fix(gradle-plugin): Do not fail with NPE when dependency POMs are mis…

…sing Sometimes, POM cannot be resolved by ORT for one reason or another. When this happens, the analysis finishes early, omitting dependencies that have POMs but were unlucky to be listed after the POMless one. The fix itself is simple: instead of requiring a non-null value in POMs map (through `getValue`), add a warning and leave the fields empty when the returned POM is null. For example, ORT fails scanning [1] and [2] without the patch due to Gradle IntelliJ Plugin [3] injecting dependencies without POMs. [1] https://github.com/JetBrains/Grammar-Kit [2] https://github.com/JetBrains/ideavim [3] https://github.com/JetBrains/intellij-platform-gradle-plugin Signed-off-by: Igor Brovtsin <[email protected]>
oss-review-toolkit · Mar 28, 2024 · 4f32b50 · 4f32b50
1 parent e4af83c
commit 4f32b50
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/plugins/package-managers/gradle-plugin/src/main/kotlin/OrtModelBuilder.kt b/plugins/package-managers/gradle-plugin/src/main/kotlin/OrtModelBuilder.kt
@@ -198,7 +198,13 @@ internal class OrtModelBuilder : ToolingModelBuilder {
                                 null
                             }
 
-                            val modelBuildingResult = poms.getValue(id.toString())
+                            val modelBuildingResult = poms[id.toString()]
+                            if (modelBuildingResult == null && id !in visitedDependencies) {
+                                val message = "No POM found for $id"
+                                logger.warn(message)
+                                warnings += message
+                            }
+
                             val dependencies = if (id in visitedDependencies) {
                                 // Cut the graph on cyclic dependencies.
                                 emptyList()
@@ -212,18 +218,20 @@ internal class OrtModelBuilder : ToolingModelBuilder {
                                 artifactId = id.module,
                                 version = id.version,
                                 classifier = "",
-                                extension = modelBuildingResult.effectiveModel.packaging,
+                                extension = modelBuildingResult?.effectiveModel?.packaging.orEmpty(),
                                 dependencies = dependencies,
                                 error = null,
                                 warning = null,
                                 pomFile = pomFile,
-                                mavenModel = OrtMavenModelImpl(
-                                    licenses = modelBuildingResult.effectiveModel.collectLicenses(),
-                                    authors = modelBuildingResult.effectiveModel.collectAuthors(),
-                                    description = modelBuildingResult.effectiveModel.description.orEmpty(),
-                                    homepageUrl = modelBuildingResult.effectiveModel.url.orEmpty(),
-                                    vcs = modelBuildingResult.getVcsModel()
-                                ),
+                                mavenModel = modelBuildingResult?.run {
+                                    OrtMavenModelImpl(
+                                        licenses = effectiveModel.collectLicenses(),
+                                        authors = effectiveModel.collectAuthors(),
+                                        description = effectiveModel.description.orEmpty(),
+                                        homepageUrl = effectiveModel.url.orEmpty(),
+                                        vcs = getVcsModel()
+                                    )
+                                },
                                 localPath = null
                             )
                         }