feat(scanner): Teach package scanners about all packages covered by a…

… scan Some package scanner implementations may not only need to know about the reference package, but about all packages hosted in a (mono-) repository and thus being implicitly scanned. A use-case are scanners that associate scanned code with package identifiers in order to browse the source code for a package for license clearance tasks in a later step. Give such scanners access to that information without breaking the API by adding a new `coveredPackages` property to the `ScanContext`. Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Nov 23, 2023 · eb6e82f · eb6e82f
1 parent 1fe0eb5
commit eb6e82f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/scanner/src/main/kotlin/ScanContext.kt b/scanner/src/main/kotlin/ScanContext.kt
@@ -21,6 +21,7 @@ package org.ossreviewtoolkit.scanner
 
 import org.ossreviewtoolkit.model.LicenseFinding
 import org.ossreviewtoolkit.model.OrtResult
+import org.ossreviewtoolkit.model.Package
 import org.ossreviewtoolkit.model.PackageType
 import org.ossreviewtoolkit.model.config.Excludes
 import org.ossreviewtoolkit.model.config.ScannerConfiguration
@@ -53,5 +54,11 @@ data class ScanContext(
      * be used by scanners where scan results are stored, because then changes in the mapping would not be applied to
      * stored results.
      */
-    val detectedLicenseMapping: Map<String, String> = emptyMap()
+    val detectedLicenseMapping: Map<String, String> = emptyMap(),
+
+    /**
+     * The packages known to be covered in the context of this scan. For package scanners, this is the list of packages
+     * that have the same provenance as the reference package.
+     */
+    val coveredPackages: List<Package> = emptyList()
 )
diff --git a/scanner/src/main/kotlin/Scanner.kt b/scanner/src/main/kotlin/Scanner.kt
@@ -356,9 +356,14 @@ class Scanner(
                     "Starting scan of '${referencePackage.id.toCoordinates()}' with package scanner '${scanner.name}."
                 }
 
-                // Filter the scan context to hide the excludes from scanner with scan matcher.
-                val filteredContext = if (scanner.matcher == null) context else context.copy(excludes = null)
-                val scanResult = scanner.scanPackage(referencePackage, filteredContext)
+                val adjustedContext = context.copy(
+                    // Hide excludes from scanners with a scanner matcher.
+                    excludes = context.excludes.takeUnless { scanner.matcher != null },
+                    // Tell scanners also about the non-reference packages.
+                    coveredPackages = packagesWithIncompleteScanResult
+                )
+
+                val scanResult = scanner.scanPackage(referencePackage, adjustedContext)
 
                 logger.info {
                     "Finished scan of '${referencePackage.id.toCoordinates()}' with package scanner '${scanner.name}'."