feat(scanoss): Add snippet choice parsing for scan results

isasmendiagus · isasmendiagus · commit fcffcabce7e1 · 2025-03-13T16:22:08.000+01:00
Implement snippet choice processing functionality.
It handles findings according to two different scenarios:
- Original findings that should be included
- Non-relevant findings that should be removed

The implementation converts ORT's SnippetChoices
into SCANOSS-specific rule types

Signed-off-by: Agustin Isasmendi &lt;agustin.isasmendi@scanoss.com&gt;
diff --git a/plugins/scanners/scanoss/src/main/kotlin/ScanOss.kt b/plugins/scanners/scanoss/src/main/kotlin/ScanOss.kt
@@ -21,6 +21,11 @@ package org.ossreviewtoolkit.plugins.scanners.scanoss
 
 import com.scanoss.Scanner
 import com.scanoss.filters.FilterConfig
+import com.scanoss.settings.Bom
+import com.scanoss.settings.RemoveRule
+import com.scanoss.settings.ReplaceRule
+import com.scanoss.settings.Rule
+import com.scanoss.settings.ScanossSettings
 import com.scanoss.utils.JsonUtils
 import com.scanoss.utils.PackageDetails
 
@@ -30,6 +35,9 @@ import java.time.Instant
 import org.apache.logging.log4j.kotlin.logger
 
 import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.config.SnippetChoices
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoice
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoiceReason
 import org.ossreviewtoolkit.plugins.api.OrtPlugin
 import org.ossreviewtoolkit.plugins.api.PluginDescriptor
 import org.ossreviewtoolkit.scanner.PathScannerWrapper
@@ -91,6 +99,7 @@ class ScanOss(
         val scanoss = Scanner.builder()
             .url(config.apiUrl.removeSuffix("/") + "/scan/direct")
             .apiKey(config.apiKey.value)
+            .settings(buildSettingsFromORTContext(context))
             .filterConfig(filterConfig)
             .build()
 
@@ -103,4 +112,86 @@ class ScanOss(
         val endTime = Instant.now()
         return generateSummary(startTime, endTime, results)
     }
+
+    data class ProcessedRules(
+        val includeRules: List<Rule>,
+        val ignoreRules: List<Rule>,
+        val replaceRules: List<ReplaceRule>,
+        val removeRules: List<RemoveRule>
+    )
+
+    private fun buildSettingsFromORTContext(context: ScanContext): ScanossSettings {
+        val rules = processSnippetChoices(context.snippetChoices)
+        val bom = Bom.builder()
+            .ignore(rules.ignoreRules)
+            .include(rules.includeRules)
+            .replace(rules.replaceRules)
+            .remove(rules.removeRules)
+            .build()
+        return ScanossSettings.builder().bom(bom).build()
+    }
+
+    fun processSnippetChoices(snippetChoices: List<SnippetChoices>): ProcessedRules {
+        val includeRules = mutableListOf<Rule>()
+        val ignoreRules = mutableListOf<Rule>()
+        val replaceRules = mutableListOf<ReplaceRule>()
+        val removeRules = mutableListOf<RemoveRule>()
+
+        snippetChoices.forEach { snippetChoice ->
+            snippetChoice.choices.forEach { choice ->
+                when (choice.choice.reason) {
+                    SnippetChoiceReason.ORIGINAL_FINDING -> {
+                        processOriginalFinding(
+                            choice = choice,
+                            includeRules = includeRules
+                        )
+                    }
+
+                    SnippetChoiceReason.NO_RELEVANT_FINDING -> {
+                        processNoRelevantFinding(
+                            choice = choice,
+                            removeRules = removeRules
+                        )
+                    }
+
+                    SnippetChoiceReason.OTHER -> {
+                        processOtherReason(choice)
+                    }
+                }
+            }
+        }
+
+        return ProcessedRules(includeRules, ignoreRules, replaceRules, removeRules)
+    }
+
+    private fun processOriginalFinding(choice: SnippetChoice, includeRules: MutableList<Rule>) {
+        includeRules.add(
+            Rule.builder()
+                .purl(choice.choice.purl)
+                .path(choice.given.sourceLocation.path)
+                .build()
+        )
+    }
+
+    private fun processNoRelevantFinding(choice: SnippetChoice, removeRules: MutableList<RemoveRule>) {
+        val builder = RemoveRule.builder()
+
+        builder.path(choice.given.sourceLocation.path)
+
+        // Set line range only if both start and end lines are positive numbers
+        // If either line is < 0, no line range is set and the rule will apply to the entire file
+        if (choice.given.sourceLocation.startLine > 0 && choice.given.sourceLocation.endLine > 0) {
+            builder.startLine(choice.given.sourceLocation.startLine)
+            builder.endLine(choice.given.sourceLocation.endLine)
+        }
+
+        val rule = builder.build()
+        removeRules.add(rule)
+    }
+
+    private fun processOtherReason(snippetChoice: SnippetChoice) {
+        logger.info {
+            "Encountered OTHER reason for snippet choice in file ${snippetChoice.given.sourceLocation.path}"
+        }
+    }
 }
diff --git a/plugins/scanners/scanoss/src/test/kotlin/ScanOssTest.kt b/plugins/scanners/scanoss/src/test/kotlin/ScanOssTest.kt
@@ -0,0 +1,186 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.scanoss
+
+import io.kotest.core.spec.style.WordSpec
+import io.kotest.matchers.collections.shouldBeEmpty
+import io.kotest.matchers.shouldBe
+
+import org.ossreviewtoolkit.model.TextLocation
+import org.ossreviewtoolkit.model.config.SnippetChoices
+import org.ossreviewtoolkit.model.config.snippet.Choice
+import org.ossreviewtoolkit.model.config.snippet.Given
+import org.ossreviewtoolkit.model.config.snippet.Provenance
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoice
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoiceReason
+
+/** Sample files in the results. **/
+private const val FILE_1 = "a.java"
+private const val FILE_2 = "b.java"
+
+/** A sample purl in the results. **/
+private const val PURL_1 = "pkg:github/fakeuser/fakepackage1@1.0.0"
+
+class ScanOssTest : WordSpec({
+    "processSnippetChoices" should {
+        "create empty rules when no snippet choices exist" {
+            val scanoss = createScanOss(createScanOssConfig())
+
+            val emptySnippetChoices: List<SnippetChoices> = listOf()
+
+            val rules = scanoss.processSnippetChoices(emptySnippetChoices)
+
+            rules.ignoreRules.shouldBeEmpty()
+            rules.removeRules.shouldBeEmpty()
+            rules.includeRules.shouldBeEmpty()
+            rules.replaceRules.shouldBeEmpty()
+        }
+
+        "create an include rule for snippet choices with ORIGINAL finding" {
+            val vcsInfo = createVcsInfo()
+            val scanoss = createScanOss(createScanOssConfig())
+
+            val location = TextLocation(FILE_1, 10, 20)
+            val snippetChoices = createSnippetChoices(
+                vcsInfo.url,
+                createSnippetChoice(
+                    location,
+                    PURL_1,
+                    "This is an original finding"
+                )
+            )
+
+            val rules = scanoss.processSnippetChoices(snippetChoices)
+
+            rules.includeRules.size shouldBe 1
+            rules.includeRules[0].purl shouldBe PURL_1
+            rules.includeRules[0].path shouldBe FILE_1
+
+            rules.removeRules.shouldBeEmpty()
+            rules.ignoreRules.shouldBeEmpty()
+            rules.replaceRules.shouldBeEmpty()
+        }
+
+        "create a remove rule for snippet choices with NOT_FINDING reason" {
+            val vcsInfo = createVcsInfo()
+
+            val scanoss = createScanOss(createScanOssConfig())
+
+            val location = TextLocation(FILE_2, 15, 30)
+            val snippetChoices = createSnippetChoices(
+                vcsInfo.url,
+                createSnippetChoice(
+                    location,
+                    null, // null PURL for NOT_FINDING
+                    "This is not a relevant finding"
+                )
+            )
+
+            val rules = scanoss.processSnippetChoices(snippetChoices)
+
+            rules.removeRules.size shouldBe 1
+            rules.removeRules[0].path shouldBe FILE_2
+            rules.removeRules[0].startLine shouldBe 15
+            rules.removeRules[0].endLine shouldBe 30
+
+            rules.includeRules.shouldBeEmpty()
+            rules.ignoreRules.shouldBeEmpty()
+            rules.replaceRules.shouldBeEmpty()
+        }
+
+        "handle multiple snippet choices with different reasons correctly" {
+            val vcsInfo = createVcsInfo()
+            val scanoss = createScanOss(createScanOssConfig())
+
+            val location1 = TextLocation(FILE_1, 10, 20)
+            val location2 = TextLocation(FILE_2, 15, 30)
+
+            val snippetChoices = createSnippetChoices(
+                vcsInfo.url,
+                createSnippetChoice(
+                    location1,
+                    PURL_1,
+                    "This is an original finding"
+                ),
+                createSnippetChoice(
+                    location2,
+                    null,
+                    "This is not a relevant finding"
+                )
+            )
+
+            val rules = scanoss.processSnippetChoices(snippetChoices)
+
+            rules.includeRules.size shouldBe 1
+            rules.includeRules[0].purl shouldBe PURL_1
+            rules.includeRules[0].path shouldBe FILE_1
+
+            rules.removeRules.size shouldBe 1
+            rules.removeRules[0].path shouldBe FILE_2
+            rules.removeRules[0].startLine shouldBe 15
+            rules.removeRules[0].endLine shouldBe 30
+
+            rules.ignoreRules.shouldBeEmpty()
+            rules.replaceRules.shouldBeEmpty()
+        }
+
+        "should create a remove rule without line ranges when snippet choice has UNKNOWN_LINE (-1) values" {
+            val vcsInfo = createVcsInfo()
+            val scanoss = createScanOss(createScanOssConfig())
+
+            // Create a TextLocation with -1 for start and end lines
+            val location = TextLocation(FILE_2, TextLocation.UNKNOWN_LINE, TextLocation.UNKNOWN_LINE)
+            val snippetChoices = createSnippetChoices(
+                vcsInfo.url,
+                createSnippetChoice(
+                    location,
+                    null, // null PURL for NOT_FINDING
+                    "This is a not relevant finding with no line ranges"
+                )
+            )
+
+            val rules = scanoss.processSnippetChoices(snippetChoices)
+
+            rules.removeRules.size shouldBe 1
+            rules.removeRules[0].path shouldBe FILE_2
+            rules.removeRules[0].startLine shouldBe null
+            rules.removeRules[0].endLine shouldBe null
+
+            rules.includeRules.shouldBeEmpty()
+            rules.ignoreRules.shouldBeEmpty()
+            rules.replaceRules.shouldBeEmpty()
+        }
+    }
+})
+
+private fun createSnippetChoices(provenanceUrl: String, vararg snippetChoices: SnippetChoice) =
+    listOf(SnippetChoices(Provenance(provenanceUrl), snippetChoices.toList()))
+
+private fun createSnippetChoice(location: TextLocation, purl: String? = null, comment: String) =
+    SnippetChoice(
+        Given(
+            location
+        ),
+        Choice(
+            purl,
+            if (purl == null) SnippetChoiceReason.NO_RELEVANT_FINDING else SnippetChoiceReason.ORIGINAL_FINDING,
+            comment
+        )
+    )
diff --git a/plugins/scanners/scanoss/src/test/kotlin/TestUtils.kt b/plugins/scanners/scanoss/src/test/kotlin/TestUtils.kt
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.scanoss
+
+import com.scanoss.rest.ScanApi
+
+import org.ossreviewtoolkit.model.VcsInfo
+import org.ossreviewtoolkit.model.VcsType
+import org.ossreviewtoolkit.plugins.api.Secret
+
+/** A test project name. */
+internal const val PROJECT = "scanoss-test-project"
+
+/** A (resolved) test revision. */
+private const val REVISION = "0123456789012345678901234567890123456789"
+
+/**
+ * Create a new [ScanOss] instance with the specified [config].
+ */
+internal fun createScanOss(config: ScanOssConfig): ScanOss = ScanOss(config = config)
+
+/**
+ * Create a standard [ScanOssConfig] whose properties can be partly specified.
+ */
+internal fun createScanOssConfig(
+    apiUrl: String = ScanApi.DEFAULT_BASE_URL,
+    apiKey: Secret = Secret(""),
+    regScannerName: String? = null,
+    minVersion: String? = null,
+    maxVersion: String? = null,
+    readFromStorage: Boolean = true,
+    writeToStorage: Boolean = true
+): ScanOssConfig {
+    return ScanOssConfig(
+        apiUrl = apiUrl,
+        apiKey = apiKey,
+        regScannerName = regScannerName,
+        minVersion = minVersion,
+        maxVersion = maxVersion,
+        readFromStorage = readFromStorage,
+        writeToStorage = writeToStorage
+    )
+}
+
+/**
+ * Create a [VcsInfo] object for a project with the given [name][projectName] and the optional parameters for [type],
+ * [path], and [revision].
+ */
+internal fun createVcsInfo(
+    projectName: String = PROJECT,
+    type: VcsType = VcsType.GIT,
+    path: String = "",
+    revision: String = REVISION
+): VcsInfo = VcsInfo(type = type, path = path, revision = revision, url = "https://github.com/test/$projectName.git")
