fix(spdx): Use the plugin display name as issue source

Also simplify code by using the constant for the display name instead of
passing the value around via function arguments.

Signed-off-by: Martin Nonnenmacher <[email protected]>

Author: mnonnenmacher

plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt

@@ -515,7 +515,7 @@ class SpdxDocumentFile(override val descriptor: PluginDescriptor = SpdxDocumentF
         analyzerConfig: AnalyzerConfiguration,
         labels: Map<String, String>
     ): List<ProjectAnalyzerResult> {
-        val transitiveDocument = SpdxResolvedDocument.load(spdxDocumentCache, definitionFile, descriptor.id)
+        val transitiveDocument = SpdxResolvedDocument.load(spdxDocumentCache, definitionFile)
 
         val spdxDocument = transitiveDocument.rootDocument.document
 

plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt

@@ -31,6 +31,7 @@ import org.ossreviewtoolkit.model.Issue
 import org.ossreviewtoolkit.model.Severity
 import org.ossreviewtoolkit.model.createAndLogIssue
 import org.ossreviewtoolkit.plugins.packagemanagers.spdx.SpdxDocumentFile
+import org.ossreviewtoolkit.plugins.packagemanagers.spdx.SpdxDocumentFileFactory
 import org.ossreviewtoolkit.utils.common.collectMessages
 import org.ossreviewtoolkit.utils.common.safeDeleteRecursively
 import org.ossreviewtoolkit.utils.ort.OkHttpClientHelper
@@ -55,11 +56,6 @@ internal data class SpdxResolvedDocument(
      */
     val rootDocument: ResolvedSpdxDocument,
 
-    /**
-     * The name of the source to use when creating [Issue]s.
-     */
-    val issueSource: String,
-
     /**
      * Holds a map with all [ResolvedSpdxDocument]s that are referenced directly or indirectly from the root document,
      * using the external reference objects as keys.
@@ -86,14 +82,13 @@ internal data class SpdxResolvedDocument(
     private val issuesByReferenceId: Map<String, Issue>
 ) {
     companion object {
-        fun load(cache: SpdxDocumentCache, rootDocumentFile: File, issueSource: String): SpdxResolvedDocument {
+        fun load(cache: SpdxDocumentCache, rootDocumentFile: File): SpdxResolvedDocument {
             val rootDocument = cache.load(rootDocumentFile).getOrThrow()
 
             val references = mutableMapOf<SpdxExternalDocumentReference, ResolvedSpdxDocument>()
             val issues = mutableMapOf<String, Issue>()
             resolveAllReferences(
                 cache,
-                issueSource,
                 rootDocument,
                 rootDocumentFile.toURI(),
                 references,
@@ -108,7 +103,7 @@ internal data class SpdxResolvedDocument(
             val packages = collectPackages(references) + rootDocument.getPackages()
             val relations = collectAndQualifyRelations(references) + rootDocument.relationships
 
-            return SpdxResolvedDocument(resolvedRootDocument, issueSource, references, relations, packages, issues)
+            return SpdxResolvedDocument(resolvedRootDocument, references, relations, packages, issues)
         }
     }
 
@@ -124,7 +119,7 @@ internal data class SpdxResolvedDocument(
             issue?.also { issues += it }
         } else {
             issues += issue ?: createAndLogIssue(
-                source = issueSource,
+                source = SpdxDocumentFileFactory.descriptor.displayName,
                 message = "'$identifier' could neither be resolved to a 'package' nor to an 'externalDocumentRef'."
             )
         }
@@ -177,25 +172,23 @@ internal data class ResolvedSpdxDocument(
 /**
  * Resolve all external references to SPDX documents contained in [document], and recursively in all referenced
  * documents. Use [cache] to load documents. Resolve relative URLs against [baseUri]. Store all encountered references
- * and the documents they point to in [references]. Store issues encountered when resolving references in [issues] with
- * [issueSource] as source of the issues. Use [knownUris] to detect cycles.
+ * and the documents they point to in [references]. Store issues encountered when resolving references in [issues]. Use
+ * [knownUris] to detect cycles.
  */
 private fun resolveAllReferences(
     cache: SpdxDocumentCache,
-    issueSource: String,
     document: SpdxDocument,
     baseUri: URI,
     references: MutableMap<SpdxExternalDocumentReference, ResolvedSpdxDocument>,
     issues: MutableMap<String, Issue>,
     knownUris: MutableSet<URI>
 ) {
-    document.resolveReferences(cache, baseUri, issueSource).forEach { (ref, resolvedDoc) ->
+    document.resolveReferences(cache, baseUri).forEach { (ref, resolvedDoc) ->
         resolvedDoc.document?.let { document ->
             references += ref to ResolvedSpdxDocument(document, resolvedDoc.uri)
             if (knownUris.add(resolvedDoc.uri)) {
                 resolveAllReferences(
                     cache,
-                    issueSource,
                     document,
                     resolvedDoc.uri,
                     references,
@@ -270,11 +263,7 @@ private fun URI.toDefinitionFile(): File? =
  * Return the [SpdxDocument] this [SpdxExternalDocumentReference]'s [SpdxDocument] refers to. Use [cache] to parse
  * the document, and [baseUri] to resolve relative references.
  */
-internal fun SpdxExternalDocumentReference.resolve(
-    cache: SpdxDocumentCache,
-    baseUri: URI,
-    issueSource: String
-): ResolutionResult {
+internal fun SpdxExternalDocumentReference.resolve(cache: SpdxDocumentCache, baseUri: URI): ResolutionResult {
     val uri = runCatching {
         val resolvedUri = baseUri.resolve(spdxDocument)
         resolvedUri.takeUnless { baseUri.query != null } ?: URI("$resolvedUri?${baseUri.query}")
@@ -283,36 +272,34 @@ internal fun SpdxExternalDocumentReference.resolve(
             document = null,
             uri = baseUri,
             issue = createAndLogIssue(
-                source = issueSource,
+                source = SpdxDocumentFileFactory.descriptor.displayName,
                 message = "The SPDX document at '$spdxDocument' cannot be resolved as a URI (referred from $baseUri " +
                     "as part of '$externalDocumentId')."
             )
         )
     }
 
     return if (uri.isLocalDefinitionFile()) {
-        resolveFromFile(uri, cache, baseUri, issueSource)
+        resolveFromFile(uri, cache, baseUri)
     } else {
-        resolveFromDownload(uri, cache, baseUri, issueSource)
+        resolveFromDownload(uri, cache, baseUri)
     }
 }
 
 /**
  * Resolve this [SpdxExternalDocumentReference] from [uri] if it points to a file on the local file system. Use
- * [cache] to load the file. In case of a failure, create an [Issue] whose message includes [baseUri] and that uses
- * [issueSource].
+ * [cache] to load the file. In case of a failure, create an [Issue] whose message includes [baseUri].
  */
 private fun SpdxExternalDocumentReference.resolveFromFile(
     uri: URI,
     cache: SpdxDocumentCache,
-    baseUri: URI,
-    issueSource: String
+    baseUri: URI
 ): ResolutionResult {
     val file = uri.toDefinitionFile() ?: return ResolutionResult(
         document = null,
         uri = baseUri,
         issue = createAndLogIssue(
-            source = issueSource,
+            source = SpdxDocumentFileFactory.descriptor.displayName,
             message = "The file pointed to by '$uri' in reference '$externalDocumentId' does not exist."
         )
     )
@@ -322,26 +309,25 @@ private fun SpdxExternalDocumentReference.resolveFromFile(
             document = null,
             uri = uri,
             issue = createAndLogIssue(
-                source = issueSource,
+                source = SpdxDocumentFileFactory.descriptor.displayName,
                 message = "Failed to parse the SPDX document pointed to by '$uri' in reference " +
                     "'$externalDocumentId': ${it.message}"
             )
         )
     }
 
-    return ResolutionResult(document, uri, verifyChecksum(file, baseUri, issueSource))
+    return ResolutionResult(document, uri, verifyChecksum(file, baseUri))
 }
 
 /**
  * Resolve this [SpdxExternalDocumentReference] from [uri] if it requires a download from a server. Use [cache] to
  * parse the document after it has been downloaded. In case of a failure, create an [Issue] whose message includes
- * [baseUri] and that uses [issueSource].
+ * [baseUri].
  */
 private fun SpdxExternalDocumentReference.resolveFromDownload(
     uri: URI,
     cache: SpdxDocumentCache,
-    baseUri: URI,
-    issueSource: String
+    baseUri: URI
 ): ResolutionResult {
     logger.info {
         "Downloading SPDX document from $uri (referred from $baseUri as part of '$externalDocumentId')."
@@ -363,7 +349,7 @@ private fun SpdxExternalDocumentReference.resolveFromDownload(
                 document = null,
                 uri = uri,
                 issue = createAndLogIssue(
-                    source = issueSource,
+                    source = SpdxDocumentFileFactory.descriptor.displayName,
                     message = "Failed to download SPDX document from $uri (referred from $baseUri as part of " +
                         "'$externalDocumentId'): ${it.collectMessages()}"
                 )
@@ -375,29 +361,29 @@ private fun SpdxExternalDocumentReference.resolveFromDownload(
                 document = null,
                 uri = uri,
                 issue = createAndLogIssue(
-                    source = issueSource,
+                    source = SpdxDocumentFileFactory.descriptor.displayName,
                     message = "Failed to parse SPDX document from $uri (referred from $baseUri as part of " +
                         "'$externalDocumentId'): ${it.message}"
                 )
             )
         }
 
-        ResolutionResult(document, uri, verifyChecksum(file, baseUri, issueSource))
+        ResolutionResult(document, uri, verifyChecksum(file, baseUri))
     } finally {
         tempDir.safeDeleteRecursively()
     }
 }
 
 /**
  * Verify that the resolved or downloaded [file] this [SpdxExternalDocumentReference] refers to matches the expected
- * checksum. If not, return an [Issue] based on the document [uri] and [issueSource].
+ * checksum. If not, return an [Issue] based on the document [uri].
  */
-private fun SpdxExternalDocumentReference.verifyChecksum(file: File, uri: URI, issueSource: String): Issue? {
+private fun SpdxExternalDocumentReference.verifyChecksum(file: File, uri: URI): Issue? {
     val hash = Hash(checksum.checksumValue, checksum.algorithm.name)
     if (hash.verify(file)) return null
 
     return SpdxResolvedDocument.createAndLogIssue(
-        source = issueSource,
+        source = SpdxDocumentFileFactory.descriptor.displayName,
         severity = Severity.WARNING,
         message = "The SPDX document at '$spdxDocument' does not match the expected $hash (referred from $uri as " +
             "part of '$externalDocumentId')."
@@ -406,14 +392,13 @@ private fun SpdxExternalDocumentReference.verifyChecksum(file: File, uri: URI, i
 
 /**
  * Load all documents referenced by external references in this [SpdxDocument] using [cache]. Resolve relative paths
- * based on [documentUri]. If issues occur, use [issueSource] as the source.
+ * based on [documentUri].
  */
 private fun SpdxDocument.resolveReferences(
     cache: SpdxDocumentCache,
-    documentUri: URI,
-    issueSource: String
+    documentUri: URI
 ): Map<SpdxExternalDocumentReference, ResolutionResult> =
-    externalDocumentRefs.associateWith { it.resolve(cache, documentUri, issueSource) }
+    externalDocumentRefs.associateWith { it.resolve(cache, documentUri) }
 
 /**
  * Return a map with all the SPDX packages contained in this document. Keys are the identifiers of the packages,