, ScanStatus.FINISHED)
+                .expectCreateScan(projectCode, scanCode, vcsInfo, branchName, isArchiveMode = true)
+                .expectRemoveUploadedContent(scanCode)
+                .expectUploadFile(scanCode)
+                .expectExtractArchives(scanCode)
+                .mockFiles(
+                    scanCode,
+                    pendingFiles = listOf(FILE_1_ARCHIVE_MODE),
+                    snippets = listOf(
+                        createSnippet(0, FILE_1, PURL_1)
+                    ),
+                    matchedLines = mapOf(
+                        0 to MatchedLines.create((10..20).toList(), (10..20).toList())
+                    )
+                )
+                // The mark as identified call is made on the real snippet path.
+                .expectMarkAsIdentified(scanCode, FILE_1_ARCHIVE_MODE)
+
+            // The snippet choice is make on the truncated snippet path.
+            val choiceLocation = TextLocation(FILE_1, 10, 20)
+            val snippetChoices = createSnippetChoices(
+                vcsInfo.url,
+                createSnippetChoice(choiceLocation, PURL_1, comment = "")
+            )
+            val fossId = createFossId(config)
+
+            val comment = createOrtScanComment(vcsInfo.url, vcsInfo.revision, branchName).asJsonString()
+            val summary = fossId.scan(
+                createPackage(pkgId, vcsInfo),
+                snippetChoices = snippetChoices,
+                labels = mapOf(FossId.PROJECT_REVISION_LABEL to branchName)
+            ).summary
+
+            summary.snippetFindings should beEmpty()
+            coVerify {
+                service.createScan(USER, API_KEY, projectCode, scanCode, null, null, comment)
+                service.removeUploadedContent(USER, API_KEY, scanCode)
+                service.uploadFile(USER, API_KEY, scanCode, any())
+                service.extractArchives(USER, API_KEY, scanCode, any())
+                service.markAsIdentified(USER, API_KEY, scanCode, FILE_1_ARCHIVE_MODE, any())
+                service.addComponentIdentification(
+                    user = USER,
+                    apiKey = API_KEY,
+                    scanCode = scanCode,
+                    path = FILE_1_ARCHIVE_MODE,
+                    componentName = "fakepackage1",
+                    componentVersion = "1.0.0",
+                    isDirectory = false,
+                    preserveExistingIdentifications = true
+                )
+
+                val payload = OrtCommentPayload(mapOf("MIT" to listOf(choiceLocation)), 1, 0)
+                val jsonComment = jsonMapper.writeValueAsString(OrtComment(payload))
+
+                service.addFileComment(
+                    user = USER,
+                    apiKey = API_KEY,
+                    scanCode = scanCode,
+                    path = FILE_1_ARCHIVE_MODE,
+                    comment = jsonComment,
+                    isImportant = false,
+                    includeInReport = false
+                )
+            }
+
+            summary.issues.forAtLeastOne {
+                it.message shouldBe "This scan has 0 file(s) pending identification in FossID. " +
+                    "Please review and resolve them at: https://www.example.org/fossid/index.html?action=scanview&sid=1"
+            }
+        }
+
         "mark a file with only non relevant snippets for a given snippet location as identified" {
             val projectCode = PROJECT
             val scanCode = scanCode(PROJECT, null)
@@ -952,7 +1040,7 @@ private fun createSnippetChoice(location: TextLocation, purl: String? = null, co
         )
     )
 
-fun FossIdServiceWithVersion.mockFiles(
+internal fun FossIdServiceWithVersion.mockFiles(
     scanCode: String,
     markedFiles: List<MarkedAsIdentifiedFile> = emptyList(),
     pendingFiles: List<String> = emptyList(),