Skip to content

Commit

Permalink
fix(helper-cli): Fix two issues with listing licenses
Browse files Browse the repository at this point in the history
The list licenses command may crash in case `sourceCodeDir` is not
provided in the following scenarios:

1. When the source artifact has been scanned for the given `packageId`
   and `vcsProcessed` is empty, then `fetchScannedSources()` crashes
   within `Downloader.download()`, because the downloader throws when
   it attempts to download from VCS.
2. When the ORT file does not contain any scan result for the given
   package, then the downloader also throws.

Ensure that the downloader always attempts to download from the right
source code origin, to fix scenario 1. Furthermore, return early in
case there is no scan result for the given package to fix scenario 2.
Recently a similar crash has been fixed by [1] also by returning
earlier. So, move the early return from [1] to an even earlier position.

[1]: #7832

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
  • Loading branch information
fviernau committed Nov 28, 2023
1 parent 1dbed2e commit f1abea1
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 21 deletions.
16 changes: 9 additions & 7 deletions helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,10 @@ import com.github.ajalt.clikt.parameters.types.file
import java.io.File
import java.lang.IllegalArgumentException

import org.ossreviewtoolkit.helper.utils.fetchScannedSources
import org.ossreviewtoolkit.helper.utils.downloadSources
import org.ossreviewtoolkit.helper.utils.getLicenseFindingsById
import org.ossreviewtoolkit.helper.utils.getScannedProvenance
import org.ossreviewtoolkit.helper.utils.getSourceCodeOrigin
import org.ossreviewtoolkit.helper.utils.getViolatedRulesByLicense
import org.ossreviewtoolkit.helper.utils.readOrtResult
import org.ossreviewtoolkit.helper.utils.replaceConfig
Expand Down Expand Up @@ -146,9 +148,14 @@ internal class ListLicensesCommand : CliktCommand(
throw UsageError("Could not find the package for the given id '${packageId.toCoordinates()}'.")
}

val sourceCodeOrigin = ortResult.getScannedProvenance(packageId).getSourceCodeOrigin() ?: run {
println("No scan results available.")
return
}

val sourcesDir = sourceCodeDir ?: run {
println("Downloading sources for package '${packageId.toCoordinates()}'...")
ortResult.fetchScannedSources(packageId)
ortResult.downloadSources(packageId, sourceCodeOrigin)
}

val packageConfigurationProvider = DirPackageConfigurationProvider(packageConfigurationsDir)
Expand Down Expand Up @@ -190,11 +197,6 @@ internal class ListLicensesCommand : CliktCommand(
}
}

if (findingsByProvenance.isEmpty()) {
println("No scan results available.")
return
}

buildString {
appendLine(" scan results:")
findingsByProvenance.keys.forEachIndexed { i, provenance ->
Expand Down
31 changes: 17 additions & 14 deletions helper-cli/src/main/kotlin/utils/Extensions.kt
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,13 @@ import org.ossreviewtoolkit.model.Package
import org.ossreviewtoolkit.model.PackageCuration
import org.ossreviewtoolkit.model.Project
import org.ossreviewtoolkit.model.Provenance
import org.ossreviewtoolkit.model.RemoteArtifact
import org.ossreviewtoolkit.model.Repository
import org.ossreviewtoolkit.model.RepositoryProvenance
import org.ossreviewtoolkit.model.RuleViolation
import org.ossreviewtoolkit.model.ScanResult
import org.ossreviewtoolkit.model.Severity
import org.ossreviewtoolkit.model.SourceCodeOrigin
import org.ossreviewtoolkit.model.TextLocation
import org.ossreviewtoolkit.model.VcsInfo
import org.ossreviewtoolkit.model.config.CopyrightGarbage
import org.ossreviewtoolkit.model.config.Curations
import org.ossreviewtoolkit.model.config.DownloaderConfiguration
Expand Down Expand Up @@ -88,21 +88,14 @@ internal fun List<ScopeExclude>.minimize(projectScopes: List<String>): List<Scop
}

/**
* Fetches the sources from either the VCS or source artifact for the package denoted by
* the given [id] depending on whether a scan result is present with matching [Provenance].
* Download the sources corresponding to the given [Identifier][id] and [source code origin][sourceCodeOrigin].
*/
internal fun OrtResult.fetchScannedSources(id: Identifier): File {
internal fun OrtResult.downloadSources(id: Identifier, sourceCodeOrigin: SourceCodeOrigin): File {
val tempDir = createTempDirectory(Paths.get("."), ORTH_NAME).toFile()
val pkg = getPackageOrProject(id)!!.metadata
val config = DownloaderConfiguration(sourceCodeOrigins = listOf(sourceCodeOrigin))

val pkg = getPackageOrProject(id)!!.metadata.let {
if (getScannedProvenance(id) is ArtifactProvenance) {
it.copy(vcs = VcsInfo.EMPTY, vcsProcessed = VcsInfo.EMPTY)
} else {
it.copy(sourceArtifact = RemoteArtifact.EMPTY)
}
}

Downloader(DownloaderConfiguration()).download(pkg, tempDir)
Downloader(config).download(pkg, tempDir)

return tempDir
}
Expand Down Expand Up @@ -232,6 +225,16 @@ internal fun OrtResult.getViolatedRulesByLicense(
internal fun OrtResult.getScannedProvenance(id: Identifier): KnownProvenance? =
getScanResultsForId(id).firstNotNullOfOrNull { it.provenance as? KnownProvenance }

/**
* Return the [SourceCodeOrigin] for this provenance.
*/
internal fun KnownProvenance?.getSourceCodeOrigin(): SourceCodeOrigin? =
when (this) {
is ArtifactProvenance -> SourceCodeOrigin.ARTIFACT
is RepositoryProvenance -> SourceCodeOrigin.VCS
else -> null
}

/**
* Return all issues from scan results. Issues for excludes [Project]s or [Package]s are not returned if and only if
* the given [omitExcluded] is true.
Expand Down

0 comments on commit f1abea1

Please sign in to comment.