fix(reporter): Limit the reporting to results without VCS path

nnobelis · nnobelis · commit 8fb435c1518b · 2023-06-14T13:06:18.000+02:00
Currently, when there are two packages with the same provenance, the scan
results are duplicated, which leads to duplication in the report too.
FossID doesn't support the VCS path. Therefore, results with a VCS
provenance containing a non-empty VCS path are most likely duplicates that
can be safely removed.

This is a temporary fix until scan results are stored by provenance.

Signed-off-by: Nicolas Nobelis &lt;nicolas.nobelis@bosch.io&gt;
diff --git a/plugins/reporters/fossid-snippets/src/main/resources/templates/asciidoc/fossid_snippets.ftl b/plugins/reporters/fossid-snippets/src/main/resources/templates/asciidoc/fossid_snippets.ftl
@@ -27,10 +27,10 @@
 
 = FossID Snippets
 List of all the packages with their files and snippets.
-[#list ortResult.scanResults as package, scanResults]
+[#assign filteredResults = helper.filterResultsByVCS(ortResult.scanResults)]
+[#list filteredResults as package, scanResults]
 
 == Package '${package.toCoordinates()}'
-
 [#list scanResults as scanResult]
 [#assign summary = scanResult.summary]
 
diff --git a/plugins/reporters/freemarker/src/main/kotlin/FreemarkerTemplateProcessor.kt b/plugins/reporters/freemarker/src/main/kotlin/FreemarkerTemplateProcessor.kt
@@ -33,13 +33,17 @@ import org.ossreviewtoolkit.model.AdvisorCapability
 import org.ossreviewtoolkit.model.AdvisorRecord
 import org.ossreviewtoolkit.model.AdvisorResult
 import org.ossreviewtoolkit.model.AdvisorResultFilter
+import org.ossreviewtoolkit.model.ArtifactProvenance
 import org.ossreviewtoolkit.model.Identifier
 import org.ossreviewtoolkit.model.Issue
 import org.ossreviewtoolkit.model.OrtResult
 import org.ossreviewtoolkit.model.Package
+import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.RuleViolation
+import org.ossreviewtoolkit.model.ScanResult
 import org.ossreviewtoolkit.model.Severity
 import org.ossreviewtoolkit.model.SnippetFinding
+import org.ossreviewtoolkit.model.UnknownProvenance
 import org.ossreviewtoolkit.model.Vulnerability
 import org.ossreviewtoolkit.model.VulnerabilityReference
 import org.ossreviewtoolkit.model.config.RuleViolationResolution
@@ -325,6 +329,22 @@ class FreemarkerTemplateProcessor(
         fun collectLicenses(snippetFindings: Collection<SnippetFinding>): Set<String> =
             snippetFindings.mapTo(mutableSetOf()) { it.snippet.licenses.toString() }
 
+        /**
+         * Filter the scan results to remove the ones having a VCS provenance without an empty path: Since FossID does
+         * not support support VCS path, they are most likely duplicates of other results.
+         */
+        @Suppress("UNUSED") // This function is used in the templates.
+        fun filterResultsByVCS(scanResults: Map<Identifier, List<ScanResult>>): Map<Identifier, List<ScanResult>> {
+            return scanResults.mapValues {
+                it.value.filter { result ->
+                    when (val provenance = result.provenance) {
+                        is ArtifactProvenance, UnknownProvenance -> true
+                        is RepositoryProvenance -> provenance.vcsInfo.path.isEmpty()
+                    }
+                }
+            }.filterValues { it.isNotEmpty() }
+        }
+
         /**
          * Return a flag indicating that issues have been encountered during the run of an advisor with the given
          * [capability] with at least the given [severity]. This typically means that the report is incomplete;
