fix(reporter): Limit the reporting to results without VCS path

Currently, when there is two packages with the same provenance, the scan
results are duplicated. This is because FossID does not support VCS path
and repository is scanned once, and results are then duplicated for each
package with the same provenance.
This is a temporary fix until scan results are stored by provenance.

Signed-off-by: Nicolas Nobelis <[email protected]>

Author: nnobelis

plugins/reporters/fossid-snippets/src/main/resources/templates/asciidoc/fossid_snippets.ftl

@@ -27,10 +27,10 @@
 
 = FossID Snippets
 List of all the packages with their files and snippets.
-[#list ortResult.scanResults as package, scanResults]
+[#assign filteredResults = helper.filterResultsByVCS(ortResult.scanResults)]
+[#list filteredResults as package, scanResults]
 
 == Package '${package.toCoordinates()}'
-
 [#list scanResults as scanResult]
 [#assign summary = scanResult.summary]
 

plugins/reporters/freemarker/src/main/kotlin/FreemarkerTemplateProcessor.kt

@@ -33,13 +33,17 @@ import org.ossreviewtoolkit.model.AdvisorCapability
 import org.ossreviewtoolkit.model.AdvisorRecord
 import org.ossreviewtoolkit.model.AdvisorResult
 import org.ossreviewtoolkit.model.AdvisorResultFilter
+import org.ossreviewtoolkit.model.ArtifactProvenance
 import org.ossreviewtoolkit.model.Identifier
 import org.ossreviewtoolkit.model.Issue
 import org.ossreviewtoolkit.model.OrtResult
 import org.ossreviewtoolkit.model.Package
+import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.RuleViolation
+import org.ossreviewtoolkit.model.ScanResult
 import org.ossreviewtoolkit.model.Severity
 import org.ossreviewtoolkit.model.SnippetFinding
+import org.ossreviewtoolkit.model.UnknownProvenance
 import org.ossreviewtoolkit.model.Vulnerability
 import org.ossreviewtoolkit.model.VulnerabilityReference
 import org.ossreviewtoolkit.model.config.RuleViolationResolution
@@ -51,6 +55,7 @@ import org.ossreviewtoolkit.model.licenses.ResolvedLicenseInfo
 import org.ossreviewtoolkit.model.licenses.filterExcluded
 import org.ossreviewtoolkit.reporter.Reporter
 import org.ossreviewtoolkit.reporter.ReporterInput
+import org.ossreviewtoolkit.utils.common.PATH_STRING_COMPARATOR
 import org.ossreviewtoolkit.utils.common.expandTilde
 import org.ossreviewtoolkit.utils.spdx.SpdxConstants
 import org.ossreviewtoolkit.utils.spdx.model.SpdxLicenseChoice
@@ -325,6 +330,22 @@ class FreemarkerTemplateProcessor(
         fun collectLicenses(snippetFindings: Collection<SnippetFinding>) : Set<String> =
             snippetFindings.map { it.snippet.licenses.toString() }.toSet()
 
+        /**
+         * Filter the scan results to remove the ones having a VCS provenance without an empty path: Since FossID does
+         * not support support VCS path, they are most likely duplicates of other results.
+         */
+        @Suppress("UNUSED") // This function is used in the templates.
+        fun filterResultsByVCS(scanResults: Map<Identifier, List<ScanResult>>): Map<Identifier, List<ScanResult>> {
+            return scanResults.mapValues {
+                it.value.filter { result ->
+                    when (val provenance = result.provenance) {
+                        is ArtifactProvenance, UnknownProvenance -> true
+                        is RepositoryProvenance -> provenance.vcsInfo.path.isEmpty()
+                    }
+                }
+            }.filterValues { it.isNotEmpty() }
+        }
+
         /**
          * Return a flag indicating that issues have been encountered during the run of an advisor with the given
          * [capability] with at least the given [severity]. This typically means that the report is incomplete;