feat(scanner): Add detected license mapping to ScanContext

Add the detected license mapping from the `ScannerConfiguration` to the
`ScanContext` to make it available to `ScannerWrapper`s. This is
currently only required by the `FossId` implementation because FossID
can return arbitrary strings as licenses. These strings can sometimes
not be parsed as SPDX expressions and can therefore not be returned as
part of a `LicenseFinding` in the `ScanSummary`.

A better solution could be to automatically convert all license strings
returned by FossID to a form that can be parsed as SPDX expression, then
the mapping could be applied globally. However, as this would be a
breaking configuration change it is not implemented now and only added
as a TODO comment instead.

Signed-off-by: Martin Nonnenmacher <[email protected]>

Author: mnonnenmacher

plugins/scanners/fossid/src/main/kotlin/FossId.kt

@@ -310,7 +310,15 @@ class FossId internal constructor(
 
                     if (config.waitForResult) {
                         val rawResults = getRawResults(scanCode)
-                        createResultSummary(startTime, provenance, rawResults, scanCode, scanId, issues)
+                        createResultSummary(
+                            startTime,
+                            provenance,
+                            rawResults,
+                            scanCode,
+                            scanId,
+                            issues,
+                            context.detectedLicenseMapping
+                        )
                     } else {
                         val issue = createAndLogIssue(
                             source = name,
@@ -857,7 +865,8 @@ class FossId internal constructor(
         rawResults: RawResults,
         scanCode: String,
         scanId: String,
-        additionalIssues: MutableList<Issue>
+        additionalIssues: MutableList<Issue>,
+        detectedLicenseMapping: Map<String, String>
     ): ScanResult {
         // TODO: Maybe get issues from FossID (see has_failed_scan_files, get_failed_files and maybe get_scan_log).
 
@@ -875,7 +884,7 @@ class FossId internal constructor(
 
         val (licenseFindings, copyrightFindings) = rawResults.markedAsIdentifiedFiles.ifEmpty {
             rawResults.identifiedFiles
-        }.mapSummary(ignoredFiles, issues, scannerConfig.detectedLicenseMapping)
+        }.mapSummary(ignoredFiles, issues, detectedLicenseMapping)
 
         val summary = ScanSummary(
             startTime = startTime,

plugins/scanners/fossid/src/main/kotlin/FossIdScanResults.kt

@@ -85,7 +85,9 @@ internal fun <T : Summarizable> List<T>.mapSummary(
 
         summary.licences.forEach {
             runCatching {
-                // TODO: The license mapping should be moved to a central place.
+                // TODO: The detected license mapping must be applied here, because FossID can return license strings
+                //       which cannot be parsed to an SpdxExpression. A better solution could be to automatically
+                //       convert the strings into a form that can be parsed, then the mapping could be applied globally.
                 LicenseFinding(it.identifier.mapLicense(detectedLicenseMapping), location)
             }.onSuccess { licenseFinding ->
                 licenseFindings += licenseFinding.copy(license = licenseFinding.license.normalize())

scanner/src/main/kotlin/ScanContext.kt

@@ -19,9 +19,12 @@
 
 package org.ossreviewtoolkit.scanner
 
+import org.ossreviewtoolkit.model.LicenseFinding
 import org.ossreviewtoolkit.model.OrtResult
 import org.ossreviewtoolkit.model.PackageType
 import org.ossreviewtoolkit.model.config.Excludes
+import org.ossreviewtoolkit.model.config.ScannerConfiguration
+import org.ossreviewtoolkit.utils.spdx.SpdxExpression
 
 /**
  * Additional context information that can be used by a [ScannerWrapper] to alter its behavior.
@@ -40,5 +43,15 @@ data class ScanContext(
     /**
      * The [Excludes] of the project to scan.
      */
-    val excludes: Excludes? = null
+    val excludes: Excludes? = null,
+
+    /**
+     * The detected license mappings configured in the
+     * [scanner configuration][ScannerConfiguration.detectedLicenseMapping]. Can be used by [ScannerWrapper]
+     * implementations where the scanner can return arbitrary license strings which cannot be parsed as
+     * [SpdxExpression]s and can therefore not be returned as a [LicenseFinding] without being mapped first. Should not
+     * be used by scanners where scan results are stored, because then changes in the mapping would not be applied to
+     * stored results.
+     */
+    val detectedLicenseMapping: Map<String, String> = emptyMap()
 )

scanner/src/main/kotlin/Scanner.kt

@@ -124,7 +124,8 @@ class Scanner(
                 ScanContext(
                     ortResult.labels + labels,
                     PackageType.PROJECT,
-                    ortResult.repository.config.excludes
+                    ortResult.repository.config.excludes,
+                    scannerConfig.detectedLicenseMapping
                 )
             )
         } else {
@@ -139,7 +140,15 @@ class Scanner(
 
             logger.info { "Scanning ${packages.size} package(s) with ${packageScannerWrappers.size} scanner(s)." }
 
-            scan(packages, ScanContext(ortResult.labels, PackageType.PACKAGE, ortResult.repository.config.excludes))
+            scan(
+                packages,
+                ScanContext(
+                    ortResult.labels,
+                    PackageType.PACKAGE,
+                    ortResult.repository.config.excludes,
+                    scannerConfig.detectedLicenseMapping
+                )
+            )
         } else {
             logger.info { "Skipping package scan as no package scanner is configured." }