feat(python): Add a consistency check to python-inspector runs

sschuberth · sschuberth · commit 0b9fa5b2afcc · 2025-07-29T10:17:02.000+02:00
For `PoetryFunTest`, this shows that there are several inconsistencies that need to be investigated. Relates to #7660 and #10638. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
diff --git a/plugins/package-managers/python/src/main/kotlin/utils/PythonInspector.kt b/plugins/package-managers/python/src/main/kotlin/utils/PythonInspector.kt
@@ -27,6 +27,8 @@ import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonNamingStrategy
 import kotlinx.serialization.json.decodeFromStream
 
+import org.apache.logging.log4j.kotlin.logger
+
 import org.ossreviewtoolkit.utils.common.CommandLineTool
 import org.ossreviewtoolkit.utils.common.safeDeleteRecursively
 import org.ossreviewtoolkit.utils.ort.createOrtTempFile
@@ -105,6 +107,25 @@ internal object PythonInspector : CommandLineTool {
             ).requireSuccess()
             val binaryResult = outputFile.inputStream().use { json.decodeFromStream<Result>(it) }
 
+            // Do a consistency check on the binary packages.
+            val packagePurls = mutableSetOf<String>()
+            binaryResult.projects.forEach { project ->
+                project.packageData.forEach { data ->
+                    data.dependencies.mapTo(packagePurls) { it.purl }
+                }
+            }
+
+            if (packagePurls.size != binaryResult.packages.size) {
+                logger.warn {
+                    "The number of unique dependencies (${packagePurls.size}) does not match the number of packages " +
+                        "(${binaryResult.packages.size}), which might indicate a bug in python-inspector."
+                }
+
+                val resultsPurls = binaryResult.packages.mapTo(mutableSetOf()) { it.purl }
+                logger.warn { "Packages that are not contained as dependencies: ${packagePurls - resultsPurls}" }
+                logger.warn { "Dependencies that are not contained as packages: ${resultsPurls - packagePurls}" }
+            }
+
             // TODO: Avoid this terrible hack to run once more with `--prefer-source` to work around
             //       https://github.com/aboutcode-org/python-inspector/issues/229.
             run(
