feat(reporter): Implement the FossID snippet reporter

This is an HTML report to present the snippet findings.
HTML format was chosen to be able to use AsciiDoc collapsible blocks [1]
for how-to-fix hints. Such blocks will be added in a future commit.

[1]: https://docs.asciidoctor.org/asciidoc/latest/blocks/collapsible/

Signed-off-by: Nicolas Nobelis <[email protected]>

Author: nnobelis

cli/src/main/resources/logback.xml

@@ -34,6 +34,7 @@
     <logger name="org.ossreviewtoolkit.analyzer.managers.Yarn2" level="INFO" />
     <logger name="org.ossreviewtoolkit.clients.fossid.FossIdRestService" level="INFO" />
     <logger name="org.ossreviewtoolkit.reporter.reporters.fossid.FossIdReporter" level="INFO" />
+    <logger name="org.ossreviewtoolkit.plugins.reporters.fossid.FossIdSnippetReporter" level="INFO" />
     <logger name="org.ossreviewtoolkit.scanner.scanners.fossid.FossId" level="INFO" />
     <logger name="org.ossreviewtoolkit.scanner.scanners.fossid.FossIdConfig" level="INFO" />
     <logger name="org.ossreviewtoolkit.scanner.scanners.fossid.FossIdUrlProvider" level="INFO" />

plugins/reporters/fossid-snippets/build.gradle.kts

@@ -24,4 +24,9 @@ plugins {
 
 dependencies {
     api(project(":reporter"))
+
+    implementation(project(":plugins:reporters:asciidoc-reporter"))
+    implementation(project(":plugins:reporters:freemarker-reporter"))
+
+    implementation(libs.kotlinxCoroutines)
 }

plugins/reporters/fossid-snippets/src/main/kotlin/FossIdSnippetReporter.kt

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.reporters.fossidsnippets
+
+import java.io.File
+
+import org.apache.logging.log4j.kotlin.Logging
+import org.ossreviewtoolkit.plugins.reporters.asciidoc.HtmlTemplateReporter
+import org.ossreviewtoolkit.plugins.reporters.freemarker.FreemarkerTemplateProcessor
+import org.ossreviewtoolkit.reporter.Reporter
+import org.ossreviewtoolkit.reporter.ReporterInput
+
+class FossIdSnippetReporter : Reporter {
+    companion object : Logging {
+
+        private const val TEMPLATE_NAME = "fossid_snippets"
+
+        val delegateReporter = HtmlTemplateReporter()
+    }
+
+    override val type = "FossIdSnippets"
+
+    override fun generateReport(input: ReporterInput, outputDir: File, options: Map<String, String>): List<File> {
+        val extendedOptions = options + (FreemarkerTemplateProcessor.OPTION_TEMPLATE_ID to TEMPLATE_NAME)
+        return delegateReporter.generateReport(input, outputDir, extendedOptions)
+    }
+}

plugins/reporters/fossid-snippets/src/main/resources/META-INF/services/org.ossreviewtoolkit.reporter.Reporter

@@ -0,0 +1 @@
+org.ossreviewtoolkit.plugins.reporters.fossid.FossIdSnippetReporter

plugins/reporters/fossid-snippets/src/main/resources/templates/asciidoc/fossid_snippets.ftl

@@ -0,0 +1,87 @@
+[#--
+    Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        https://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+    SPDX-License-Identifier: Apache-2.0
+    License-Filename: LICENSE
+--]
+
+:publisher: OSS Review Toolkit
+[#assign now = .now]
+:revdate: ${now?date?iso_local}
+
+:title-page:
+:sectnums:
+:toc:
+
+= FossID Snippets
+List of all the packages with their files and snippets.
+[#list ortResult.scanResults as package, scanResults]
+
+== Package '${package.toCoordinates()}'
+
+[#list scanResults as scanResult]
+[#assign summary = scanResult.summary]
+
+Scan start time : ${summary.startTime} +
+End time : ${summary.startTime} +
+[#if scanResult.provenance.vcsInfo??]
+    [#assign gitRepoUrl = scanResult.provenance.vcsInfo.url]
+    [#assign gitRevision = scanResult.provenance.vcsInfo.revision]
+    Git repo URL: ${gitRepoUrl} +
+    Git revision: ${gitRevision}
+
+    [#if gitRepoUrl?contains("github.com")]
+        [#assign githubBaseURL = '${gitRepoUrl?remove_ending(".git")}/blob/${gitRevision}']
+    [/#if]
+[/#if]
+
+[#assign snippets = helper.groupSnippetsByFile(summary.snippetFindings)]
+
+[#list snippets as filePath, snippetFindings]
+[#if gitRepoUrl?? && gitRepoUrl?contains("github.com")]
+  [#assign localFileURL = '_${githubBaseURL}/${filePath}[source]_']
+[#else]
+  [#assign localFileURL = "_source_"]
+[/#if]
+
+[#assign licenses = helper.collectLicenses(snippetFindings)]
+
+*${filePath}* +
+License(s):
+[#list licenses as license]
+  ${license}[#sep],
+[/#list]
+
+[width=100%]
+[cols="1,1,3,1,3,3,1,1"]
+|===
+| ID | Match | PUrl | License | File | URL | Score | Release Date
+
+[#list snippetFindings as snippetFinding ]
+[#assign snippet = snippetFinding.snippet]
+[#assign matchType = snippet.additionalData["matchType"]]
+[#if matchType == "PARTIAL"].2+[/#if]| ${snippet.additionalData["id"]} | ${matchType} | ${snippet.purl!""}
+| ${snippet.licenses!""} | ${snippet.location.path!""} | ${snippet.provenance.sourceArtifact.url!""}[URL]
+| ${snippet.score!""} | ${snippet.additionalData["releaseDate"]}
+[#if matchType == "PARTIAL"]
+2+^| *Matched lines* 5+| ${localFileURL}: ${snippet.additionalData["matchedLinesSource"]} /
+    _remote_: ${snippet.additionalData["matchedLinesSnippet"]}
+[/#if]
+[/#list]
+|===
+[/#list]
+
+[/#list]
+[/#list]

plugins/reporters/fossid-snippets/src/main/resources/templates/freemarker_implicit.ftl

@@ -0,0 +1,11 @@
+[#ftl]
+[#-- @implicitly included --]
+
+[#-- @ftlvariable name="projects" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="packages" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="ortResult" type="org.ossreviewtoolkit.model.OrtResult" --]
+[#-- @ftlvariable name="licenseTextProvider" type="org.ossreviewtoolkit.reporter.LicenseTextProvider" --]
+[#-- @ftlvariable name="LicenseView" type="org.ossreviewtoolkit.model.licenses.LicenseView" --]
+[#-- @ftlvariable name="helper" type="org.ossreviewtoolkit.plugins.reporters.freemarker.FreemarkerTemplateProcessor.TemplateHelper" --]
+[#-- @ftlvariable name="projectsAsPackages" type="kotlin.collections.Set<org.ossreviewtoolkit.model.Identifier>" --]
+[#-- @ftlvariable name="vulnerabilityReference" type="org.ossreviewtoolkit.model.VulnerabilityReference" --]

plugins/reporters/freemarker/src/main/kotlin/FreemarkerTemplateProcessor.kt

@@ -39,6 +39,7 @@ import org.ossreviewtoolkit.model.OrtResult
 import org.ossreviewtoolkit.model.Package
 import org.ossreviewtoolkit.model.RuleViolation
 import org.ossreviewtoolkit.model.Severity
+import org.ossreviewtoolkit.model.SnippetFinding
 import org.ossreviewtoolkit.model.Vulnerability
 import org.ossreviewtoolkit.model.VulnerabilityReference
 import org.ossreviewtoolkit.model.config.RuleViolationResolution
@@ -310,6 +311,20 @@ class FreemarkerTemplateProcessor(
         fun filterForUnresolvedVulnerabilities(vulnerabilities: List<Vulnerability>): List<Vulnerability> =
             vulnerabilities.filterNot { input.resolutionProvider.isResolved(it) }
 
+        /**
+         * Return a list of [SnippetFinding]s grouped by the source file being matched by those snippets.
+         */
+        @Suppress("UNUSED") // This function is used in the templates.
+        fun groupSnippetsByFile(snippetFindings: Collection<SnippetFinding>): Map<String, List<SnippetFinding>> =
+            snippetFindings.groupBy { it.sourceLocation.path }
+
+        /**
+         * Collect all the licenses present in a collection of [SnippetFinding]s.
+         */
+        @Suppress("UNUSED") // This function is used in the templates.
+        fun collectLicenses(snippetFindings: Collection<SnippetFinding>) : Set<String> =
+            snippetFindings.map { it.snippet.licenses.toString() }.toSet()
+
         /**
          * Return a flag indicating that issues have been encountered during the run of an advisor with the given
          * [capability] with at least the given [severity]. This typically means that the report is incomplete;