feat(model): guard against duplicate scan results / file lists per provenance

maennchen · maennchen · commit c0d7fdf37816 · 2025-07-10T12:18:31.000+02:00
Prep work for upcoming PR oss-review-toolkit#10502. * `ScannerRun.init` - Add a `require` check that no two `ScanResult`s share the same provenance. - Add a similar check that no two `FileList`s share the same provenance. The offending provenance is rendered via `toYaml()` to aid debugging. * `ScannerRunTest` - Introduce two unit tests that assert an `IllegalArgumentException` is thrown when duplicates are present for scan results or file lists, respectively. These runtime checks make improper scan runs surface early and provide clear error messages, which will simplify the upcoming deduplication work. Signed-off-by: Jonatan Männchen <jonatan@maennchen.ch>
diff --git a/model/src/main/kotlin/ScannerRun.kt b/model/src/main/kotlin/ScannerRun.kt
@@ -135,6 +135,13 @@ data class ScannerRun(
             }
         }
 
+        scanResults.toList().getDuplicates { it.provenance }.keys.let { duplicateProvenances ->
+            require(duplicateProvenances.isEmpty()) {
+                "Found multiple scan results for the same provenance:\n" +
+                    duplicateProvenances.first().toYaml()
+            }
+        }
+
         provenances.getDuplicates { it.id }.keys.let { idsForDuplicateProvenanceResolutionResults ->
             require(idsForDuplicateProvenanceResolutionResults.isEmpty()) {
                 "Found multiple provenance resolution results for the following ids: " +
@@ -173,6 +180,13 @@ data class ScannerRun(
                 }
             }
         }
+
+        files.toList().getDuplicates { it.provenance }.keys.let { duplicateProvenances ->
+            require(duplicateProvenances.isEmpty()) {
+                "Found multiple file lists for the same provenance:\n" +
+                    duplicateProvenances.first().toYaml()
+            }
+        }
     }
 
     private val provenancesById: Map<Identifier, ProvenanceResolutionResult> by lazy {
diff --git a/model/src/test/kotlin/ScannerRunTest.kt b/model/src/test/kotlin/ScannerRunTest.kt
@@ -19,17 +19,101 @@
 
 package org.ossreviewtoolkit.model
 
+import io.kotest.assertions.throwables.shouldThrow
 import io.kotest.core.spec.style.WordSpec
 import io.kotest.matchers.collections.containExactlyInAnyOrder
 import io.kotest.matchers.maps.containExactly
 import io.kotest.matchers.nulls.shouldNotBeNull
 import io.kotest.matchers.should
+import io.kotest.matchers.string.shouldContain
 
 import org.ossreviewtoolkit.model.FileList.Entry
 import org.ossreviewtoolkit.model.utils.alignRevisions
 import org.ossreviewtoolkit.model.utils.clearVcsPath
 
 class ScannerRunTest : WordSpec({
+    "init" should {
+        "error on duplicate provenance scan results" {
+            val provenance = RepositoryProvenance(
+                VcsInfo(type = VcsType.GIT, url = "https://github.com/example.git", revision = "revision"),
+                "revision"
+            )
+
+            val ex = shouldThrow<IllegalArgumentException> {
+                ScannerRun.EMPTY.copy(
+                    provenances = setOf(
+                        ProvenanceResolutionResult(
+                            id = Identifier("maven::example:1.0"),
+                            packageProvenance = provenance
+                        )
+                    ),
+                    scanResults = setOf(
+                        ScanResult(
+                            provenance = provenance,
+                            scanner = ScannerDetails.EMPTY,
+                            summary = ScanSummary.EMPTY.copy(
+                                licenseFindings = setOf(
+                                    LicenseFinding("MIT", TextLocation("file1.txt", 1, 1))
+                                )
+                            )
+                        ),
+                        ScanResult(
+                            provenance = provenance,
+                            scanner = ScannerDetails.EMPTY,
+                            summary = ScanSummary.EMPTY.copy(
+                                licenseFindings = setOf(
+                                    LicenseFinding("MIT", TextLocation("file2.txt", 1, 1))
+                                )
+                            )
+                        )
+                    )
+                )
+            }
+
+            ex.message shouldContain "Found multiple scan results for the same provenance"
+        }
+
+        "error on duplicate provenance file lists" {
+            val provenance = RepositoryProvenance(
+                VcsInfo(type = VcsType.GIT, url = "https://github.com/example.git", revision = "revision"),
+                "revision"
+            )
+
+            val ex = shouldThrow<IllegalArgumentException> {
+                ScannerRun.EMPTY.copy(
+                    provenances = setOf(
+                        ProvenanceResolutionResult(
+                            id = Identifier("maven::example:1.0"),
+                            packageProvenance = provenance
+                        )
+                    ),
+                    files = setOf(
+                        FileList(
+                            provenance = provenance,
+                            files = setOf(
+                                Entry(
+                                    path = "vcs/path/file1.txt",
+                                    sha1 = "1111111111111111111111111111111111111111"
+                                )
+                            )
+                        ),
+                        FileList(
+                            provenance = provenance,
+                            files = setOf(
+                                Entry(
+                                    path = "some/dir/file2.txt",
+                                    sha1 = "2222222222222222222222222222222222222222"
+                                )
+                            )
+                        )
+                    )
+                )
+            }
+
+            ex.message shouldContain "Found multiple file lists for the same provenance"
+        }
+    }
+
     "getFileList()" should {
         "filter by VCS path and merge sub-repository lists as expected" {
             val id = Identifier("a:b:c:1.0.0")

Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,13 @@ data class ScannerRun(`
`135`	`135`	`}`
`136`	`136`	`}`
`137`	`137`
	`138`	`+ scanResults.toList().getDuplicates { it.provenance }.keys.let { duplicateProvenances ->`
	`139`	`+ require(duplicateProvenances.isEmpty()) {`
	`140`	`+ "Found multiple scan results for the same provenance:\n" +`
	`141`	`+ duplicateProvenances.first().toYaml()`
	`142`	`+ }`
	`143`	`+ }`
	`144`	`+`
`138`	`145`	`provenances.getDuplicates { it.id }.keys.let { idsForDuplicateProvenanceResolutionResults ->`
`139`	`146`	`require(idsForDuplicateProvenanceResolutionResults.isEmpty()) {`
`140`	`147`	`"Found multiple provenance resolution results for the following ids: " +`
`@@ -173,6 +180,13 @@ data class ScannerRun(`
`173`	`180`	`}`
`174`	`181`	`}`
`175`	`182`	`}`
	`183`	`+`
	`184`	`+ files.toList().getDuplicates { it.provenance }.keys.let { duplicateProvenances ->`
	`185`	`+ require(duplicateProvenances.isEmpty()) {`
	`186`	`+ "Found multiple file lists for the same provenance:\n" +`
	`187`	`+ duplicateProvenances.first().toYaml()`
	`188`	`+ }`
	`189`	`+ }`
`176`	`190`	`}`
`177`	`191`
`178`	`192`	`private val provenancesById: Map<Identifier, ProvenanceResolutionResult> by lazy {`