fix(fossid-webapp): creatScan response can be polymorphic

Under some rare circumstances, `createScan` can return an error message as
data payload instead of the scan id. This commit changes the function's
signature to reflect this polymorphicity.

Fixes #8462.

Signed-off-by: Nicolas Nobelis <[email protected]>

Author: nnobelis

clients/fossid-webapp/src/main/kotlin/Extensions.kt

@@ -30,6 +30,7 @@ import okio.sink
 
 import org.apache.logging.log4j.kotlin.logger
 
+import org.ossreviewtoolkit.clients.fossid.model.CreateScanResponse
 import org.ossreviewtoolkit.clients.fossid.model.identification.common.LicenseMatchType
 import org.ossreviewtoolkit.clients.fossid.model.report.ReportType
 import org.ossreviewtoolkit.clients.fossid.model.report.SelectionType
@@ -149,7 +150,7 @@ suspend fun FossIdRestService.createScan(
     gitRepoUrl: String,
     gitBranch: String,
     comment: String = ""
-): MapResponseBody<String> =
+): PolymorphicDataResponseBody<CreateScanResponse> =
     createScan(
         PostRequestBody(
             "create",

clients/fossid-webapp/src/main/kotlin/FossIdRestService.kt

@@ -43,6 +43,7 @@ import okhttp3.ResponseBody
 
 import org.apache.logging.log4j.kotlin.logger
 
+import org.ossreviewtoolkit.clients.fossid.model.CreateScanResponse
 import org.ossreviewtoolkit.clients.fossid.model.Project
 import org.ossreviewtoolkit.clients.fossid.model.Scan
 import org.ossreviewtoolkit.clients.fossid.model.identification.identifiedFiles.IdentifiedFile
@@ -273,7 +274,7 @@ interface FossIdRestService {
     suspend fun createProject(@Body body: PostRequestBody): MapResponseBody<String>
 
     @POST("api.php")
-    suspend fun createScan(@Body body: PostRequestBody): MapResponseBody<String>
+    suspend fun createScan(@Body body: PostRequestBody): PolymorphicDataResponseBody<CreateScanResponse>
 
     @POST("api.php")
     suspend fun runScan(@Body body: PostRequestBody): EntityResponseBody<Nothing>

clients/fossid-webapp/src/main/kotlin/model/CreateScanResponse.kt

@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.clients.fossid.model
+
+/**
+ * This class is present to handle the high polymorphism of the 'createScan' response.
+ */
+data class CreateScanResponse(
+    // Normal response.
+    val scanId: String? = null,
+
+    // Error response when there is a credentials issue (see https://github.com/oss-review-toolkit/ort/issues/8462).
+    val code: String? = null,
+    val message: String? = null,
+    val messageParameters: Map<String, String>? = null
+)

clients/fossid-webapp/src/test/kotlin/FossIdClientNewProjectTest.kt

@@ -95,7 +95,7 @@ class FossIdClientNewProjectTest : StringSpec({
             SCAN_CODE,
             "https://github.com/gundy/semver4j.git",
             "671aa533f7e33c773bf620b9f466650c3b9ab26e"
-        ).shouldNotBeNull().data.shouldNotBeNull() shouldContain("scan_id" to "4920")
+        ).shouldNotBeNull().data?.value?.scanId shouldBe "4920"
     }
 
     "Download from Git can be triggered" {

clients/fossid-webapp/src/test/kotlin/FossIdClientReturnTypeTest.kt

@@ -24,6 +24,7 @@ import com.github.tomakehurst.wiremock.core.WireMockConfiguration
 
 import io.kotest.core.spec.style.StringSpec
 import io.kotest.matchers.collections.beEmpty
+import io.kotest.matchers.maps.shouldContainValue
 import io.kotest.matchers.nulls.shouldNotBeNull
 import io.kotest.matchers.should
 import io.kotest.matchers.shouldBe
@@ -256,6 +257,28 @@ class FossIdClientReturnTypeTest : StringSpec({
         }
     }
 
+    "When create scan returns an error, no exception is thrown" {
+        service.createScan(
+            "",
+            "",
+            PROJECT_CODE_1,
+            SCAN_CODE_1,
+            "git_repo_url",
+            "develop"
+        ) shouldNotBeNull {
+            message shouldBe "These issues were found while parsing the request:"
+            data?.value?.message shouldBe "Field git_repo_url: there was an issue executing command: timeout 200 git " +
+                "ls-remote 'ssh git repo' 2>&1. Exit status: 128. Output: Repository not found The requested " +
+                "repository does not exist, or you do not have permission to access it. fatal: Could not read from " +
+                "remote repository.  Please make sure you have the correct access rights and the repository exists."
+            data?.value?.messageParameters?.shouldContainValue(
+                "Repository not found The requested repository does not exist, or you do not have permission " +
+                    "to access it. fatal: Could not read from remote repository.  Please make sure you have the " +
+                    "correct access rights and the repository exists."
+            )
+        }
+    }
+
     "A file can be marked as identified" {
         service.markAsIdentified(
             "",

clients/fossid-webapp/src/test/resources/return-type/mappings/apiphp-create_scan.json

@@ -0,0 +1,26 @@
+{
+  "id" : "ae6669fb-7ca6-496a-9268-7e4eebb64007",
+  "name" : "apiphp",
+  "request" : {
+    "url" : "/api.php",
+    "method" : "POST",
+    "bodyPatterns" : [ {
+      "equalToJson" : "{\"action\":\"create\",\"group\":\"scans\",\"data\":{\"username\":\"\",\"key\":\"\",\"scan_code\":\"semver4j_20201203_090342\",\"project_code\":\"semver4j\",\"git_repo_url\":\"git_repo_url\",\"git_branch\":\"develop\"}}",
+      "ignoreArrayOrder" : true,
+      "ignoreExtraElements" : true
+    } ]
+  },
+  "response" : {
+    "status" : 200,
+    "body" : "{\"operation\":\"scans_create\",  \"status\":\"0\",  \"data\":[{\"code\": \"RequestData.Base.issue_with_executing_command\",    \"message\":\"Field git_repo_url: there was an issue executing command: timeout 200 git ls-remote 'ssh git repo' 2>&1. Exit status: 128. Output: Repository not found The requested repository does not exist, or you do not have permission to access it. fatal: Could not read from remote repository.  Please make sure you have the correct access rights and the repository exists.\",    \"message_parameters\":{\"fieldname\":\"git_repo_url\",      \"cmd\":\"timeout 200 git ls-remote 'ssh git repo' 2>&1\",      \"exitStatus\":128,      \"out\":\"Repository not found The requested repository does not exist, or you do not have permission to access it. fatal: Could not read from remote repository.  Please make sure you have the correct access rights and the repository exists.\"}  }],  \"error\":\"RequestData.Base.issues_while_parsing_request\",  \"message\":\"These issues were found while parsing the request:\",  \"message_parameters\":[]}",
+    "headers" : {
+      "Content-Type" : "text/html; charset=UTF-8",
+      "Date" : "Thu, 03 Dec 2020 08:03:42 GMT",
+      "Server" : "Apache/2.4.38 (Debian)",
+      "Vary" : "Accept-Encoding"
+    }
+  },
+  "uuid" : "ae6669fb-7ca6-496a-9268-7e4eebb64007",
+  "persistent" : true,
+  "insertionIndex" : 5
+}

plugins/scanners/fossid/src/main/kotlin/FossId.kt

@@ -679,7 +679,16 @@ class FossId internal constructor(
             .createScan(config.user.value, config.apiKey.value, projectCode, scanCode, url, revision, reference)
             .checkResponse("create scan")
 
-        val scanId = response.data?.get("scan_id")
+        val data = response.data?.value
+
+        if (data?.message != null) {
+            logger.warn {
+                "Create scan returned an error content as payload (see issue #8462)." +
+                    " Additional information: ${data.message}"
+            }
+        }
+
+        val scanId = data?.scanId
 
         requireNotNull(scanId) { "Scan could not be created. The response was: ${response.message}." }
 

plugins/scanners/fossid/src/test/kotlin/TestUtils.kt

@@ -29,8 +29,8 @@ import java.util.concurrent.atomic.AtomicInteger
 import org.ossreviewtoolkit.clients.fossid.EntityResponseBody
 import org.ossreviewtoolkit.clients.fossid.FossIdRestService
 import org.ossreviewtoolkit.clients.fossid.FossIdServiceWithVersion
-import org.ossreviewtoolkit.clients.fossid.MapResponseBody
 import org.ossreviewtoolkit.clients.fossid.PolymorphicData
+import org.ossreviewtoolkit.clients.fossid.PolymorphicDataResponseBody
 import org.ossreviewtoolkit.clients.fossid.PolymorphicInt
 import org.ossreviewtoolkit.clients.fossid.PolymorphicList
 import org.ossreviewtoolkit.clients.fossid.PolymorphicResponseBody
@@ -48,6 +48,7 @@ import org.ossreviewtoolkit.clients.fossid.listMatchedLines
 import org.ossreviewtoolkit.clients.fossid.listPendingFiles
 import org.ossreviewtoolkit.clients.fossid.listScansForProject
 import org.ossreviewtoolkit.clients.fossid.listSnippets
+import org.ossreviewtoolkit.clients.fossid.model.CreateScanResponse
 import org.ossreviewtoolkit.clients.fossid.model.Scan
 import org.ossreviewtoolkit.clients.fossid.model.identification.common.LicenseMatchType
 import org.ossreviewtoolkit.clients.fossid.model.identification.identifiedFiles.IdentifiedFile
@@ -548,7 +549,10 @@ internal fun FossIdServiceWithVersion.expectCreateScan(
 ): FossIdServiceWithVersion {
     coEvery {
         createScan(USER, API_KEY, projectCode, scanCode, vcsInfo.url, vcsInfo.revision, comment)
-    } returns MapResponseBody(status = 1, data = mapOf("scan_id" to SCAN_ID.toString()))
+    } returns PolymorphicDataResponseBody(
+        status = 1,
+        data = PolymorphicData(CreateScanResponse(SCAN_ID.toString()))
+    )
     return this
 }