chore(SP-2487): add test case to verify correct obfuscation

Author: isasmendiagus

src/main/java/com/scanoss/Winnowing.java

@@ -40,6 +40,8 @@
 import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicLong;
 import java.util.zip.CRC32C;
 import java.util.zip.Checksum;
 
@@ -71,10 +73,13 @@ public class Winnowing {
     @Builder.Default
     private int snippetLimit = MAX_LONG_LINE_CHARS; // Enable limiting of size of a single line of snippet generation
     @Builder.Default
-    private Map<String, String> obfuscationMap = new HashMap<>();
+    private Map<String, String> obfuscationMap = new ConcurrentHashMap<>();
+    @Builder.Default
+    private static final AtomicLong idGenerator = new AtomicLong(0); //Incremental ids used for obfuscating path
 
     /**
      * Resolves the real file path for a given obfuscated path.
+     * This method is thread-safe and can be called concurrently from multiple threads.
      *
      * @param obfuscatedPath the obfuscated path
      * @return the real file path corresponding to the provided obfuscated path, or null if no mapping exists
@@ -200,19 +205,17 @@ public String wfpForContents(@NonNull String filename, Boolean binFile, byte[] c
 
     /**
      * Obfuscates the given file path by replacing it with a generated unique identifier while
-     * retaining its original file extension. The obfuscated path can be used to mask
-     * sensitive or easily guessable file names.
+     * retaining its original file extension.
+     * This method is thread-safe and can be called concurrently from multiple threads.
      *
      * @param originalPath the original file path to be obfuscated; must not be null
      * @return the obfuscated file path with a unique identifier and the original file extension
      */
     private String obfuscateFilePath(@NotNull String originalPath) {
         final String extension = extractExtension(originalPath);
 
-        // Generate a unique identifier for the obfuscated file
-        final int mapIndex = obfuscationMap.size();
-
-        final String obfuscatedPath = mapIndex + extension;
+        // Generate a unique identifier for the obfuscated file using a thread-safe approach
+        final String obfuscatedPath = idGenerator.getAndIncrement() + extension;
         this.obfuscationMap.put(obfuscatedPath, originalPath);
         return obfuscatedPath;
     }

src/test/java/com/scanoss/TestScanner.java

@@ -22,29 +22,61 @@
  */
 package com.scanoss;
 
+import com.google.gson.Gson;
+import com.scanoss.dto.ScanFileDetails;
+import com.scanoss.dto.ScanFileResult;
+import com.scanoss.dto.ServerDetails;
+import com.scanoss.dto.enums.MatchType;
 import com.scanoss.exceptions.ScannerException;
 import com.scanoss.filters.FilterConfig;
 import com.scanoss.settings.ScanossSettings;
 import com.scanoss.utils.JsonUtils;
+import com.scanoss.utils.WinnowingUtils;
 import lombok.extern.slf4j.Slf4j;
+import okhttp3.mockwebserver.Dispatcher;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.jetbrains.annotations.NotNull;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
+import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
+import java.nio.file.*;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.*;
+import java.util.concurrent.*;
+import java.util.stream.Collectors;
 
 import static org.junit.Assert.*;
 
 @Slf4j
 public class TestScanner {
+    private MockWebServer server;
+
+
     @Before
-    public void Setup() {
+    public void Setup() throws IOException{
         log.info("Starting Scanner test cases...");
         log.debug("Logging debug enabled");
         log.trace("Logging trace enabled");
+        log.info("Starting Mock Server...");
+        server = new MockWebServer();
+        server.start();
+    }
+
+    @After
+    public void Finish() {
+        log.info("Shutting down mock server.");
+        try {
+            server.close();
+            server.shutdown();
+        } catch (IOException e) {
+            log.warn("Some issue shutting down mock server: {}", e.getLocalizedMessage());
+        }
     }
 
     @Test
@@ -409,4 +441,116 @@ public void TestScannerCustomFilterConfig() {
 
         log.info("Finished {} -->", methodName);
     }
-}
+
+    /**
+     * Test that we can scan a folder with obfuscation enabled using a mock server.
+     * This test focuses on the path obfuscation/deobfuscation functionality in a multi-threaded environment.
+     * The dispatcher supports handling multiple files in a single request.
+     */
+    @Test
+    public void testConcurrentScanWithObfuscation() throws IOException {
+        final String folderToScan = "src/test";
+
+        // Set to capture all paths received by the server
+        final Set<String> receivedPaths = ConcurrentHashMap.newKeySet();
+
+        // Collect all files in the src/test folder before scanning
+        final Set<String> allSourceFilePaths = Files.walk(Paths.get(folderToScan))
+                .filter(path -> !Files.isDirectory(path))
+                .map(path -> {
+                    // Convert to relative path with forward slashes
+                    String relativePath = Paths.get(folderToScan).relativize(path).toString();
+                    return relativePath.replace(File.separatorChar, '/');
+                })
+                .collect(Collectors.toSet());
+
+        log.info("Found {} files in source directory", allSourceFilePaths.size());
+
+
+
+
+
+        // Configure the MockWebServer to return a 'no match' response for any request.
+        // This is important for testing without depending on actual scan results.
+        //TODO: Extend the mock webserver to other tests.
+        final Dispatcher dispatcher = new Dispatcher() {
+            @NotNull
+            @Override
+            public MockResponse dispatch(RecordedRequest request) {
+                // Extract the WFP from the request and parse all obfuscated paths
+                String requestBody = request.getBody().readUtf8();
+                Set<String> paths = WinnowingUtils.extractFilePathsFromWFPBlock(requestBody);
+
+                // Store all received paths for later verification
+                receivedPaths.addAll(paths);
+
+
+                for (String path : paths) {
+                    log.debug("Server received obfuscated path: {}", path);
+                }
+
+                if (paths.isEmpty()) {
+                    return new MockResponse()
+                            .setResponseCode(400)
+                            .setBody("error: Bad Request - No valid obfuscated paths found");
+                }
+
+                // Create response objects using the DTO classes
+                Map<String, List<ScanFileDetails>> responseMap = new HashMap<>();
+
+                // Create server details object (same for all responses)
+                ServerDetails.KbVersion kbVersion = new ServerDetails.KbVersion("25.05", "21.05.21");
+                ServerDetails serverDetails = new ServerDetails("5.4.10", kbVersion);
+
+                // Create a "none" match result for each path
+                for (String path : paths) {
+                    ScanFileDetails noMatchResult = ScanFileDetails.builder()
+                            .matchType(MatchType.none)
+                            .serverDetails(serverDetails)
+                            .build();
+
+                    responseMap.put(path, Collections.singletonList(noMatchResult));
+                }
+
+                // Convert to JSON
+                Gson gson = new Gson();
+                String responseJson = gson.toJson(responseMap);
+
+                return new MockResponse()
+                        .setResponseCode(200)
+                        .setBody(responseJson);
+            }
+        };
+        server.setDispatcher(dispatcher);
+
+        // Create a scanner with obfuscation enabled and multiple threads
+        Scanner scanner = Scanner.builder()
+                .obfuscate(true)
+                .numThreads(8) // Use multiple threads to process files
+                .url(server.url("/api/scan/direct").toString()) // Use our mock server
+                .build();
+
+        // Scan the files to test the full obfuscation/deobfuscation cycle
+        List<String> results = scanner.scanFolder(folderToScan);
+
+
+        // Verify we got scan results
+        assertNotNull("Should have scan results", results);
+        assertFalse("Should have result non empty", results.isEmpty());
+        log.info("Received {} scan results", results.size());
+
+        // Verify paths received by the server are obfuscated (not matching any source file paths)
+        for (String receivedPath : receivedPaths) {
+            assertFalse("Path should be obfuscated and not match any source path: " + receivedPath,
+                    allSourceFilePaths.contains(receivedPath));
+        }
+
+        List<ScanFileResult> resultsDto = JsonUtils.toScanFileResults(results);
+        // Verify (deobfuscation) that all results from scanFolder are valid file paths from our source directory
+        for (ScanFileResult r : resultsDto) {
+            assertTrue("Result should be a valid source file path: " + r.getFilePath(),
+                    allSourceFilePaths.contains(r.getFilePath()));
+        }
+
+    }
+}

src/test/java/com/scanoss/WinnowingConcurrencyTest.java

@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: MIT
+/*
+ * Copyright (c) 2025, SCANOSS
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package com.scanoss;
+
+import com.scanoss.exceptions.WinnowingException;
+import com.scanoss.utils.WinnowingUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Test;
+
+import java.io.File;
+import java.nio.file.Path;
+import java.util.*;
+import java.util.concurrent.*;
+import java.util.stream.Collectors;
+
+import static org.junit.Assert.*;
+
+/**
+ * Tests to validate thread safety of the path obfuscation feature in the Winnowing class.
+ */
+@Slf4j
+public class WinnowingConcurrencyTest {
+
+    /**
+     * Test that concurrent obfuscation of paths works correctly without data loss or corruption.
+     * This simulates multiple threads processing different files simultaneously.
+     */
+    @Test
+    public void testConcurrentObfuscation() throws InterruptedException, ExecutionException {
+        // Create a Winnowing instance with obfuscation enabled
+        Winnowing winnowing = Winnowing.builder().obfuscate(true).build();
+
+        // Number of concurrent threads to use
+        int threadCount = 50;
+        
+        // Create a thread pool
+        ExecutorService executor = Executors.newFixedThreadPool(10);
+        
+        // Create a list of paths to obfuscate
+        List<String> paths = new ArrayList<>();
+        for (int i = 0; i < threadCount; i++) {
+            paths.add("/path/to/file" + i + ".java");
+        }
+        
+        // Tasks for concurrent obfuscation
+        List<Future<String>> obfuscationTasks = new ArrayList<>();
+        
+        // Submit tasks to executor - each task will obfuscate a path and return the WFP
+        for (String path : paths) {
+            obfuscationTasks.add(executor.submit(() -> {
+                byte[] contents = ("sample content for " + path).getBytes();
+                return winnowing.wfpForContents(path, false, contents);
+            }));
+        }
+        
+        // Collect results
+        List<String> results = new ArrayList<>();
+        for (Future<String> future : obfuscationTasks) {
+            results.add(future.get());
+        }
+        
+        // Shutdown executor
+        executor.shutdown();
+        assertTrue("Executor should terminate within timeout", executor.awaitTermination(10, TimeUnit.SECONDS));
+        
+        // Verify each path was processed successfully
+        assertEquals("All paths should have been processed", threadCount, results.size());
+        
+        // Extract the obfuscated paths from the WFPs
+        Set<String> obfuscatedPaths = new HashSet<>();
+        Map<String, String> originalToObfuscated = new HashMap<>();
+        
+        for (int i = 0; i < results.size(); i++) {
+            String wfp = results.get(i);
+            String obfuscatedPath = WinnowingUtils.extractFilePathFromWFP(wfp);
+            
+            assertNotNull("Obfuscated path should not be null", obfuscatedPath);
+            assertTrue("Obfuscated path should end with .java", obfuscatedPath.endsWith(".java"));
+            
+            // Store for uniqueness check
+            obfuscatedPaths.add(obfuscatedPath);
+            
+            // Verify deobfuscation works
+            String originalPath = winnowing.deobfuscateFilePath(obfuscatedPath);
+            assertNotNull("Original path should be recoverable", originalPath);
+            assertTrue("Original path should match one of the input paths", paths.contains(originalPath));
+            
+            // Map original to obfuscated for additional checking
+            originalToObfuscated.put(paths.get(i), obfuscatedPath);
+        }
+        
+        // Verify all obfuscated paths are unique
+        assertEquals("Each path should have a unique obfuscated value", threadCount, obfuscatedPaths.size());
+        
+        // Verify all original paths can be deobfuscated
+        for (String originalPath : paths) {
+            String obfuscatedPath = originalToObfuscated.get(originalPath);
+            String recoveredPath = winnowing.deobfuscateFilePath(obfuscatedPath);
+            assertEquals("Deobfuscation should recover the original path", originalPath, recoveredPath);
+        }
+    }
+
+}