feat: replace pomxmlenhanceable extractor with transitive enricher

Author: G-Rath

cmd/osv-scanner/scan/source/command_test.go

@@ -1295,6 +1295,11 @@ func TestCommand_Transitive(t *testing.T) {
 			Args: []string{"", "source", "--experimental-disable-plugins=python/requirements", "./testdata/locks-requirements/requirements-transitive.txt"},
 			Exit: 128,
 		},
+		{
+			Name: "transitive_pomxml_enricher_requires_enabled_pomxml_extractor",
+			Args: []string{"", "source", "--experimental-disable-plugins=java/pomxml", "./testdata/maven-transitive/abc.xml"},
+			Exit: 128,
+		},
 	}
 
 	for _, tt := range tests {

internal/scalibrextract/language/java/pomxmlenhanceable/pomxmlenhanceable.go

@@ -53,7 +53,7 @@ haskell/cabal
 haskell/stacklock
 java/gradlelockfile
 java/gradleverificationmetadataxml
-java/pomxmlenhanceable
+java/pomxml
 javascript/bunlock
 javascript/packagelockjson
 javascript/pnpmlock

internal/scalibrplugin/__snapshots__/resolve_test.snap

@@ -24,6 +24,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/archive"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
@@ -47,7 +48,6 @@ import (
 	"github.com/google/osv-scanner/v2/internal/datasource"
 	"github.com/google/osv-scanner/v2/internal/depsdev"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
@@ -82,7 +82,7 @@ var ExtractorPresets = map[string]extractors.InitMap{
 		// Java
 		gradlelockfile.Name:                {noCFG(gradlelockfile.New)},
 		gradleverificationmetadataxml.Name: {noCFG(gradleverificationmetadataxml.New)},
-		pomxmlenhanceable.Name:             {noCFG(pomxmlenhanceable.New)},
+		pomxml.Name:                        {noCFG(pomxml.New)},
 
 		// Javascript
 		packagelockjson.Name: {noCFG(packagelockjson.NewDefault)},

internal/scalibrplugin/presets.go

@@ -8,7 +8,6 @@ import (
 	"github.com/google/osv-scalibr/plugin/list"
 	"github.com/google/osv-scanner/v2/internal/cmdlogger"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
@@ -22,9 +21,6 @@ func resolveFromName(name string) (plugin.Plugin, error) {
 	}
 
 	switch name {
-	// Java
-	case pomxmlenhanceable.Name:
-		return pomxmlenhanceable.New(), nil
 	// Javascript
 	case nodemodules.Name:
 		return nodemodules.New(), nil

internal/scalibrplugin/resolve.go

@@ -21,6 +21,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/haskell/stacklock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
@@ -37,7 +38,6 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/apk"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
 	"github.com/google/osv-scalibr/plugin"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 )
 
@@ -49,7 +49,7 @@ var osvscannerScalibrExtractionMapping = map[string][]string{
 	"pnpm-lock.yaml":              {pnpmlock.Name},
 	"yarn.lock":                   {yarnlock.Name},
 	"package-lock.json":           {packagelockjson.Name},
-	"pom.xml":                     {pomxmlenhanceable.Name},
+	"pom.xml":                     {pomxml.Name},
 	"buildscript-gradle.lockfile": {gradlelockfile.Name},
 	"gradle.lockfile":             {gradlelockfile.Name},
 	"verification-metadata.xml":   {gradleverificationmetadataxml.Name},

pkg/osvscanner/internal/scanners/lockfile.go

@@ -15,6 +15,7 @@ import (
 	"github.com/google/osv-scalibr/enricher"
 	"github.com/google/osv-scalibr/enricher/packagedeprecation"
 	"github.com/google/osv-scalibr/enricher/reachability/java"
+	transitivedependencypomxml "github.com/google/osv-scalibr/enricher/transitivedependency/pomxml"
 	transitivedependencyrequirements "github.com/google/osv-scalibr/enricher/transitivedependency/requirements"
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/extractor/filesystem"
@@ -27,7 +28,6 @@ import (
 	"github.com/google/osv-scanner/v2/internal/cmdlogger"
 	"github.com/google/osv-scanner/v2/internal/imodels"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitcommitdirect"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
 	"github.com/google/osv-scanner/v2/internal/scalibrplugin"
@@ -39,25 +39,6 @@ var ErrExtractorNotFound = errors.New("could not determine extractor suitable to
 
 func configurePlugins(plugins []plugin.Plugin, accessors ExternalAccessors, actions ScannerActions) {
 	for _, plug := range plugins {
-		if !actions.TransitiveScanning.Disabled {
-			err := pomxmlenhanceable.EnhanceIfPossible(plug, &cpb.PluginConfig{
-				UserAgent: actions.RequestUserAgent,
-				PluginSpecific: []*cpb.PluginSpecificConfig{
-					{
-						Config: &cpb.PluginSpecificConfig_PomXmlNet{
-							PomXmlNet: &cpb.POMXMLNetConfig{
-								UpstreamRegistry:    actions.TransitiveScanning.MavenRegistry,
-								DepsDevRequirements: !actions.TransitiveScanning.NativeDataSource,
-							},
-						},
-					},
-				},
-			})
-			if err != nil {
-				log.Errorf("Failed to enhance pomxml extractor: %v", err)
-			}
-		}
-
 		vendored.Configure(plug, vendored.Config{
 			// Only attempt to vendor check git directories if we are not skipping scanning root git directories
 			ScanGitDir: !actions.IncludeGitRoot,
@@ -78,6 +59,18 @@ func isRequirementsExtractorEnabled(plugins []plugin.Plugin) bool {
 	return false
 }
 
+func isPomXmlExtractorEnabled(plugins []plugin.Plugin) bool {
+	for _, plug := range plugins {
+		_, ok := plug.(*requirements.Extractor)
+
+		if ok {
+			return true
+		}
+	}
+
+	return false
+}
+
 func getPlugins(defaultPlugins []string, accessors ExternalAccessors, actions ScannerActions) []plugin.Plugin {
 	if !actions.PluginsNoDefaults {
 		actions.PluginsEnabled = append(actions.PluginsEnabled, defaultPlugins...)
@@ -93,15 +86,39 @@ func getPlugins(defaultPlugins []string, accessors ExternalAccessors, actions Sc
 
 	plugins := scalibrplugin.Resolve(actions.PluginsEnabled, actions.PluginsDisabled)
 
-	// TODO: Use Enricher.RequiredPlugins to check this generically
-	if !actions.TransitiveScanning.Disabled && isRequirementsExtractorEnabled(plugins) {
-		p, err := transitivedependencyrequirements.New(&cpb.PluginConfig{
-			UserAgent: actions.RequestUserAgent,
-		})
-		if err != nil {
-			log.Errorf("Failed to make transitivedependencyrequirements enricher: %v", err)
-		} else {
-			plugins = append(plugins, p)
+	if !actions.TransitiveScanning.Disabled {
+		// TODO: Use Enricher.RequiredPlugins to check this generically
+		if isRequirementsExtractorEnabled(plugins) {
+			p, err := transitivedependencyrequirements.New(&cpb.PluginConfig{
+				UserAgent: actions.RequestUserAgent,
+			})
+			if err != nil {
+				log.Errorf("Failed to make transitivedependencyrequirements enricher: %v", err)
+			} else {
+				plugins = append(plugins, p)
+			}
+		}
+
+		// TODO: Use Enricher.RequiredPlugins to check this generically
+		if isPomXmlExtractorEnabled(plugins) {
+			p, err := transitivedependencypomxml.New(&cpb.PluginConfig{
+				UserAgent: actions.RequestUserAgent,
+				PluginSpecific: []*cpb.PluginSpecificConfig{
+					{
+						Config: &cpb.PluginSpecificConfig_PomXmlNet{
+							PomXmlNet: &cpb.POMXMLNetConfig{
+								UpstreamRegistry:    actions.TransitiveScanning.MavenRegistry,
+								DepsDevRequirements: !actions.TransitiveScanning.NativeDataSource,
+							},
+						},
+					},
+				},
+			})
+			if err != nil {
+				log.Errorf("Failed to make transitivedependencypomxml enricher: %v", err)
+			} else {
+				plugins = append(plugins, p)
+			}
 		}
 	}