Merge branch 'oss-review-toolkit:main' into feat/scanoss/exclusion-patterns-and-snippet-choices

Author: isasmendiagus

.github/workflows/static-analysis.yml

@@ -108,7 +108,7 @@ jobs:
       with:
         fetch-depth: 0
     - name: Qodana Scan
-      uses: JetBrains/qodana-action@491da5246a31d74fe3fe86db365d16e4d4edfb91 # v2025.1.0
+      uses: JetBrains/qodana-action@e14351bdf4707c4cecc25a86a9190745b7b40de8 # v2025.1.1
       with:
         post-pr-comment: false
         use-caches: false

downloader/src/main/kotlin/WorkingTreeCache.kt

@@ -27,6 +27,7 @@ import kotlinx.coroutines.sync.withLock
 import org.apache.logging.log4j.kotlin.logger
 
 import org.ossreviewtoolkit.model.VcsInfo
+import org.ossreviewtoolkit.plugins.api.PluginConfig
 import org.ossreviewtoolkit.utils.common.safeDeleteRecursively
 import org.ossreviewtoolkit.utils.ort.createOrtTempDir
 
@@ -55,11 +56,23 @@ interface WorkingTreeCache {
 
 class DefaultWorkingTreeCache : WorkingTreeCache {
     private val mutex = Mutex()
+    private val vcsPluginConfigs = mutableMapOf<String, PluginConfig>()
     private val workingTreeMutexes = mutableMapOf<String, Mutex>()
     private val workingTrees = mutableMapOf<String, WorkingTree>()
 
     private var terminated = false
 
+    /**
+     * Add [VCS plugin configurations][configs] that are applied when creating a [VersionControlSystem] instance
+     * for this working tree. Calling this function is optional.
+     */
+    @Suppress("unused") // Intended for use when this class is consumed externally as a library.
+    fun addVcsPluginConfigs(configs: Map<String, PluginConfig>): DefaultWorkingTreeCache {
+        logger.debug { "Using VCS plugin configs: $configs" }
+        vcsPluginConfigs += configs
+        return this
+    }
+
     override suspend fun <T> use(vcsInfo: VcsInfo, block: (VersionControlSystem, WorkingTree) -> T): T {
         val vcs = getVcs(vcsInfo)
         return getWorkingTreeMutex(vcsInfo).withLock { block(vcs, getWorkingTree(vcsInfo, vcs)) }
@@ -75,8 +88,8 @@ class DefaultWorkingTreeCache : WorkingTreeCache {
         }
 
     private fun getVcs(vcsInfo: VcsInfo) =
-        VersionControlSystem.forType(vcsInfo.type)
-            ?: VersionControlSystem.forUrl(vcsInfo.url)
+        VersionControlSystem.forType(vcsInfo.type, vcsPluginConfigs)
+            ?: VersionControlSystem.forUrl(vcsInfo.url, vcsPluginConfigs)
             ?: throw IOException("Could not determine VCS for type '${vcsInfo.type}' and URL ${vcsInfo.url}.")
 
     private fun getWorkingTree(vcsInfo: VcsInfo, vcs: VersionControlSystem) =

evaluator/src/main/kotlin/PackageRule.kt

@@ -57,7 +57,7 @@ open class PackageRule(
 ) : Rule(ruleSet, name) {
     private val licenseRules = mutableListOf<LicenseRule>()
 
-    @Suppress("UNUSED") // This is intended to be used by rule implementations.
+    @Suppress("unused") // This is intended to be used by rule implementations.
     val uncuratedPkg: Package by lazy {
         @Suppress("UnsafeCallOnNullableType")
         ruleSet.ortResult.getUncuratedPackageOrProject(pkg.metadata.id)!!

gradle/libs.versions.toml

@@ -1,5 +1,5 @@
 [versions]
-buildConfigPlugin = "5.6.4"
+buildConfigPlugin = "5.6.5"
 dependencyAnalysisPlugin = "2.17.0"
 detektPlugin = "1.23.8"
 dokkatooPlugin = "2.4.0"

model/src/main/kotlin/OrtResult.kt

@@ -214,7 +214,7 @@ data class OrtResult(
     /**
      * Return the list of [AdvisorResult]s for the given [id].
      */
-    @Suppress("UNUSED")
+    @Suppress("unused")
     fun getAdvisorResultsForId(id: Identifier): List<AdvisorResult> = advisorResultsById[id].orEmpty()
 
     /**
@@ -375,7 +375,7 @@ data class OrtResult(
      * [omitExcluded] is set to true, excluded projects / packages are omitted from the result. Projects are converted
      * to packages in the result. If no analyzer result is present an empty set is returned.
      */
-    @Suppress("UNUSED") // This is intended to be mostly used via scripting.
+    @Suppress("unused") // This is intended to be mostly used via scripting.
     fun getOrgPackages(vararg names: String, omitExcluded: Boolean = false): Set<Package> {
         val vendorPackages = mutableSetOf<Package>()
 

model/src/main/kotlin/TextLocation.kt

@@ -19,6 +19,8 @@
 
 package org.ossreviewtoolkit.model
 
+import com.fasterxml.jackson.annotation.JsonIgnore
+
 import java.io.File
 
 import kotlin.math.abs
@@ -65,6 +67,16 @@ data class TextLocation(
      */
     constructor(path: String, line: Int) : this(path, line, line)
 
+    /**
+     * Indicate whether this TextLocation has known start and end lines.
+     */
+    @JsonIgnore
+    val hasLineRange = startLine != UNKNOWN_LINE && endLine != UNKNOWN_LINE
+
+    /**
+     * Return a negative integer, zero, or a positive integer as this TextLocation comes before, is the same, or comes
+     * after the [other] TextLocation.
+     */
     override fun compareTo(other: TextLocation) = COMPARATOR.compare(this, other)
 
     /**

notifier/src/main/kotlin/modules/JiraNotifier.kt

@@ -43,7 +43,7 @@ class JiraNotifier(private val restClient: JiraRestClient) {
     /**
      * Create a [comment] within the issue specified by the [issueKey].
      */
-    @Suppress("UNUSED") // This is intended to be used via scripting.
+    @Suppress("unused") // This is intended to be used via scripting.
     fun createComment(issueKey: String, comment: String) {
         val issue = restClient.issueClient.getIssue(issueKey).claim()
 

notifier/src/main/kotlin/modules/MailNotifier.kt

@@ -58,7 +58,7 @@ class MailNotifier(private val config: SendMailConfiguration) {
      * is set to false, a single-part plain-text email is sent. Otherwise, a multi-part HTML email with an additional
      * plain-text part as a fallback is sent. Throws a [MessagingException] if the email could not be sent.
      */
-    @Suppress("UNUSED") // This is intended to be used by notification script implementations.
+    @Suppress("unused") // This is intended to be used by notification script implementations.
     fun sendMail(
         subject: String,
         message: String,

plugins/api/src/main/kotlin/OrtPlugin.kt

@@ -33,7 +33,7 @@ import kotlin.reflect.KClass
 annotation class OrtPlugin(
     /**
      * The id of the plugin. Must be unique among all plugins for the same extension point. If empty, the id is derived
-     * from the class name by removing the plugin's parent class name as a suffix.
+     * from the class name by removing the plugin's parent class name (with any "Ort" prefix stripped) as a suffix.
      */
     val id: String = "",
 

plugins/commands/advisor/src/main/kotlin/AdvisorCommand.kt renamed to plugins/commands/advisor/src/main/kotlin/AdviseCommand.kt

@@ -61,12 +61,11 @@ import org.ossreviewtoolkit.utils.ort.ORT_RESOLUTIONS_FILENAME
 import org.ossreviewtoolkit.utils.ort.ortConfigDirectory
 
 @OrtPlugin(
-    id = "advise",
     displayName = "advise command",
     description = "Check dependencies for security vulnerabilities.",
     factory = OrtCommandFactory::class
 )
-class AdvisorCommand(descriptor: PluginDescriptor = AdvisorCommandFactory.descriptor) : OrtCommand(descriptor) {
+class AdviseCommand(descriptor: PluginDescriptor = AdviseCommandFactory.descriptor) : OrtCommand(descriptor) {
     private val ortFile by option(
         "--ort-file", "-i",
         help = "An ORT result file with an analyzer result to use."