From 42438ccdab2e09d2b29ed0f098182f472b1726f4 Mon Sep 17 00:00:00 2001
From: Julian Olderdissen <julian.olderdissen@bosch.com>
Date: Mon, 7 Oct 2024 10:15:29 +0200
Subject: [PATCH] feat(fossid): Make FossID sensitivity configurable

Add the option for the user to specify the sensitivity for a FossID scan
to reduce the number of pending identifications.

Signed-off-by: Julian Olderdissen <julian.olderdissen@bosch.com>
---
 model/src/main/resources/reference.yml            |  2 ++
 plugins/scanners/fossid/src/main/kotlin/FossId.kt |  6 ++++--
 .../fossid/src/main/kotlin/FossIdConfig.kt        | 15 ++++++++++++++-
 .../fossid/src/test/kotlin/FossIdConfigTest.kt    | 14 ++++++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/model/src/main/resources/reference.yml b/model/src/main/resources/reference.yml
index dc1fefc12d656..515e440e2aa80 100644
--- a/model/src/main/resources/reference.yml
+++ b/model/src/main/resources/reference.yml
@@ -267,6 +267,8 @@ ort:
 
           urlMappingExample: "https://my-repo.example.org(?<repoPath>.*) -> ssh://my-mapped-repo.example.org${repoPath}"
 
+          sensitivity: 10
+
         secrets:
           user: user
           apiKey: XYZ
diff --git a/plugins/scanners/fossid/src/main/kotlin/FossId.kt b/plugins/scanners/fossid/src/main/kotlin/FossId.kt
index a521028c661d4..6c6a7a000105b 100644
--- a/plugins/scanners/fossid/src/main/kotlin/FossId.kt
+++ b/plugins/scanners/fossid/src/main/kotlin/FossId.kt
@@ -706,10 +706,12 @@ class FossId internal constructor(
         if (response.data?.status in SCAN_STATE_FOR_TRIGGER) {
             logger.info { "Triggering scan as it has not yet been started." }
 
-            val optionsFromConfig = arrayOf(
+            val optionsFromConfig = mutableListOf(
                 "auto_identification_detect_declaration" to "${config.detectLicenseDeclarations.compareTo(false)}",
                 "auto_identification_detect_copyright" to "${config.detectCopyrightStatements.compareTo(false)}"
-            )
+            ).apply {
+                config.sensitivity?.let { add("sensitivity" to "$it") }
+            }.toTypedArray()
 
             val scanResult = service.runScan(
                 config.user, config.apiKey, scanCode, mapOf(*runOptions, *optionsFromConfig)
diff --git a/plugins/scanners/fossid/src/main/kotlin/FossIdConfig.kt b/plugins/scanners/fossid/src/main/kotlin/FossIdConfig.kt
index c6b5467a01fad..65d637178303d 100644
--- a/plugins/scanners/fossid/src/main/kotlin/FossIdConfig.kt
+++ b/plugins/scanners/fossid/src/main/kotlin/FossIdConfig.kt
@@ -113,6 +113,9 @@ data class FossIdConfig(
     /** A limit on the amount of snippets to fetch. **/
     val snippetsLimit: Int,
 
+    /** The sensitivity of the scan. */
+    val sensitivity: Int? = null,
+
     /** Stores the map with FossID-specific configuration options. */
     private val options: Map<String, String>
 ) {
@@ -157,6 +160,9 @@ data class FossIdConfig(
         /** Name of the configuration property defining the limit on the amount of snippets to fetch. */
         private const val PROP_SNIPPETS_LIMIT = "snippetsLimit"
 
+        /** Name of the configuration property defining the sensitivity of the scan. */
+        private const val PROP_SENSITIVITY = "sensitivity"
+
         /**
          * The scanner options beginning with this prefix will be used to parameterize project and scan names.
          */
@@ -198,10 +204,16 @@ data class FossIdConfig(
             val fetchSnippetMatchedLines = options[PROP_FETCH_SNIPPET_MATCHED_LINES]?.toBoolean() == true
             val snippetsLimit = options[PROP_SNIPPETS_LIMIT]?.toInt() ?: DEFAULT_SNIPPETS_LIMIT
 
+            val sensitivity = options[PROP_SENSITIVITY]?.toIntOrNull()
+
             require(deltaScanLimit > 0) {
                 "deltaScanLimit must be > 0, current value is $deltaScanLimit."
             }
 
+            require(sensitivity == null || sensitivity in 0..20) {
+                "Sensitivity must be between 0 and 20, current value is $sensitivity."
+            }
+
             logger.info { "waitForResult parameter is set to '$waitForResult'" }
 
             return FossIdConfig(
@@ -217,7 +229,8 @@ data class FossIdConfig(
                 timeout = timeout,
                 fetchSnippetMatchedLines = fetchSnippetMatchedLines,
                 options = options,
-                snippetsLimit = snippetsLimit
+                snippetsLimit = snippetsLimit,
+                sensitivity = sensitivity
             )
         }
     }
diff --git a/plugins/scanners/fossid/src/test/kotlin/FossIdConfigTest.kt b/plugins/scanners/fossid/src/test/kotlin/FossIdConfigTest.kt
index bbb891ccb62c3..60a9ef2c45583 100644
--- a/plugins/scanners/fossid/src/test/kotlin/FossIdConfigTest.kt
+++ b/plugins/scanners/fossid/src/test/kotlin/FossIdConfigTest.kt
@@ -141,6 +141,20 @@ class FossIdConfigTest : WordSpec({
 
             shouldThrow<IllegalArgumentException> { FossIdConfig.create(options, secrets) }
         }
+
+        "throw if the sensitivity is invalid" {
+            val options = mapOf(
+                "serverUrl" to SERVER_URL,
+                "sensitivity" to "21"
+            )
+
+            val secrets = mapOf(
+                "user" to USER,
+                "apiKey" to API_KEY
+            )
+
+            shouldThrow<IllegalArgumentException> { FossIdConfig.create(options, secrets) }
+        }
     }
 
     "createNamingProvider" should {