feat(model): Add Snippet additionalData

[nnobelis]

Please have a look at the individual commit messages for the details.

[fviernau]

commit-msg: Please explain why the added data is needed. E.g. what are the use cases?

[codecov]

Codecov Report

Patch coverage: 90.90% and project coverage change: +0.01 🎉

Comparison is base (f4f59dc) 64.28% compared to head (d00f658) 64.30%.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #7022      +/-   ##
============================================
+ Coverage     64.28%   64.30%   +0.01%     
  Complexity     1976     1976              
============================================
  Files           332      332              
  Lines         16734    16744      +10     
  Branches       2382     2383       +1     
============================================
+ Hits          10758    10767       +9     
  Misses         4937     4937              
- Partials       1039     1040       +1     

Flag	Coverage Δ
funTest-docker	58.97% <ø> (ø)
test	40.30% <90.90%> (+0.08%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
model/src/main/kotlin/utils/SortedSetConverters.kt	0.00% <ø> (ø)
...in/kotlin/provenance/NestedProvenanceScanResult.kt	83.16% <ø> (ø)
...ain/kotlin/scanners/scanoss/ScanOssResultParser.kt	82.27% <ø> (ø)
scanner/src/main/kotlin/scanners/fossid/FossId.kt	75.53% <90.90%> (+0.35%)	⬆️

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[nnobelis]

@sschuberth

Additionally, it would be interesting to know if SCANOSS has something similar, and if so, such an ID should probably become a first-class property.

Unfortunately id does not:

{
  "src/main/java/com/vdurmont/semver4j/RequirementForScanOSS.java":[
  {
    "id": "snippet",
    "lines": "1-710",
    "oss_lines": "1-710",
    "matched": "98%",
    "file_hash": "6ff2427335b985212c9b79dfa795799f",
    "source_hash": "bd4bff27f540f4f2c9de012acc4b48a3",
    "file_url": "https://osskb.org/api/file_contents/6ff2427335b985212c9b79dfa795799f",
    "purl": [
      "pkg:github/vdurmont/semver4j"
    ],
    "vendor": "vdurmont",
    "component": "semver4j",
    "version": "3.1.0",
    "latest": "3.1.0",
    "url": "https://github.com/vdurmont/semver4j",
    "status": "pending",
    "release_date": "2019-09-13",
    "file": "src/main/java/com/vdurmont/semver4j/Requirement.java",
    "url_hash": "b92cd7e4d588747588d1b5fe1f8c664c",
    "licenses": [
      {
        "name": "MIT",
        "patent_hints": "no",
        "copyleft": "no",
        "checklist_url": "https://www.osadl.org/fileadmin/checklists/unreflicenses/MIT.txt",
        "osadl_updated": "2023-03-26T02:11:00+00:00",
        "source": "component_declared",
        "url": "https://spdx.org/licenses/MIT.html"
      }
    ],
    "server": {
      "version": "5.2.5",
      "kb_version": {
        "monthly": "23.03",
        "daily": "23.03.19"
      }
    }
  }
]
}

id behaves a bit like FossID MatchType: it is either file or snippet. file would be FossID MatchType.FULL and snippet would be MatchType.PARTIAL. But then you see the difference mentioned above that ScanOSS does not consider a full match a snippet, while FossID does,
And no, there is no numeric identified in ScanOSS.

My concerns were only about the use of the custom data, but no use is introduced in this PR.

[sschuberth]

It just occurred to me that we already have additionalData in ScanResult. So do we really need this at this place?

[nnobelis]

I took inspiration of ScanResult.additionalData 😃

Yes we need it at the snippet level, to carry snippet specific data such as the ID.
How would you put this information in the additionalData of ScanResult ?
Knowing it's a Map<String, String> and you can't have structured data in it ?

[sschuberth]

Knowing it's a Map<String, String> and you can't have structured data in it ?

Well you could (e.g. by applying a naming convention), but on a second thought I agree it's not very feasible.

[sschuberth]

Not strictly related to this PR, but it also just occurred to me that the SnippetFinding class is located in the utils package. Unless there's a good reason for that, I'd prefer it to go along the LicenseFinding and CopyrightFinding classes in the root model package. Could you mind adding a preceding commit to this PR that addressed that?

[sschuberth]

This should say "scan summary" or "[ScanSummary]".

[sschuberth]

Argh, sorry, IMO Snippet should be moved as well, as it's not a utility to work on model classes, but a model class itself.

[mnonnenmacher]

Commit message nit: The breaking api change should be indicated by an exclamation mark: "fix(model)!: ..."