Skip to content

Commit

Permalink
fix(helper-cli): Fix two issues with listing licenses
Browse files Browse the repository at this point in the history
The list licenses command may crash in case `sourceCodeDir` is not
provided in the following scenarios:

1. When the source artifact has been scanned for the given `packageId`
   and `vcsProcessed` is empty, then `fetchScannedSources()` crashes
   withing `Downloader.download()`, because the downloader throws when
   it attempts to download from VCS.
2. When the ORT file does not contain any scan result for the given
   package, then the downloader also throws.

Ensure that the downloader always attempts to download from the right
source code origin, to fix scenario #1. Furthermore, return early in
case there is no scan result for the given package to fix scenario #2.
Recently a similar crash has been fixed by [1] also by returning
earlier. So, move the early return from [1] to an even earlier position.

[1]: #7832

Signed-off-by: Frank Viernau <[email protected]>
  • Loading branch information
fviernau committed Nov 27, 2023
1 parent 2474f96 commit 0c94876
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 22 deletions.
16 changes: 9 additions & 7 deletions helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,10 @@ import com.github.ajalt.clikt.parameters.types.file
import java.io.File
import java.lang.IllegalArgumentException

import org.ossreviewtoolkit.helper.utils.fetchScannedSources
import org.ossreviewtoolkit.helper.utils.downloadSources
import org.ossreviewtoolkit.helper.utils.getLicenseFindingsById
import org.ossreviewtoolkit.helper.utils.getScannedProvenance
import org.ossreviewtoolkit.helper.utils.getSourceCodeOrigin
import org.ossreviewtoolkit.helper.utils.getViolatedRulesByLicense
import org.ossreviewtoolkit.helper.utils.readOrtResult
import org.ossreviewtoolkit.helper.utils.replaceConfig
Expand Down Expand Up @@ -146,9 +148,14 @@ internal class ListLicensesCommand : CliktCommand(
throw UsageError("Could not find the package for the given id '${packageId.toCoordinates()}'.")
}

val sourceCodeOrigin = ortResult.getScannedProvenance(packageId).getSourceCodeOrigin() ?: run {
println("No scan results available.")
return

Check warning on line 153 in helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt

View check run for this annotation

Codecov / codecov/patch

helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt#L152-L153

Added lines #L152 - L153 were not covered by tests
}

val sourcesDir = sourceCodeDir ?: run {
println("Downloading sources for package '${packageId.toCoordinates()}'...")
ortResult.fetchScannedSources(packageId)
ortResult.downloadSources(packageId, sourceCodeOrigin)

Check warning on line 158 in helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt

View check run for this annotation

Codecov / codecov/patch

helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt#L158

Added line #L158 was not covered by tests
}

val packageConfigurationProvider = DirPackageConfigurationProvider(packageConfigurationsDir)
Expand Down Expand Up @@ -190,11 +197,6 @@ internal class ListLicensesCommand : CliktCommand(
}
}

if (findingsByProvenance.isEmpty()) {
println("No scan results available.")
return
}

buildString {
appendLine(" scan results:")
findingsByProvenance.keys.forEachIndexed { i, provenance ->
Expand Down
32 changes: 17 additions & 15 deletions helper-cli/src/main/kotlin/utils/Extensions.kt
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import org.jetbrains.exposed.sql.transactions.TransactionManager

import org.ossreviewtoolkit.analyzer.PackageManagerFactory
import org.ossreviewtoolkit.downloader.Downloader
import org.ossreviewtoolkit.model.ArtifactProvenance
import org.ossreviewtoolkit.model.Identifier
import org.ossreviewtoolkit.model.Issue
import org.ossreviewtoolkit.model.KnownProvenance
Expand All @@ -43,13 +42,13 @@ import org.ossreviewtoolkit.model.Package
import org.ossreviewtoolkit.model.PackageCuration
import org.ossreviewtoolkit.model.Project
import org.ossreviewtoolkit.model.Provenance
import org.ossreviewtoolkit.model.RemoteArtifact
import org.ossreviewtoolkit.model.Repository
import org.ossreviewtoolkit.model.RepositoryProvenance
import org.ossreviewtoolkit.model.RuleViolation
import org.ossreviewtoolkit.model.ScanResult
import org.ossreviewtoolkit.model.Severity
import org.ossreviewtoolkit.model.SourceCodeOrigin
import org.ossreviewtoolkit.model.TextLocation
import org.ossreviewtoolkit.model.VcsInfo
import org.ossreviewtoolkit.model.config.CopyrightGarbage
import org.ossreviewtoolkit.model.config.Curations
import org.ossreviewtoolkit.model.config.DownloaderConfiguration
Expand Down Expand Up @@ -88,21 +87,14 @@ internal fun List<ScopeExclude>.minimize(projectScopes: List<String>): List<Scop
}

/**
* Fetches the sources from either the VCS or source artifact for the package denoted by
* the given [id] depending on whether a scan result is present with matching [Provenance].
* Download the sources corresponding to the given [Identifier][id] and [source code origin][sourceCodeOrigin].
*/
internal fun OrtResult.fetchScannedSources(id: Identifier): File {
internal fun OrtResult.downloadSources(id: Identifier, sourceCodeOrigin: SourceCodeOrigin): File {
val tempDir = createTempDirectory(Paths.get("."), ORTH_NAME).toFile()
val pkg = getPackageOrProject(id)!!.metadata
val config = DownloaderConfiguration(sourceCodeOrigins = listOf(sourceCodeOrigin))

val pkg = getPackageOrProject(id)!!.metadata.let {
if (getScannedProvenance(id) is ArtifactProvenance) {
it.copy(vcs = VcsInfo.EMPTY, vcsProcessed = VcsInfo.EMPTY)
} else {
it.copy(sourceArtifact = RemoteArtifact.EMPTY)
}
}

Downloader(DownloaderConfiguration()).download(pkg, tempDir)
Downloader(config).download(pkg, tempDir)

return tempDir
}
Expand Down Expand Up @@ -232,6 +224,16 @@ internal fun OrtResult.getViolatedRulesByLicense(
internal fun OrtResult.getScannedProvenance(id: Identifier): KnownProvenance? =
getScanResultsForId(id).firstNotNullOfOrNull { it.provenance as? KnownProvenance }

/**
* Return the [SourceCodeOrigin] for this provenance.
*/
internal fun KnownProvenance?.getSourceCodeOrigin(): SourceCodeOrigin? =
when {
this == null -> null
this is RepositoryProvenance -> SourceCodeOrigin.VCS
else -> SourceCodeOrigin.ARTIFACT
}

/**
* Return all issues from scan results. Issues for excludes [Project]s or [Package]s are not returned if and only if
* the given [omitExcluded] is true.
Expand Down

0 comments on commit 0c94876

Please sign in to comment.