From 6ec315dab5709f1caed2a157b0438bbd87fe1948 Mon Sep 17 00:00:00 2001
From: Marcel Bochtler <marcel.bochtler@bosch.com>
Date: Mon, 8 Jul 2024 13:57:18 +0200
Subject: [PATCH] fix(SpdxDocumentFile): Ensure to collect issues from external
 doc refs

Before, issues from external document refs, which could not be mapped to
a `packageId`, failed to be added as issue in the ORT result.
Add these missing transitive issues, by explicitly check for any issues
that are not related to known packages.

Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.com>
---
 .../spdx/src/main/kotlin/SpdxDocumentFile.kt             | 2 +-
 .../spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt   | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
index 965a14da16442..6c790d8b29c7e 100644
--- a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
+++ b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt
@@ -525,7 +525,7 @@ class SpdxDocumentFile(
             scopeDependencies = scopes
         )
 
-        return listOf(ProjectAnalyzerResult(project, packages))
+        return listOf(ProjectAnalyzerResult(project, packages, transitiveDocument.getIssuesWithoutSpdxPackage()))
     }
 
     /**
diff --git a/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt b/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt
index 43062c4cd6e92..8823212d11a4c 100644
--- a/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt
+++ b/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt
@@ -133,6 +133,15 @@ internal data class SpdxResolvedDocument(
         return pkg
     }
 
+    /**
+     * Retrieve the issues from [issuesByReferenceId] that are not associated with [any package][packagesById]. These
+     * issues can be related to general issues within the SPDX document.
+     */
+    fun getIssuesWithoutSpdxPackage() =
+        issuesByReferenceId.mapNotNull { (id, issue) ->
+            if (packagesById[id] == null) issue else null
+        }
+
     /**
      * Return the local definition file in which the package with the given [identifier] is declared. If the package
      * cannot be resolved or if it has not been declared in a local file, return *null*.