From 03d09e42fa60340c96dc189b38c71f121dc61136 Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Mon, 25 Sep 2023 14:38:57 +0200 Subject: [PATCH 1/3] chore(SpdxDocumentModelMapper): Remove some magic values Use named arguments to make it more obvious was the `1` is about. Also, use named arguments for `id` for consistency. Signed-off-by: Frank Viernau --- .../spdx/src/main/kotlin/SpdxDocumentModelMapper.kt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt b/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt index b01d0de2a9e86..7213ecfad326a 100644 --- a/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt +++ b/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt @@ -70,7 +70,10 @@ internal object SpdxDocumentModelMapper : Logging { ortResult ) - ortResult.getDependencies(project.id, 1).mapTo(relationships) { dependency -> + ortResult.getDependencies( + id = project.id, + maxLevel = 1 + ).mapTo(relationships) { dependency -> SpdxRelationship( spdxElementId = spdxProjectPackage.spdxId, relationshipType = SpdxRelationship.Type.DEPENDS_ON, @@ -91,7 +94,10 @@ internal object SpdxDocumentModelMapper : Logging { ortResult ) - ortResult.getDependencies(pkg.id, 1).mapTo(relationships) { dependency -> + ortResult.getDependencies( + id = pkg.id, + maxLevel = 1 + ).mapTo(relationships) { dependency -> SpdxRelationship( spdxElementId = binaryPackage.spdxId, relationshipType = SpdxRelationship.Type.DEPENDS_ON, From c47ca1613c63143e2f686ae2559d312ef6d7fe4c Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Mon, 25 Sep 2023 14:34:31 +0200 Subject: [PATCH 2/3] feat(OrtResult): Allow `getDependencies()` to omit excluded IDs This is needed in a following change. Signed-off-by: Frank Viernau --- model/src/main/kotlin/OrtResult.kt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/model/src/main/kotlin/OrtResult.kt b/model/src/main/kotlin/OrtResult.kt index bdb482e5778f7..0e20010746b8d 100644 --- a/model/src/main/kotlin/OrtResult.kt +++ b/model/src/main/kotlin/OrtResult.kt @@ -188,17 +188,19 @@ data class OrtResult( /** * Return the dependencies of the given [id] (which can refer to a [Project] or a [Package]), up to and including a * depth of [maxLevel] where counting starts at 0 (for the [Project] or [Package] itself) and 1 are direct - * dependencies etc. A value below 0 means to not limit the depth. + * dependencies etc. A value below 0 means to not limit the depth. If [omitExcluded] is set to true, identifiers of + * excluded projects / packages are omitted from the result. */ - fun getDependencies(id: Identifier, maxLevel: Int = -1): Set { + fun getDependencies(id: Identifier, maxLevel: Int = -1, omitExcluded: Boolean = false): Set { val dependencies = mutableSetOf() + val matcher = DependencyNavigator.MATCH_ALL.takeUnless { omitExcluded } ?: { !isExcluded(it.id) } getProjects().forEach { project -> if (project.id == id) { - dependencies += dependencyNavigator.projectDependencies(project, maxLevel) + dependencies += dependencyNavigator.projectDependencies(project, maxLevel, matcher) } - dependencies += dependencyNavigator.packageDependencies(project, id, maxLevel) + dependencies += dependencyNavigator.packageDependencies(project, id, maxLevel, matcher) } return dependencies From 6eff9b11b41b3818274530919bd7f8a768bf7bb8 Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Tue, 12 Sep 2023 11:33:11 +0200 Subject: [PATCH 3/3] fix(reporter): Fix the creation of first level dependency relationships As of [1] the SPDX document was changed to have separate entries for all projects and sub-projects instead of a single artificial root project containing all dependencies. While excluded packages are not included in the package, the implementation [1] accidentally creates (dangling) relationships to such excluded packages, see [2]. Fix the issue visible in [2] by the code change further up and an analog issue not visible in the expected result diff with the code change some lines further down. Fixes #7487. [1] https://github.com/oss-review-toolkit/ort/commit/b47154482299b9b49c0e0c692e3f2dacdd53c395 [2] https://github.com/oss-review-toolkit/ort/commit/b47154482299b9b49c0e0c692e3f2dacdd53c395#diff-6de35dd2aff1f92b7f5ea558d3f77e02d0d596dd4ce2a8199056cfb31b47fcabR181-R184 Signed-off-by: Frank Viernau --- .../assets/spdx-document-reporter-expected-output.spdx.json | 4 ---- .../assets/spdx-document-reporter-expected-output.spdx.yml | 3 --- .../spdx/src/main/kotlin/SpdxDocumentModelMapper.kt | 6 ++++-- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.json b/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.json index ba9f4876ed8ec..9ddc9622e09ef 100644 --- a/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.json +++ b/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.json @@ -240,10 +240,6 @@ "spdxElementId" : "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1", "relationshipType" : "GENERATED_FROM", "relatedSpdxElement" : "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1-source-artifact" - }, { - "spdxElementId" : "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1", - "relationshipType" : "DEPENDS_ON", - "relatedSpdxElement" : "SPDXRef-Package-Maven-fifth-package-group-fifth-package-0.0.1" }, { "spdxElementId" : "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1", "relationshipType" : "DEPENDS_ON", diff --git a/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.yml b/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.yml index e2ad5bdfedfc6..9eefa75bb61a2 100644 --- a/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.yml +++ b/plugins/reporters/spdx/src/funTest/assets/spdx-document-reporter-expected-output.spdx.yml @@ -241,9 +241,6 @@ relationships: - spdxElementId: "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1" relationshipType: "GENERATED_FROM" relatedSpdxElement: "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1-source-artifact" -- spdxElementId: "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1" - relationshipType: "DEPENDS_ON" - relatedSpdxElement: "SPDXRef-Package-Maven-fifth-package-group-fifth-package-0.0.1" - spdxElementId: "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1" relationshipType: "DEPENDS_ON" relatedSpdxElement: "SPDXRef-Package-Maven-first-package-group-first-package-0.0.1" diff --git a/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt b/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt index 7213ecfad326a..219389650419f 100644 --- a/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt +++ b/plugins/reporters/spdx/src/main/kotlin/SpdxDocumentModelMapper.kt @@ -72,7 +72,8 @@ internal object SpdxDocumentModelMapper : Logging { ortResult.getDependencies( id = project.id, - maxLevel = 1 + maxLevel = 1, + omitExcluded = true ).mapTo(relationships) { dependency -> SpdxRelationship( spdxElementId = spdxProjectPackage.spdxId, @@ -96,7 +97,8 @@ internal object SpdxDocumentModelMapper : Logging { ortResult.getDependencies( id = pkg.id, - maxLevel = 1 + maxLevel = 1, + omitExcluded = true ).mapTo(relationships) { dependency -> SpdxRelationship( spdxElementId = binaryPackage.spdxId,