Prepare advisor module for supporting multiple advisors in one run

advisor/src/main/kotlin/Advisor.kt

@@ -26,29 +26,22 @@ import java.util.ServiceLoader
 
 import kotlinx.coroutines.runBlocking
 
-import org.ossreviewtoolkit.model.AdvisorDetails
 import org.ossreviewtoolkit.model.AdvisorRecord
-import org.ossreviewtoolkit.model.AdvisorResult
 import org.ossreviewtoolkit.model.AdvisorRun
-import org.ossreviewtoolkit.model.AdvisorSummary
 import org.ossreviewtoolkit.model.OrtResult
-import org.ossreviewtoolkit.model.Package
 import org.ossreviewtoolkit.model.config.AdvisorConfiguration
-import org.ossreviewtoolkit.model.createAndLogIssue
 import org.ossreviewtoolkit.model.readValue
 import org.ossreviewtoolkit.utils.Environment
-import org.ossreviewtoolkit.utils.collectMessagesAsString
-import org.ossreviewtoolkit.utils.showStackTrace
 
 /**
- * The class to retrieve security advisories.
+ * The class to manage [VulnerabilityProvider]s that retrieve security advisories.
  */
-abstract class Advisor(val advisorName: String, protected val config: AdvisorConfiguration) {
+class Advisor(private val providerFactory: VulnerabilityProviderFactory, private val config: AdvisorConfiguration) {
     companion object {
-        private val LOADER = ServiceLoader.load(AdvisorFactory::class.java)!!
+        private val LOADER = ServiceLoader.load(VulnerabilityProviderFactory::class.java)!!
 
         /**
-         * The list of all available advisors in the classpath.
+         * The list of all available [VulnerabilityProvider]s in the classpath.
          */
         val ALL by lazy { LOADER.iterator().asSequence().toList() }
     }
@@ -69,8 +62,10 @@ abstract class Advisor(val advisorName: String, protected val config: AdvisorCon
             "The provided ORT result file '${ortResultFile.canonicalPath}' does not contain an analyzer result."
         }
 
+        val provider = providerFactory.create(config)
+
         val packages = ortResult.getPackages(skipExcluded).map { it.pkg }
-        val results = runBlocking { retrievePackageVulnerabilities(packages) }
+        val results = runBlocking { provider.retrievePackageVulnerabilities(packages) }
             .mapKeysTo(sortedMapOf()) { (pkg, _) -> pkg.id }
 
         val advisorRecord = AdvisorRecord(results)
@@ -80,38 +75,4 @@ abstract class Advisor(val advisorName: String, protected val config: AdvisorCon
         val advisorRun = AdvisorRun(startTime, endTime, Environment(), config, advisorRecord)
         return ortResult.copy(advisor = advisorRun)
     }
-
-    protected abstract suspend fun retrievePackageVulnerabilities(
-        packages: List<Package>
-    ): Map<Package, List<AdvisorResult>>
-
-    protected fun createFailedResults(
-        startTime: Instant,
-        packages: List<Package>,
-        t: Throwable
-    ): Map<Package, List<AdvisorResult>> {
-        val endTime = Instant.now()
-
-        t.showStackTrace()
-
-        val failedResults = listOf(
-            AdvisorResult(
-                vulnerabilities = emptyList(),
-                advisor = AdvisorDetails(advisorName),
-                summary = AdvisorSummary(
-                    startTime = startTime,
-                    endTime = endTime,
-                    issues = listOf(
-                        createAndLogIssue(
-                            source = advisorName,
-                            message = "Failed to retrieve security vulnerabilities from $advisorName: " +
-                                    t.collectMessagesAsString()
-                        )
-                    )
-                )
-            )
-        )
-
-        return packages.associateWith { failedResults }
-    }
 }

advisor/src/main/kotlin/VulnerabilityProvider.kt

@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2020-2021 Bosch.IO GmbH
+ * Copyright (C) 2021 HERE Europe B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.advisor
+
+import java.time.Instant
+
+import org.ossreviewtoolkit.model.AdvisorDetails
+import org.ossreviewtoolkit.model.AdvisorResult
+import org.ossreviewtoolkit.model.AdvisorSummary
+import org.ossreviewtoolkit.model.Package
+import org.ossreviewtoolkit.model.createAndLogIssue
+import org.ossreviewtoolkit.utils.collectMessagesAsString
+import org.ossreviewtoolkit.utils.showStackTrace
+
+/**
+ * An abstract class that represents a service that can retrieve vulnerability information
+ * for a list of given [Package]s.
+ */
+abstract class VulnerabilityProvider(val providerName: String) {
+    /**
+     * For a given list of [Package]s, retrieve vulnerability information and return a map
+     * that associates each package with a list of [AdvisorResult]s. Needs to be implemented
+     * by child classes.
+     */
+    abstract suspend fun retrievePackageVulnerabilities(
+        packages: List<Package>
+    ): Map<Package, List<AdvisorResult>>
+
+    /**
+     * A generic method that creates a failed [AdvisorResult] for [Package]s if there was an issue
+     * during the retrieval of vulnerability information.
+     */
+    protected fun createFailedResults(
+        startTime: Instant,
+        packages: List<Package>,
+        t: Throwable
+    ): Map<Package, List<AdvisorResult>> {
+        val endTime = Instant.now()
+
+        t.showStackTrace()
+
+        val failedResults = listOf(
+            AdvisorResult(
+                vulnerabilities = emptyList(),
+                advisor = AdvisorDetails(providerName),
+                summary = AdvisorSummary(
+                    startTime = startTime,
+                    endTime = endTime,
+                    issues = listOf(
+                        createAndLogIssue(
+                            source = providerName,
+                            message = "Failed to retrieve security vulnerabilities from $providerName: " +
+                                    t.collectMessagesAsString()
+                        )
+                    )
+                )
+            )
+        )
+
+        return packages.associateWith { failedResults }
+    }
+}

advisor/src/main/kotlin/VulnerabilityProviderFactory.kt

@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2020 Bosch.IO GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.advisor
+
+import java.util.ServiceLoader
+
+import org.ossreviewtoolkit.model.config.AdvisorConfiguration
+import org.ossreviewtoolkit.utils.ORT_CONFIG_FILENAME
+import org.ossreviewtoolkit.utils.ortConfigDirectory
+
+/**
+ * A common interface for use with [ServiceLoader] that all [AbstractVulnerabilityProviderFactory]
+ * classes need to implement.
+ */
+interface VulnerabilityProviderFactory {
+    /**
+     * The name to use to refer to the provider.
+     */
+    val providerName: String
+
+    /**
+     * Create a [VulnerabilityProvider] using the specified [config].
+     */
+    fun create(config: AdvisorConfiguration): VulnerabilityProvider
+}
+
+/**
+ * A generic factory class for a [VulnerabilityProvider].
+ */
+abstract class AbstractVulnerabilityProviderFactory<out T : VulnerabilityProvider>(
+    override val providerName: String
+) : VulnerabilityProviderFactory {
+    abstract override fun create(config: AdvisorConfiguration): T
+
+    protected fun <T> getProviderConfiguration(config: AdvisorConfiguration, select: (AdvisorConfiguration) -> T?): T =
+        select(config) ?: throw IllegalArgumentException(
+            "No configuration for $providerName found in ${ortConfigDirectory.resolve(ORT_CONFIG_FILENAME)}"
+        )
+
+    /**
+     * Return the provider's name here to allow Clikt to display something meaningful when listing the scanners
+     * which are enabled by default via their factories.
+     */
+    override fun toString() = providerName
+}

advisor/src/main/kotlin/advisors/NexusIq.kt

@@ -23,22 +23,21 @@ import java.io.IOException
 import java.net.URI
 import java.time.Instant
 
-import org.ossreviewtoolkit.advisor.AbstractAdvisorFactory
-import org.ossreviewtoolkit.advisor.Advisor
+import org.ossreviewtoolkit.advisor.AbstractVulnerabilityProviderFactory
+import org.ossreviewtoolkit.advisor.VulnerabilityProvider
 import org.ossreviewtoolkit.clients.nexusiq.NexusIqService
 import org.ossreviewtoolkit.model.AdvisorDetails
 import org.ossreviewtoolkit.model.AdvisorResult
 import org.ossreviewtoolkit.model.AdvisorSummary
 import org.ossreviewtoolkit.model.Package
 import org.ossreviewtoolkit.model.Vulnerability
 import org.ossreviewtoolkit.model.config.AdvisorConfiguration
+import org.ossreviewtoolkit.model.config.NexusIqConfiguration
 import org.ossreviewtoolkit.model.utils.PurlType
 import org.ossreviewtoolkit.model.utils.getPurlType
 import org.ossreviewtoolkit.model.utils.toPurl
-import org.ossreviewtoolkit.utils.ORT_CONFIG_FILENAME
 import org.ossreviewtoolkit.utils.OkHttpClientHelper
 import org.ossreviewtoolkit.utils.log
-import org.ossreviewtoolkit.utils.ortConfigDirectory
 
 import retrofit2.HttpException
 
@@ -50,19 +49,12 @@ private const val REQUEST_CHUNK_SIZE = 100
 /**
  * A wrapper for [Nexus IQ Server](https://help.sonatype.com/iqserver) security vulnerability data.
  */
-class NexusIq(
-    name: String,
-    config: AdvisorConfiguration
-) : Advisor(name, config) {
-    class Factory : AbstractAdvisorFactory<NexusIq>("NexusIQ") {
-        override fun create(config: AdvisorConfiguration) = NexusIq(advisorName, config)
+class NexusIq(name: String, private val nexusIqConfig: NexusIqConfiguration) : VulnerabilityProvider(name) {
+    class Factory : AbstractVulnerabilityProviderFactory<NexusIq>("NexusIQ") {
+        override fun create(config: AdvisorConfiguration) =
+            NexusIq(providerName, getProviderConfiguration(config) { it.nexusIq })
     }
 
-    private val nexusIqConfig = config.nexusIq
-        ?: throw IllegalArgumentException(
-            "No $advisorName advisor configuration found in ${ortConfigDirectory.resolve(ORT_CONFIG_FILENAME)}"
-        )
-
     private val service by lazy {
         NexusIqService.create(
             nexusIqConfig.serverUrl,
@@ -108,7 +100,7 @@ class NexusIq(
                     pkg to listOf(
                         AdvisorResult(
                             details.securityData.securityIssues.map { it.toVulnerability() },
-                            AdvisorDetails(advisorName),
+                            AdvisorDetails(providerName),
                             AdvisorSummary(startTime, endTime)
                         )
                     )