oss-review-toolkit · sschuberth · May 7, 2025 · May 6, 2025 · May 6, 2025 · Mar 12, 2025
@@ -20,13 +20,24 @@
 package org.ossreviewtoolkit.plugins.scanners.scanoss
 
 import com.scanoss.Scanner
+import com.scanoss.filters.FilterConfig
+import com.scanoss.settings.Bom
+import com.scanoss.settings.RemoveRule
+import com.scanoss.settings.ReplaceRule
+import com.scanoss.settings.Rule
+import com.scanoss.settings.ScanossSettings
 import com.scanoss.utils.JsonUtils
 import com.scanoss.utils.PackageDetails
 
 import java.io.File
 import java.time.Instant
 
+import org.apache.logging.log4j.kotlin.logger
+
 import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.config.SnippetChoices
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoice
+import org.ossreviewtoolkit.model.config.snippet.SnippetChoiceReason
 import org.ossreviewtoolkit.plugins.api.OrtPlugin
 import org.ossreviewtoolkit.plugins.api.PluginDescriptor
 import org.ossreviewtoolkit.scanner.PathScannerWrapper
@@ -65,8 +76,28 @@ class ScanOss(
     override fun scanPath(path: File, context: ScanContext): ScanSummary {
         val startTime = Instant.now()
 
+        val filterConfig = FilterConfig.builder()
+            .customFilter { currentPath ->
+                // The "currentPath" variable contains a path object representing the file or directory being evaluated
+                // by the filter.
+                // This is provided by the Scanner and represents individual files/directories during traversal.
+                try {
+                    val relativePath = currentPath.toFile().toRelativeString(path)
+                    val isExcluded = context.excludes?.isPathExcluded(relativePath) ?: false
+                    logger.debug { "Path: $currentPath, relative: $relativePath, isExcluded: $isExcluded" }
+                    isExcluded
+                } catch (e: IllegalArgumentException) {
+                    logger.warn { "Error processing path $currentPath: ${e.message}" }
+                    false
+                }
+            }
+            .build()
+
         // Build the scanner at function level in case any path-specific settings or filters are needed later.
-        val scanoss = scanossBuilder.build()
+        val scanoss = scanossBuilder
+            .settings(buildSettingsFromORTContext(context))
+            .filterConfig(filterConfig)
+            .build()
 
         val rawResults = when {
             path.isFile -> listOf(scanoss.scanFile(path.toString()))
@@ -77,4 +108,70 @@ class ScanOss(
         val endTime = Instant.now()
         return generateSummary(startTime, endTime, results)
     }
+
+    data class ProcessedRules(
+        val includeRules: List<Rule>,
+        val ignoreRules: List<Rule>,
+        val replaceRules: List<ReplaceRule>,
+        val removeRules: List<RemoveRule>
+    )
+
+    private fun buildSettingsFromORTContext(context: ScanContext): ScanossSettings {
+        val rules = processSnippetChoices(context.snippetChoices)
+        val bom = Bom.builder()
+            .ignore(rules.ignoreRules)
+            .include(rules.includeRules)
+            .replace(rules.replaceRules)
+            .remove(rules.removeRules)
+            .build()
+        return ScanossSettings.builder().bom(bom).build()
+    }
+
+    fun processSnippetChoices(snippetChoices: List<SnippetChoices>): ProcessedRules {
+        val includeRules = mutableListOf<Rule>()
+        val ignoreRules = mutableListOf<Rule>()
+        val replaceRules = mutableListOf<ReplaceRule>()
+        val removeRules = mutableListOf<RemoveRule>()
+
+        snippetChoices.forEach { snippetChoice ->
+            snippetChoice.choices.forEach { choice ->
+                when (choice.choice.reason) {
+                    SnippetChoiceReason.ORIGINAL_FINDING -> {
+                        includeRules.includeFinding(choice)
+                    }
+
+                    SnippetChoiceReason.NO_RELEVANT_FINDING -> {
+                        removeRules.removeFinding(choice)
+                    }
+
+                    SnippetChoiceReason.OTHER -> {
+                        logger.info {
+                            "Encountered OTHER reason for snippet choice in file ${choice.given.sourceLocation.path}"
+                        }
+                    }
+                }
+            }
+        }
+
+        return ProcessedRules(includeRules, ignoreRules, replaceRules, removeRules)
+    }
+
+    private fun MutableList<Rule>.includeFinding(choice: SnippetChoice) {
+        this += Rule.builder()
+            .purl(choice.choice.purl)
+            .path(choice.given.sourceLocation.path)
+            .build()
+    }
+
+    private fun MutableList<RemoveRule>.removeFinding(choice: SnippetChoice) {
+        this += RemoveRule.builder().apply {
+            path(choice.given.sourceLocation.path)
+
+            // Set line range only if both line positions (startLine and endLine) are known.
+            if (choice.given.sourceLocation.hasLineRange) {
+                startLine(choice.given.sourceLocation.startLine)
+                endLine(choice.given.sourceLocation.endLine)
+            }
+        }.build()
+    }
 }
@@ -0,0 +1,31 @@
+/*
+ * This file contains random data generated using the following command:
+ * head -c 1k < /dev/urandom | base64
+ *
+ * The command takes 1 kilobyte of random bytes from the /dev/urandom device
+ * and then encodes it as base64 text.
+ *
+ * Generated on: Fri Mar 14 05:04:43 PM CET 2025
+ * Purpose: To create test data with completely random content that cannot
+ *          match any existing code in repositories, thereby avoiding false
+ *          positives when scanning ORT source code.
+ */
+
+7m8Y06QhHzmQ4ePs0UUUasqsc8SP1ayNTFdQb6wffQwMu605hXOGHbOoy5pUv7ksgf6sw5ET2qXp
+T23LF2yA1cdNeDt8DBDd3IDmLX/wGgXcQjcaCtfSsMWB7oqHBMGkzwC5fMcDKPLK6ec2MwX6WPkw
+E18ImifWtAmGPEFGxWuqIinhE1yGSN+ImqJPVmpYfMOaDIAaS3JpiHZDmJW5uyQ5DB6W7lpm0q+f
+ZbtGPBeimy1jWF0H6kEW/TIve8RzUjdHU/t//O9r0b2AP08shSrSDWGlbQzxTniLOp2VZxNUEcVM
+c9/Lx4OXEaM/3NDCdr4qQS/1kZpGKFrv06zzC8tlncGaxBfdZSCsh1i+LbZtvUmTSv/wz7g+mld5
+WB2lSzF1Ervzqnm2+3iY+9TvVxDWzZ27LWsd1kvFrJCM03jI1q0c7uJrnnovAOoZkH2QiMPNBQmB
+wShT36h3su/aiOXEquXi+DoTSYDNgXeHVGI2joLVWYLfeTcTTfdvZiwp0K+XQp6fKtWX8tpUibNq
+ngp2dOlzl5yiT+WAD2ETGuyEML/wM3oz+wB93me2YYLJqz/1gtlnnRvGnAukbFLpxxXGK7Vnz+FF
+KfcPWF+O/FNV3nJD+m2nlMVj1n4lRM/mUEdVDhDDtxhywvi6DdNQMcUoeXZRT3dLk27+efNLvMDk
+7TsW/asvMoPrioAkDiTHqWvy+OUImWqqzNpzxIMuTWZrApSklw2UeyXknvHBORUN95AM6Oe9iKb0
+7B2g8U9dIFo7v/AhaDqoQMw+Dz1KfH6+fPaqZEy2H1U7/9RSorKz0fycz7n7BtqWxjenqw11LLxy
+lO36udPuvtr2b/WB/4ch0LuoI2eA11iTeIG4DuTxvizU3lExBXP+e8EAjkWx6F2ymDrI21PYPp++
+uidSk3g/RmaRZGk8akcXbs3pDO/twfjaH3YWYZzBf8aP1TRYDp4NF5v2OhWDa5d2dqdQGDRGg/wy
+Gf0W8txn/fQ3QN7SS9qPftgD6OYIpxKjIWBq/zb5+SAzhBZVjFYw+KVi+zu/P7he7xLRko6APCum
+Ugk7wqohWVdbl2IG2RIuPUOH2zQdzVJvLisKhfq3q6ydGmjD/WRNOxbebpmSKcmZWVg0Ko7/e0ys
+ymV2Ud0tIZwfIH/7476SZAh0ym1U7mgyzm/jlxKm5gUIF1+NWQiqa80GmsAJfquf1Yj4i0ftF+eO
+6OPJqbkZERpu24u2HIfL6CvlUkx08mS+eqLzyRiRuidDcQGFOK+0xPUk01jOZnGiY1ptG4W+Fo5K
+OhcT2H14wQqiHsthzMhpSLXwMG2ddM7P69rHEAXB3iXyWopgdWopVekxHEuar0mv3D6uO/4HKQ==
@@ -0,0 +1,31 @@
+/*
+ * This file contains random data generated using the following command:
+ * head -c 1k < /dev/urandom | base64
+ *
+ * The command takes 1 kilobyte of random bytes from the /dev/urandom device
+ * and then encodes it as base64 text.
+ *
+ * Generated on: Fri Mar 14 05:05:29 PM CET 2025
+ * Purpose: To create test data with completely random content that cannot
+ *          match any existing code in repositories, thereby avoiding false
+ *          positives when scanning ORT source code.
+ */
+
+IyaayUoMK28Ib11Z55hC2OShY3p3HzWQyGy199hx20oqZrypl9AuDhKtBdl+qozcZBNajzvkU3H/
+jh3vV/P9I2VLQNVqMCpjelQoXyVq/nmbwxdQBXGbLgcC4J05ujQ2hoXuF4jdtEttDxca8P/EpUub
+nmSO3zmz86LqyyYgFj3imketFw0GvnCYU/8VDjmLxnigspEVI7ZDOacKOshObwH+Br/XgFHr5tyc
+ulGqACTjGY3EEdAjC2+tcTqoI+4mXVxx4CcBD4lRn90khfFOcAM8Iu2pGaERHnAtUrf9EX3rLsOW
+wV+wYllChP71rI/4ueEch9X8ph1dA0nQQN1tLUi58pQlkCHY6K0QNFiD6K+RxaBl3yBt1IZqjfZi
+UVjTb7xJDrYnLPIASlPd0AduDik8pKn+GTqIFWgkkRr5mY6c9jTqHxY7rASDNi7LGKUE9gPFd1LD
+xPJmsl+8L+lcVJjJNU7Tkps/ZZJuo/EqlwbUd/Wq45S++YBBfYlFaOXn/bVMhxXi1SH3xMHSAjH1
+aYj0YHEdBHnEF1ouahyS4607cundZcSR29kITrUnFSi/ZP3zKREa3MGm/qrJS7qFSxlHVsYHBIjy
+VRx+teV4nQWKJyA6x/T9Sx63lM7duwhVRdh9JxhxnrKAyUBH5HwhpFXHreMjudNdY9nMaWaKP9Ge
+oD4Rr4iA3kvaHjtqSfhB55PgQO7Od/KLNTRfMMPl7IjbouQNCai++hV+p7BRAjtGUwTOXp9FHbv7
+YFGBFl3a0e1+YEoQA+0Psf1x2lENCJwH87DuZxuKI3kbcY6XA5kebt43m/eztRa17z/vmwyiQ/up
++RpMU9Xp1bv39h84QbyvZYN40xzHc8togJmPtSKCyEPcmHdt9t0LF6TCsb4k+kIBRUXMfnYpEDqv
+E6dldgWHjVy/4llWqyj3SsToERP1VhaloWyq8QRNke6lKzxMXOhmupKX195V2cA+6EGY3sK/ykhl
+fYOofbKcHwevHKgOJyj7Tj6+9qUgda/EI01lcJicTO8Nqb0LW+FfwIiws7WlsZWuxQGUZ0SOMBU4
+MnR9NPbS6rUSx2rMfSPn18Jd82D5eoM32ogRQb7C2pgXQbQoAegl98vtOjkze4wsa6CmW0rmbQrJ
+bpgPoWiZ1t/BlAUvxjRuzQSNNhnyvaC5nib6NYZAcr9BCm3yJ0sR/uSOUG8cCoJptMYhH9XxHqKl
+ACwfHgq7/mHBTxhQCmw5hkDWvY7FqzDPME3igab1Mda4lxOyUjJ3PeVzZbWZY2s/oUaSbntsSqRM
+z+zutj83Nm76iOSS0MXxCfi5VKYThzGdfXkYB2tZP8yPhh+sw0CpqeV5KB810C76abZbVZ+EDw==
@@ -0,0 +1,31 @@
+/*
+ * This file contains random data generated using the following command:
+ * head -c 1k < /dev/urandom | base64
+ *
+ * The command takes 1 kilobyte of random bytes from the /dev/urandom device
+ * and then encodes it as base64 text.
+ *
+ * Generated on: Fri Mar 14 05:05:29 PM CET 2025
+ * Purpose: To create test data with completely random content that cannot
+ *          match any existing code in repositories, thereby avoiding false
+ *          positives when scanning ORT source code.
+ */
+
+IyaayUoMK28Ib11Z55hC2OShY3p3HzWQyGy199hx20oqZrypl9AuDhKtBdl+qozcZBNajzvkU3H/
+jh3vV/P9I2VLQNVqMCpjelQoXyVq/nmbwxdQBXGbLgcC4J05ujQ2hoXuF4jdtEttDxca8P/EpUub
+nmSO3zmz86LqyyYgFj3imketFw0GvnCYU/8VDjmLxnigspEVI7ZDOacKOshObwH+Br/XgFHr5tyc
+ulGqACTjGY3EEdAjC2+tcTqoI+4mXVxx4CcBD4lRn90khfFOcAM8Iu2pGaERHnAtUrf9EX3rLsOW
+wV+wYllChP71rI/4ueEch9X8ph1dA0nQQN1tLUi58pQlkCHY6K0QNFiD6K+RxaBl3yBt1IZqjfZi
+UVjTb7xJDrYnLPIASlPd0AduDik8pKn+GTqIFWgkkRr5mY6c9jTqHxY7rASDNi7LGKUE9gPFd1LD
+xPJmsl+8L+lcVJjJNU7Tkps/ZZJuo/EqlwbUd/Wq45S++YBBfYlFaOXn/bVMhxXi1SH3xMHSAjH1
+aYj0YHEdBHnEF1ouahyS4607cundZcSR29kITrUnFSi/ZP3zKREa3MGm/qrJS7qFSxlHVsYHBIjy
+VRx+teV4nQWKJyA6x/T9Sx63lM7duwhVRdh9JxhxnrKAyUBH5HwhpFXHreMjudNdY9nMaWaKP9Ge
+oD4Rr4iA3kvaHjtqSfhB55PgQO7Od/KLNTRfMMPl7IjbouQNCai++hV+p7BRAjtGUwTOXp9FHbv7
+YFGBFl3a0e1+YEoQA+0Psf1x2lENCJwH87DuZxuKI3kbcY6XA5kebt43m/eztRa17z/vmwyiQ/up
++RpMU9Xp1bv39h84QbyvZYN40xzHc8togJmPtSKCyEPcmHdt9t0LF6TCsb4k+kIBRUXMfnYpEDqv
+E6dldgWHjVy/4llWqyj3SsToERP1VhaloWyq8QRNke6lKzxMXOhmupKX195V2cA+6EGY3sK/ykhl
+fYOofbKcHwevHKgOJyj7Tj6+9qUgda/EI01lcJicTO8Nqb0LW+FfwIiws7WlsZWuxQGUZ0SOMBU4
+MnR9NPbS6rUSx2rMfSPn18Jd82D5eoM32ogRQb7C2pgXQbQoAegl98vtOjkze4wsa6CmW0rmbQrJ
+bpgPoWiZ1t/BlAUvxjRuzQSNNhnyvaC5nib6NYZAcr9BCm3yJ0sR/uSOUG8cCoJptMYhH9XxHqKl
+ACwfHgq7/mHBTxhQCmw5hkDWvY7FqzDPME3igab1Mda4lxOyUjJ3PeVzZbWZY2s/oUaSbntsSqRM
+z+zutj83Nm76iOSS0MXxCfi5VKYThzGdfXkYB2tZP8yPhh+sw0CpqeV5KB810C76abZbVZ+EDw==