feat: support running detectors

cmd/osv-scanner/internal/helper/detectors_parser.go

@@ -0,0 +1,52 @@
+package helper
+
+import (
+	"github.com/google/osv-scalibr/detector"
+	"github.com/google/osv-scalibr/detector/list"
+	"github.com/google/osv-scanner/v2/internal/cmdlogger"
+)
+
+var detectorPresets = map[string]list.InitMap{
+	"cis":         list.CIS,
+	"govulncheck": list.Govulncheck,
+	"untested":    list.Untested,
+	"weakcreds":   list.Weakcreds,
+}
+
+func ResolveEnabledDetectors(enabledDetectors []string, disabledDetectors []string) []detector.Detector {
+	detectors := make(map[string]bool)
+
+	for i, exts := range [][]string{enabledDetectors, disabledDetectors} {
+		enabled := i == 0
+
+		for _, detectorOrPreset := range exts {
+			if names, ok := detectorPresets[detectorOrPreset]; ok {
+				for name := range names {
+					detectors[name] = enabled
+				}
+
+				continue
+			}
+
+			detectors[detectorOrPreset] = enabled
+		}
+	}
+
+	asSlice := make([]detector.Detector, 0, len(detectors))
+
+	for name, enabled := range detectors {
+		if enabled && name != "" {
+			loaded, err := list.DetectorsFromName(name)
+
+			if err != nil {
+				cmdlogger.Errorf("%s", err)
+
+				continue
+			}
+
+			asSlice = append(asSlice, loaded...)
+		}
+	}
+
+	return asSlice
+}

cmd/osv-scanner/internal/helper/detectors_parser_test.go

@@ -0,0 +1,194 @@
+package helper
+
+import (
+	"slices"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/osv-scalibr/detector/cis/generic_linux/etcpasswdpermissions"
+	"github.com/google/osv-scalibr/detector/govulncheck/binary"
+	"github.com/google/osv-scalibr/detector/weakcredentials/codeserver"
+	"github.com/google/osv-scalibr/detector/weakcredentials/etcshadow"
+	"github.com/google/osv-scalibr/detector/weakcredentials/filebrowser"
+	"github.com/google/osv-scalibr/detector/weakcredentials/winlocal"
+)
+
+func TestResolveEnabledDetectors(t *testing.T) {
+	t.Parallel()
+
+	type args struct {
+		enabledDetectors  []string
+		disabledDetectors []string
+	}
+	tests := []struct {
+		name string
+		args args
+		want []string
+	}{
+		{
+			name: "nothing_enabled_or_disabled",
+			args: args{
+				enabledDetectors:  nil,
+				disabledDetectors: nil,
+			},
+			want: []string{},
+		},
+		{
+			name: "empty_strings_are_ignored",
+			args: args{
+				enabledDetectors:  []string{""},
+				disabledDetectors: []string{""},
+			},
+			want: []string{},
+		},
+		//
+		{
+			name: "one_detector_enabled_and_nothing_disabled",
+			args: args{
+				enabledDetectors:  []string{etcshadow.Name},
+				disabledDetectors: nil,
+			},
+			want: []string{etcshadow.Name},
+		},
+		{
+			name: "one_detector_enabled_and_different_detector_disabled",
+			args: args{
+				enabledDetectors:  []string{etcshadow.Name},
+				disabledDetectors: []string{binary.Name},
+			},
+			want: []string{etcshadow.Name},
+		},
+		{
+			name: "one_detector_enabled_and_same_detector_disabled",
+			args: args{
+				enabledDetectors:  []string{etcshadow.Name},
+				disabledDetectors: []string{etcshadow.Name},
+			},
+			want: []string{},
+		},
+		//
+		{
+			name: "one_preset_enabled_and_nothing_disabled",
+			args: args{
+				enabledDetectors:  []string{"weakcreds"},
+				disabledDetectors: nil,
+			},
+			want: []string{
+				codeserver.Name,
+				etcshadow.Name,
+				filebrowser.Name,
+				winlocal.Name,
+			},
+		},
+		{
+			name: "one_preset_enabled_and_different_preset_disabled",
+			args: args{
+				enabledDetectors:  []string{"weakcreds"},
+				disabledDetectors: []string{"untested"},
+			},
+			want: []string{
+				codeserver.Name,
+				etcshadow.Name,
+				filebrowser.Name,
+				winlocal.Name,
+			},
+		},
+		{
+			name: "one_preset_enabled_and_same_preset_disabled",
+			args: args{
+				enabledDetectors:  []string{"weakcreds"},
+				disabledDetectors: []string{"weakcreds"},
+			},
+			want: []string{},
+		},
+		{
+			name: "one_preset_enabled_and_some_detectors_disabled",
+			args: args{
+				enabledDetectors:  []string{"weakcreds"},
+				disabledDetectors: []string{codeserver.Name, filebrowser.Name},
+			},
+			want: []string{
+				etcshadow.Name,
+				winlocal.Name,
+			},
+		},
+		//
+		{
+			name: "multiple_presets_enabled_and_nothing_disabled",
+			args: args{
+				enabledDetectors:  []string{"weakcreds", "cis"},
+				disabledDetectors: []string{},
+			},
+			want: []string{
+				codeserver.Name,
+				etcshadow.Name,
+				filebrowser.Name,
+				winlocal.Name,
+				etcpasswdpermissions.Name,
+			},
+		},
+		//
+		{
+			name: "multiple_detectors_enabled_and_one_disabled_preset",
+			args: args{
+				enabledDetectors: []string{
+					etcshadow.Name,
+					filebrowser.Name,
+					etcpasswdpermissions.Name,
+				},
+				disabledDetectors: []string{"weakcreds"},
+			},
+			want: []string{
+				etcpasswdpermissions.Name,
+			},
+		},
+		{
+			name: "multiple_detectors_enabled_and_disabled",
+			args: args{
+				enabledDetectors: []string{
+					etcshadow.Name,
+					filebrowser.Name,
+					etcpasswdpermissions.Name,
+				},
+				disabledDetectors: []string{
+					codeserver.Name,
+					winlocal.Name,
+				},
+			},
+			want: []string{
+				etcshadow.Name,
+				filebrowser.Name,
+				etcpasswdpermissions.Name,
+			},
+		},
+		//
+		{
+			name: "detector_that_does_not_exist",
+			args: args{
+				enabledDetectors:  []string{"???"},
+				disabledDetectors: nil,
+			},
+			want: []string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			got := ResolveEnabledDetectors(tt.args.enabledDetectors, tt.args.disabledDetectors)
+
+			slices.Sort(tt.want)
+
+			gotNames := make([]string, 0, len(got))
+			for _, detector := range got {
+				gotNames = append(gotNames, detector.Name())
+			}
+
+			slices.Sort(gotNames)
+
+			if diff := cmp.Diff(tt.want, gotNames); diff != "" {
+				t.Errorf("replaceJSONInput() diff (-want +got): %s", diff)
+			}
+		})
+	}
+}

cmd/osv-scanner/internal/helper/extractors_parser.go

@@ -6,6 +6,7 @@ import (
 	"github.com/google/osv-scanner/v2/internal/scalibrextract"
 )
 
+// todo: rename this to be clearer now we've got `detectorPresets`
 var presets = map[string][]string{
 	"sbom":      scalibrextract.ExtractorsSBOMs,
 	"lockfile":  scalibrextract.ExtractorsLockfiles,

cmd/osv-scanner/internal/helper/flags.go

@@ -176,5 +176,13 @@ func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
 			Name:  "experimental-disable-extractors",
 			Usage: "list of specific extractors and presets of extractors to not use",
 		},
+		&cli.StringSliceFlag{
+			Name:  "experimental-detectors",
+			Usage: "list of specific detectors and presets of detectors to use",
+		},
+		&cli.StringSliceFlag{
+			Name:  "experimental-disable-detectors",
+			Usage: "list of specific detectors and presets of detectors to not use",
+		},
 	}
 }

cmd/osv-scanner/internal/helper/getters.go

@@ -52,5 +52,9 @@ func GetExperimentalScannerActions(cmd *cli.Command) osvscanner.ExperimentalScan
 			cmd.StringSlice("experimental-extractors"),
 			cmd.StringSlice("experimental-disable-extractors"),
 		),
+		Detectors: ResolveEnabledDetectors(
+			cmd.StringSlice("experimental-detectors"),
+			cmd.StringSlice("experimental-disable-detectors"),
+		),
 	}
 }