[ANE-2297] include the archive name in paths for vendored deps and first-party-license scans (#1520)

* update the Changelog

Author: spatten

Changelog.md

@@ -1,4 +1,7 @@
 # FOSSA CLI Changelog
+## 3.10.3
+
+License Scanning: Added the archive name to the path for licenses found inside of archives during vendored dependency and first-party license scanning ([#1520](https://github.com/fossas/fossa-cli/pull/1520))
 
 ## 3.10.2
 

integration-test/Analysis/LicenseScannerSpec.hs

@@ -102,8 +102,8 @@ spec = do
         Success _ us -> do
           length us `shouldBe` 3
           NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["No_license_found", "apache-2.0", "mit"]
-          NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo/bar/MIT_LICENSE", "vendor/foo/bar/baz/SOMETHING_LICENSE", "vendor/foo/bar/baz/quux/QUUX_LICENSE"]
-          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
+          NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/MIT_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/SOMETHING_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/quux.tar.gz/quux/QUUX_LICENSE"]
+          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
           -- matchData should exist
           let matchData = concatMap NE.toList $ NE.toList (fromMaybe (NE.fromList []) . licenseUnitDataMatchData <$> licenseUnitData mitUnit)
           licenseUnitMatchDataMatchString <$> matchData `shouldBe` [Just mitLicense, Just mitLicense, Just mitLicense]
@@ -125,8 +125,8 @@ spec = do
         Success _ us -> do
           length us `shouldBe` 3
           NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["No_license_found", "apache-2.0", "mit"]
-          NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo/bar/MIT_LICENSE", "vendor/foo/bar/baz/SOMETHING_LICENSE", "vendor/foo/bar/baz/quux/QUUX_LICENSE"]
-          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
+          NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/MIT_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/SOMETHING_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/quux.tar.gz/quux/QUUX_LICENSE"]
+          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
           -- We should get Contents since we're running themis with --srclib-with-full-files
           licenseUnitDataContents <$> licenseUnitData mitUnit `shouldBe` NE.fromList [Just mitLicense, Just mitLicense, Just mitLicense]
           -- matchData should be all Nothing
@@ -149,7 +149,7 @@ spec = do
         Success _ us -> do
           length us `shouldBe` 1
           NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["apache-2.0"]
-          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
+          NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
           where
             apacheUnit :: LicenseUnit
             apacheUnit = fromMaybe emptyLicenseUnit (head' $ NE.filter (\u -> licenseUnitName u == "apache-2.0") us)

src/App/Fossa/LicenseScanner.hs

@@ -71,7 +71,7 @@ import Fossa.API.Types (
   OrgId,
   Organization (organizationId),
  )
-import Path (Abs, Dir, File, Path, SomeBase (Abs, Rel), fileExtension, parent, (</>))
+import Path (Abs, Dir, File, Path, SomeBase (Abs, Rel), fileExtension, toFilePath, (</>))
 import Path.Extra (SomePath (..), tryMakeRelative)
 import Prettyprinter (Pretty (pretty))
 import Srclib.Types (
@@ -80,6 +80,7 @@ import Srclib.Types (
   LicenseUnit (..),
   Locator (..),
  )
+import System.FilePath qualified as FP
 import Types (LicenseScanPathFilters (licenseScanPathFilterFileExclude))
 
 data LicenseScanErr
@@ -139,7 +140,7 @@ recursivelyScanArchives ::
 recursivelyScanArchives pathPrefix licenseScanPathFilters uploadKind dir = flip walk' dir $
   \_ _ files -> do
     let process file unpackedDir = do
-          let updatedPathPrefix = pathPrefix <> getPathPrefix dir (parent file)
+          let updatedPathPrefix = pathPrefix <> getPathPrefix dir file
           currentDirResults <- withThemisAndIndex $ themisRunner updatedPathPrefix licenseScanPathFilters uploadKind unpackedDir
           recursiveResults <- recursivelyScanArchives updatedPathPrefix licenseScanPathFilters uploadKind unpackedDir
           pure $ currentDirResults <> recursiveResults
@@ -240,7 +241,7 @@ getPathPrefix :: Path Abs Dir -> Path Abs t -> Text
 getPathPrefix baseDir scanPath = do
   case tryMakeRelative baseDir scanPath of
     Path.Abs _ -> Text.empty
-    Path.Rel path -> toText path
+    Path.Rel path -> toText $ FP.addTrailingPathSeparator $ toFilePath path
 
 scanArchive ::
   ( Has Diagnostics sig m
@@ -264,7 +265,7 @@ scanArchive baseDir licenseScanPathFilters uploadKind file = runFinally $ do
       Just units -> pure units
   where
     pathPrefix :: Text
-    pathPrefix = getPathPrefix baseDir (parent $ scanFile file)
+    pathPrefix = getPathPrefix baseDir $ scanFile file
 
 scanDirectory ::
   ( Has Exec sig m