helper-cli: Fix listing licenses for packages with no scan result #7832
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `ListLicensesCommand` crashes when used for a package with unkown provenances inside `writeValueAsString()` called from [1], as it passes an unkown provenance to that function. Filter out scan results in the first place to avoid running into that problem. [1] https://github.com/oss-review-toolkit/ort/blob/f5c556d207b7b3cdbecfb7c8cfb489ba4d5050a4/helper-cli/src/main/kotlin/commands/ListLicensesCommand.kt#L196 Signed-off-by: Frank Viernau <[email protected]>
For packages which do not have a scan result the command just outputs "scan results:". Change that to a more speaking message. Signed-off-by: Frank Viernau <[email protected]>
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #7832 +/- ##
============================================
- Coverage 67.24% 67.23% -0.01%
Complexity 2044 2044
============================================
Files 356 356
Lines 17050 17053 +3
Branches 2439 2440 +1
============================================
+ Hits 11465 11466 +1
- Misses 4567 4568 +1
- Partials 1018 1019 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
sschuberth
approved these changes
Nov 9, 2023
fviernau
added a commit
that referenced
this pull request
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario #1. Furthermore, return early in case there is no scan result for the given package to fix scenario #2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1] #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario #1. Furthermore, return early in case there is no scan result for the given package to fix scenario #2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario 1. Furthermore, return early in case there is no scan result for the given package to fix scenario 2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 28, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario 1. Furthermore, return early in case there is no scan result for the given package to fix scenario 2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 28, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario 1. Furthermore, return early in case there is no scan result for the given package to fix scenario 2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 28, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes within `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario 1. Furthermore, return early in case there is no scan result for the given package to fix scenario 2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this pull request
Nov 28, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes within `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario 1. Furthermore, return early in case there is no scan result for the given package to fix scenario 2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See individual commits.