From 4a191b1fcfeff32e644636f41a334079870f9415 Mon Sep 17 00:00:00 2001
From: Marcel Bochtler <marcel.bochtler@bosch.com>
Date: Fri, 5 Jul 2024 13:35:43 +0200
Subject: [PATCH] fix(SpdxDocumentFile): Add created issues to the
 PackageReference

Report issues, that are identified by its reference ID to the
`PackageReference`.

Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.com>
---
 .../managers/utils/PackageManagerDependencyHandler.kt       | 6 ++++--
 .../spdx/src/main/kotlin/SpdxDocumentFile.kt                | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/analyzer/src/main/kotlin/managers/utils/PackageManagerDependencyHandler.kt b/analyzer/src/main/kotlin/managers/utils/PackageManagerDependencyHandler.kt
index 03fa4936cca4e..99cbfe94f351c 100644
--- a/analyzer/src/main/kotlin/managers/utils/PackageManagerDependencyHandler.kt
+++ b/analyzer/src/main/kotlin/managers/utils/PackageManagerDependencyHandler.kt
@@ -49,7 +49,8 @@ class PackageManagerDependencyHandler(
             packageManager: String,
             definitionFile: String,
             scope: String,
-            linkage: PackageLinkage
+            linkage: PackageLinkage,
+            issues: List<Issue> = emptyList()
         ): PackageReference =
             PackageReference(
                 id = Identifier(
@@ -57,7 +58,8 @@ class PackageManagerDependencyHandler(
                     namespace = packageManager,
                     name = definitionFile.encodeColon(),
                     version = "$linkage@$scope"
-                )
+                ),
+                issues = issues
             )
 
         private fun getPackageManagerDependency(node: DependencyNode): PackageManagerDependency? =
diff --git a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
index b81ac200e7742..965a14da16442 100644
--- a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
+++ b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
@@ -357,7 +357,8 @@ class SpdxDocumentFile(
         }
 
     internal fun getPackageManagerDependency(pkgId: String, doc: SpdxResolvedDocument): PackageReference? {
-        val spdxPackage = doc.getSpdxPackageForId(pkgId, mutableListOf()) ?: return null
+        val issues = mutableListOf<Issue>()
+        val spdxPackage = doc.getSpdxPackageForId(pkgId, issues) ?: return null
         val definitionFile = doc.getDefinitionFile(pkgId) ?: return null
 
         if (spdxPackage.packageFilename.isBlank()) return null
@@ -376,7 +377,8 @@ class SpdxDocumentFile(
                         packageManager = factory.type,
                         definitionFile = VersionControlSystem.getPathInfo(packageFile).path,
                         scope = scope,
-                        linkage = PackageLinkage.PROJECT_STATIC // TODO: Set linkage based on SPDX reference type.
+                        linkage = PackageLinkage.PROJECT_STATIC, // TODO: Set linkage based on SPDX reference type.
+                        issues = issues
                     )
                 }
             }