fix(model): Correctly handle license files from (Maven) source artifacts

Fixes #10607.

Signed-off-by: Sebastian Schuberth <[email protected]>

Author: sschuberth

model/src/main/kotlin/licenses/LicenseInfoResolver.kt

@@ -26,7 +26,6 @@ import org.ossreviewtoolkit.model.Identifier
 import org.ossreviewtoolkit.model.KnownProvenance
 import org.ossreviewtoolkit.model.LicenseSource
 import org.ossreviewtoolkit.model.Provenance
-import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.TextLocation
 import org.ossreviewtoolkit.model.UnknownProvenance
 import org.ossreviewtoolkit.model.config.CopyrightGarbage
@@ -36,6 +35,7 @@ import org.ossreviewtoolkit.model.utils.FileArchiver
 import org.ossreviewtoolkit.model.utils.FindingCurationMatcher
 import org.ossreviewtoolkit.model.utils.FindingsMatcher
 import org.ossreviewtoolkit.model.utils.PathLicenseMatcher
+import org.ossreviewtoolkit.model.utils.getSubdirectoryForProvenance
 import org.ossreviewtoolkit.model.utils.prependedPath
 import org.ossreviewtoolkit.utils.common.safeDeleteRecursively
 import org.ossreviewtoolkit.utils.ort.createOrtTempDir
@@ -259,7 +259,7 @@ class LicenseInfoResolver(
             // Register the (empty) `archiveDir` for deletion on JVM exit.
             archiveDir.deleteOnExit()
 
-            val directory = (provenance as? RepositoryProvenance)?.vcsInfo?.path.orEmpty()
+            val directory = getSubdirectoryForProvenance(provenance, id)
             val rootLicenseFiles = pathLicenseMatcher.getApplicableLicenseFilesForDirectories(
                 relativeFilePaths = archiveDir.walk().filter { it.isFile }.mapTo(mutableSetOf()) {
                     it.relativeTo(archiveDir).invariantSeparatorsPath

model/src/main/kotlin/utils/FileArchiver.kt

@@ -27,7 +27,10 @@ import kotlin.time.measureTimedValue
 import org.apache.logging.log4j.kotlin.logger
 import org.apache.tika.Tika
 
+import org.ossreviewtoolkit.model.ArtifactProvenance
+import org.ossreviewtoolkit.model.Identifier
 import org.ossreviewtoolkit.model.KnownProvenance
+import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.utils.common.FileMatcher
 import org.ossreviewtoolkit.utils.common.collectMessages
 import org.ossreviewtoolkit.utils.common.div
@@ -68,35 +71,40 @@ class FileArchiver(
     fun hasArchive(provenance: KnownProvenance): Boolean = storage.hasData(provenance)
 
     /**
-     * Archive all files in [directory] matching any of the configured patterns in the [storage].
+     * Archive the files matching [patterns] inside [rootDirectory] and put them to the [storage]. The archive is
+     * associated with the given [provenance] and [id].
      */
-    fun archive(directory: File, provenance: KnownProvenance) {
-        logger.info { "Archiving files matching ${matcher.patterns} from '$directory'..." }
+    fun archive(rootDirectory: File, provenance: KnownProvenance, id: Identifier) {
+        val subdirectory = getSubdirectoryForProvenance(provenance, id)
+        val directories = setOf(rootDirectory, rootDirectory / subdirectory)
+
+        logger.info { "Archiving files matching ${matcher.patterns} from '$rootDirectory'..." }
 
         val zipFile = createOrtTempFile(suffix = ".zip")
         val tika = Tika()
 
         val zipDuration = measureTime {
-            directory.packZip(zipFile, overwrite = true) { file ->
-                val relativePath = file.relativeTo(directory).invariantSeparatorsPath
-
-                if (!matcher.matches(relativePath)) return@packZip false
+            rootDirectory.packZip(zipFile, overwrite = true) { file ->
+                val matchingFile = directories.find {
+                    val relativePath = file.relativeTo(it).invariantSeparatorsPath
+                    matcher.matches(relativePath)
+                } ?: return@packZip false
 
                 if (!tika.detect(file).startsWith("text/")) {
-                    logger.info { "Not adding file '$relativePath' to archive because it is not a text file." }
+                    logger.info { "Not adding file '$matchingFile' to archive because it is not a text file." }
                     return@packZip false
                 }
 
-                logger.debug { "Adding '$relativePath' to archive." }
+                logger.debug { "Adding '$matchingFile' to archive." }
                 true
             }
         }
 
-        logger.info { "Archived directory '$directory' in $zipDuration." }
+        logger.info { "Archived directory '$rootDirectory' in $zipDuration." }
 
         val writeDuration = measureTime { storage.putData(provenance, zipFile.inputStream(), zipFile.length()) }
 
-        logger.info { "Wrote archive of directory '$directory' to storage in $writeDuration." }
+        logger.info { "Wrote archive of directory '$rootDirectory' to storage in $writeDuration." }
 
         zipFile.parentFile.safeDeleteRecursively()
     }
@@ -129,3 +137,21 @@ class FileArchiver(
         }.isSuccess
     }
 }
+
+/**
+ * Get the (potentially [id]-type specific) nested path directory for the given [provenance].
+ */
+fun getSubdirectoryForProvenance(provenance: KnownProvenance, id: Identifier): String =
+    when (provenance) {
+        // In case of a repository, match paths relative to the VCS path.
+        is RepositoryProvenance -> provenance.vcsInfo.path
+
+        // In case of a source artifact, match paths relative to the archive root or a type-specific directory.
+        is ArtifactProvenance -> {
+            // Java Archives (JARs) by convention (see e.g. the Apache Release Policy) often contain licensing
+            // information as part of the "META-INF" directory.
+            if (id.type == "Maven") "META-INF" else ""
+
+            // TODO: Check if more types need special handling.
+        }
+    }

model/src/test/kotlin/utils/FileArchiverTest.kt

@@ -32,6 +32,9 @@ import io.kotest.matchers.shouldNot
 
 import java.io.File
 
+import org.ossreviewtoolkit.model.ArtifactProvenance
+import org.ossreviewtoolkit.model.Identifier
+import org.ossreviewtoolkit.model.RemoteArtifact
 import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.VcsInfo
 import org.ossreviewtoolkit.model.VcsType
@@ -50,6 +53,10 @@ private val PROVENANCE = RepositoryProvenance(
     resolvedRevision = "0000000000000000000000000000000000000000"
 )
 
+private val ARTIFACT_PROVENANCE = ArtifactProvenance(
+    sourceArtifact = RemoteArtifact.EMPTY
+)
+
 class FileArchiverTest : StringSpec() {
     private lateinit var workingDir: File
     private lateinit var storageDir: File
@@ -84,7 +91,7 @@ class FileArchiverTest : StringSpec() {
             createFile("path/LICENSE")
 
             val archiver = FileArchiver(setOf("**/LICENSE"), storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
@@ -101,7 +108,7 @@ class FileArchiverTest : StringSpec() {
             createFile("d/LiCeNsE")
 
             val archiver = FileArchiver(setOf("**/LICENSE"), storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
@@ -121,7 +128,7 @@ class FileArchiverTest : StringSpec() {
 
             val archiver = FileArchiver(setOf("a", "**/a"), storage)
 
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
@@ -144,7 +151,7 @@ class FileArchiverTest : StringSpec() {
             createFile("c/b")
 
             val archiver = FileArchiver(setOf("**"), storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
 
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
@@ -160,7 +167,7 @@ class FileArchiverTest : StringSpec() {
         "Empty archives can be handled" {
             val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
 
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
 
             archiver.unarchive(targetDir, PROVENANCE) shouldBe true
             targetDir shouldContainNFiles 0
@@ -170,7 +177,7 @@ class FileArchiverTest : StringSpec() {
             createFile("License") { writeBytes(byteArrayOf(0xFF.toByte(), 0xD8.toByte())) }
 
             val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
@@ -181,7 +188,7 @@ class FileArchiverTest : StringSpec() {
             createFile("License") { writeText("ぁあぃいぅうぇえぉおかが") }
 
             val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
@@ -192,11 +199,37 @@ class FileArchiverTest : StringSpec() {
             createFile("License.md") { writeText("# Heading level 1") }
 
             val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
-            archiver.archive(workingDir, PROVENANCE)
+            archiver.archive(workingDir, PROVENANCE, Identifier.EMPTY)
             val result = archiver.unarchive(targetDir, PROVENANCE)
 
             result shouldBe true
             targetDir should containFile("License.md")
         }
+
+        "LICENSE files from source artifacts are archived" {
+            createFile("LICENSE")
+
+            val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
+            archiver.archive(workingDir, ARTIFACT_PROVENANCE, Identifier.EMPTY)
+            val result = archiver.unarchive(targetDir, ARTIFACT_PROVENANCE)
+
+            result shouldBe true
+            with(targetDir) {
+                shouldContainFileWithContent("LICENSE")
+            }
+        }
+
+        "LICENSE files from Maven artifacts with META-INF are archived" {
+            createFile("META-INF/LICENSE")
+
+            val archiver = FileArchiver(LicenseFilePatterns.DEFAULT.allLicenseFilenames, storage)
+            archiver.archive(workingDir, ARTIFACT_PROVENANCE, Identifier("Maven:::"))
+            val result = archiver.unarchive(targetDir, ARTIFACT_PROVENANCE)
+
+            result shouldBe true
+            with(targetDir) {
+                shouldContainFileWithContent("META-INF/LICENSE")
+            }
+        }
     }
 }

scanner/src/main/kotlin/Scanner.kt

@@ -745,7 +745,7 @@ class Scanner(
                 // runCatching has a bug with smart-cast, see https://youtrack.jetbrains.com/issue/KT-27748.
                 try {
                     dir = provenanceDownloader.downloadRecursively(nestedProvenance)
-                    archiver.archive(dir, nestedProvenance.root)
+                    archiver.archive(dir, nestedProvenance.root, pkg.id)
                 } catch (e: DownloadException) {
                     controller.addIssue(
                         pkg.id,