refactor(scanoss): ScanOssResultParser to improve snippets findings

* Generate multiple snippetFindings for each detected line range
* Remove duplicate licenses to optimize results
* Remove identified snippets from the summary

Signed-off-by: Agustin Isasmendi <[email protected]>

Author: isasmendiagus

plugins/scanners/scanoss/src/main/kotlin/ScanOssResultParser.kt

@@ -18,13 +18,19 @@
  */
 
 package org.ossreviewtoolkit.plugins.scanners.scanoss
-
+import com.scanoss.dto.LicenseDetails
 import com.scanoss.dto.ScanFileDetails
 import com.scanoss.dto.ScanFileResult
 import com.scanoss.dto.enums.MatchType
+import com.scanoss.dto.enums.StatusType
 
+import java.lang.invoke.MethodHandles
 import java.time.Instant
 
+import kotlin.math.min
+
+import org.apache.logging.log4j.kotlin.loggerOf
+
 import org.ossreviewtoolkit.downloader.VcsHost
 import org.ossreviewtoolkit.model.CopyrightFinding
 import org.ossreviewtoolkit.model.LicenseFinding
@@ -36,7 +42,8 @@ import org.ossreviewtoolkit.model.TextLocation
 import org.ossreviewtoolkit.utils.spdx.SpdxConstants
 import org.ossreviewtoolkit.utils.spdx.SpdxExpression
 import org.ossreviewtoolkit.utils.spdx.SpdxLicenseIdExpression
-import org.ossreviewtoolkit.utils.spdx.andOrNull
+
+private val logger = loggerOf(MethodHandles.lookup().lookupClass())
 
 /**
  * Generate a summary from the given SCANOSS [result], using [startTime], [endTime] as metadata. This variant can be
@@ -56,16 +63,23 @@ internal fun generateSummary(startTime: Instant, endTime: Instant, results: List
                 }
 
                 MatchType.snippet -> {
-                    val file = requireNotNull(details.file)
-                    val lines = requireNotNull(details.lines)
-                    val sourceLocations = convertLines(file, lines)
-                    val snippets = getSnippets(details)
-
-                    snippets.forEach { snippet ->
-                        sourceLocations.forEach { sourceLocation ->
-                            // TODO: Aggregate the snippet by source file location.
-                            snippetFindings += SnippetFinding(sourceLocation, setOf(snippet))
+                    val file = requireNotNull(result.filePath)
+                    if (details.status == StatusType.pending) {
+                        val lines = requireNotNull(details.lines)
+                        val sourceLocations = convertLines(file, lines)
+                        val snippets = getSnippets(details)
+
+                        if (sourceLocations.size != snippets.size) {
+                            logger.warn("number of local line ranges does not match with oss lines on file '$file'")
                         }
+
+                        for (i in 0 until min(sourceLocations.size, snippets.size)) {
+                            snippetFindings += SnippetFinding(sourceLocations[i], setOf(snippets[i]))
+                        }
+                    } else {
+                        logger.warn("file '$file' is identified, not including on snippet findings")
+                        licenseFindings += getLicenseFindings(details)
+                        copyrightFindings += getCopyrightFindings(details)
                     }
                 }
 
@@ -84,7 +98,6 @@ internal fun generateSummary(startTime: Instant, endTime: Instant, results: List
         licenseFindings = licenseFindings,
         copyrightFindings = copyrightFindings,
         snippetFindings = snippetFindings
-
     )
 }
 
@@ -138,16 +151,14 @@ private fun getCopyrightFindings(details: ScanFileDetails): List<CopyrightFindin
  * Get the snippet findings from the given [details]. If a snippet returned by ScanOSS contains several Purls,
  * several snippets are created in ORT each containing a single Purl.
  */
-private fun getSnippets(details: ScanFileDetails): Set<Snippet> {
+private fun getSnippets(details: ScanFileDetails): List<Snippet> {
     val matched = requireNotNull(details.matched)
     val fileUrl = requireNotNull(details.fileUrl)
     val ossLines = requireNotNull(details.ossLines)
     val url = requireNotNull(details.url)
     val purls = requireNotNull(details.purls)
 
-    val licenses = details.licenseDetails.orEmpty().mapTo(mutableSetOf()) { license ->
-        SpdxExpression.parse(license.name)
-    }
+    val license = getUniqueLicenseExpression(details.licenseDetails)
 
     val score = matched.substringBeforeLast("%").toFloat()
     val locations = convertLines(fileUrl, ossLines)
@@ -157,11 +168,9 @@ private fun getSnippets(details: ScanFileDetails): Set<Snippet> {
 
     val additionalData = mapOf("release_date" to details.releaseDate)
 
-    return buildSet {
+    return buildList {
         purls.forEach { purl ->
             locations.forEach { snippetLocation ->
-                val license = licenses.andOrNull()?.sorted() ?: SpdxLicenseIdExpression(SpdxConstants.NOASSERTION)
-
                 add(Snippet(score, snippetLocation, provenance, purl, license, additionalData))
             }
         }
@@ -181,3 +190,14 @@ private fun convertLines(file: String, lineRanges: String): List<TextLocation> =
             else -> throw IllegalArgumentException("Unsupported line range '$lineRange'.")
         }
     }
+
+fun getUniqueLicenseExpression(licensesDetails: Array<LicenseDetails>): SpdxExpression {
+    if (licensesDetails.isEmpty()) {
+        return SpdxLicenseIdExpression(SpdxConstants.NOASSERTION)
+    }
+
+    return licensesDetails
+        .map { license -> SpdxExpression.parse(license.name) }
+        .reduce { acc, expr -> acc.and(expr) }
+        .simplify()
+}

plugins/scanners/scanoss/src/test/kotlin/ScanOssResultParserTest.kt

@@ -19,6 +19,7 @@
 
 package org.ossreviewtoolkit.plugins.scanners.scanoss
 
+import com.scanoss.dto.LicenseDetails
 import com.scanoss.utils.JsonUtils
 
 import io.kotest.core.spec.style.WordSpec
@@ -28,6 +29,7 @@ import io.kotest.matchers.collections.shouldContain
 import io.kotest.matchers.collections.shouldContainExactly
 import io.kotest.matchers.collections.shouldHaveSize
 import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
 
 import java.io.File
 import java.time.Instant
@@ -40,9 +42,45 @@ import org.ossreviewtoolkit.model.SnippetFinding
 import org.ossreviewtoolkit.model.TextLocation
 import org.ossreviewtoolkit.model.VcsInfo
 import org.ossreviewtoolkit.model.VcsType
+import org.ossreviewtoolkit.utils.spdx.SpdxConstants
 import org.ossreviewtoolkit.utils.spdx.SpdxExpression
+import org.ossreviewtoolkit.utils.spdx.SpdxLicenseIdExpression
 
 class ScanOssResultParserTest : WordSpec({
+    "getUniqueLicenseDetails()" should {
+
+        "deduplicate complex license expressions" {
+            val uniqueLicenses = getUniqueLicenseExpression(
+                arrayOf(
+                    LicenseDetails.builder().name("MIT").build(),
+                    LicenseDetails.builder().name("MIT").build(),
+                    LicenseDetails.builder().name("GPL-2.0-only").build(),
+                    LicenseDetails.builder().name("GPL-2.0-only WITH Linux-syscall-note").build(),
+                    LicenseDetails.builder().name("GPL-2.0-only AND MIT").build()
+                )
+            )
+
+            val decomposed = uniqueLicenses.decompose().toList()
+
+            val expressionStrings = decomposed.map { it.toString() }
+
+            // Check that each license appears exactly once
+            expressionStrings.count { it == "MIT" } shouldBe 1
+            expressionStrings.count { it == "GPL-2.0-only" } shouldBe 1
+            expressionStrings.count { it == "GPL-2.0-only WITH Linux-syscall-note" } shouldBe 1
+
+            // Ensure no unexpected elements
+            expressionStrings.size shouldBe 3
+        }
+
+        "handle empty license list" {
+            val emptyLicenses = getUniqueLicenseExpression(arrayOf())
+
+            // Verify empty license list returns NOASSERTION
+            emptyLicenses shouldBe SpdxLicenseIdExpression(SpdxConstants.NOASSERTION)
+        }
+    }
+
     "generateSummary()" should {
         "properly summarize JUnit 4.12 findings" {
             val results = File("src/test/assets/scanoss-junit-4.12.json").readText().let {