feat: merge extractor and detector flags into plugins

cmd/osv-scanner/internal/helper/flags.go

@@ -168,21 +168,13 @@ func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
 			Value: &allowedLicencesFlag{},
 		},
 		&cli.StringSliceFlag{
-			Name:  "experimental-extractors",
-			Usage: "list of specific extractors and presets of extractors to use",
+			Name:  "experimental-plugins",
+			Usage: "list of specific plugins and presets of plugins to use",
 			Value: defaultExtractors,
 		},
 		&cli.StringSliceFlag{
-			Name:  "experimental-disable-extractors",
-			Usage: "list of specific extractors and presets of extractors to not use",
-		},
-		&cli.StringSliceFlag{
-			Name:  "experimental-detectors",
-			Usage: "list of specific detectors and presets of detectors to use",
-		},
-		&cli.StringSliceFlag{
-			Name:  "experimental-disable-detectors",
-			Usage: "list of specific detectors and presets of detectors to not use",
+			Name:  "experimental-disable-plugins",
+			Usage: "list of specific plugins and presets of plugins to not use",
 		},
 	}
 }

cmd/osv-scanner/internal/helper/getters.go

@@ -48,10 +48,7 @@ func GetCommonScannerActions(cmd *cli.Command, scanLicensesAllowlist []string) o
 
 func GetExperimentalScannerActions(cmd *cli.Command) osvscanner.ExperimentalScannerActions {
 	return osvscanner.ExperimentalScannerActions{
-		ExtractorsEnabled:  cmd.StringSlice("experimental-extractors"),
-		ExtractorsDisabled: cmd.StringSlice("experimental-disable-extractors"),
-
-		DetectorsEnabled:  cmd.StringSlice("experimental-detectors"),
-		DetectorsDisabled: cmd.StringSlice("experimental-disable-detectors"),
+		PluginsEnabled:  cmd.StringSlice("experimental-plugins"),
+		PluginsDisabled: cmd.StringSlice("experimental-disable-plugins"),
 	}
 }

cmd/osv-scanner/scan/image/command_test.go

@@ -19,9 +19,9 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "extractors_cancelled_out",
 			Args: []string{
 				"", "image",
-				"--experimental-extractors=sbom/spdx",
-				"--experimental-extractors=sbom/cdx",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom/spdx",
+				"--experimental-plugins=sbom/cdx",
+				"--experimental-disable-plugins=sbom",
 				"alpine:non-existent-tag",
 			},
 			Exit: 127,
@@ -30,8 +30,8 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "extractors_cancelled_out_with_presets",
 			Args: []string{
 				"", "image",
-				"--experimental-extractors=sbom",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom",
+				"--experimental-disable-plugins=sbom",
 				"alpine:non-existent-tag",
 			},
 			Exit: 127,
@@ -40,8 +40,8 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "extractors_cancelled_out",
 			Args: []string{
 				"", "image",
-				"--experimental-extractors=sbom/spdx,sbom/cdx",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom/spdx,sbom/cdx",
+				"--experimental-disable-plugins=sbom",
 				"alpine:non-existent-tag",
 			},
 			Exit: 127,
@@ -101,7 +101,7 @@ func TestCommand_Docker(t *testing.T) {
 			// since we've requested the os/apk extractor disabled, and there's nothing else
 			// in the image that we support extracting
 			Name: "real_alpine_image_without_apk_extractor_enabled",
-			Args: []string{"", "image", "--experimental-disable-extractors=os/apk", "alpine:3.18.9"},
+			Args: []string{"", "image", "--experimental-disable-plugins=os/apk", "alpine:3.18.9"},
 			Exit: 128,
 		},
 	}
@@ -221,7 +221,8 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
 			Args: []string{
 				"", "image",
-				"--experimental-detectors", "weakcredentials/etcshadow",
+				"--experimental-plugins", "os/apk",
+				"--experimental-plugins", "weakcredentials/etcshadow",
 				"--archive", "../../../../internal/image/fixtures/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -230,8 +231,9 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_disabled",
 			Args: []string{
 				"", "image",
-				"--experimental-detectors", "weakcreds",
-				"--experimental-disable-detectors", "weakcredentials/etcshadow",
+				"--experimental-plugins", "os/apk",
+				"--experimental-plugins", "weakcreds",
+				"--experimental-disable-plugins", "weakcredentials/etcshadow",
 				"--archive", "../../../../internal/image/fixtures/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -240,7 +242,8 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_detector_preset",
 			Args: []string{
 				"", "image",
-				"--experimental-detectors", "weakcreds",
+				"--experimental-plugins", "os/apk",
+				"--experimental-plugins", "weakcreds",
 				"--archive", "../../../../internal/image/fixtures/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -323,7 +326,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
 			Args: []string{
 				"", "image", "--format=json",
-				"--experimental-detectors", "weakcredentials/etcshadow",
+				"--experimental-plugins", "os/apk",
+				"--experimental-plugins", "weakcredentials/etcshadow",
 				"--archive", "../../../../internal/image/fixtures/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -338,7 +342,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_detector_preset",
 			Args: []string{
 				"", "image", "--format=json",
-				"--experimental-detectors", "weakcreds",
+				"--experimental-plugins", "os/apk",
+				"--experimental-plugins", "weakcreds",
 				"--archive", "../../../../internal/image/fixtures/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

@@ -1399,14 +1399,14 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi
 
 ---
 
-[TestCommand_ExplicitExtractors/empty_extractors_flag_does_nothing - 1]
+[TestCommand_ExplicitExtractors/empty_plugins_flag_does_nothing - 1]
 
 ---
 
-[TestCommand_ExplicitExtractors/empty_extractors_flag_does_nothing - 2]
-Incorrect Usage: flag needs an argument: --experimental-extractors=
+[TestCommand_ExplicitExtractors/empty_plugins_flag_does_nothing - 2]
+Incorrect Usage: flag needs an argument: --experimental-plugins=
 
-flag needs an argument: --experimental-extractors=
+flag needs an argument: --experimental-plugins=
 
 ---
 
@@ -1481,7 +1481,7 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi
 ---
 
 [TestCommand_ExplicitExtractors/scanning_directory_with_an_extractor_that_does_not_exist - 2]
-unknown extractor "custom/extractor"
+not an exact name for a plugin: "custom/extractor"
 
 ---
 

cmd/osv-scanner/scan/source/command_test.go

@@ -303,35 +303,35 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 
 	tests := []testcmd.Case{
 		{
-			Name: "empty_extractors_flag_does_nothing",
-			Args: []string{"", "source", "--experimental-extractors="},
+			Name: "empty_plugins_flag_does_nothing",
+			Args: []string{"", "source", "--experimental-plugins="},
 			Exit: 127,
 		},
 		{
 			Name: "extractors_cancelled_out_specified_individually",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=sbom/spdx",
-				"--experimental-extractors=sbom/cdx",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom/spdx",
+				"--experimental-plugins=sbom/cdx",
+				"--experimental-disable-plugins=sbom",
 			},
 			Exit: 127,
 		},
 		{
 			Name: "extractors_cancelled_out_specified_together",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=sbom/spdx,sbom/cdx",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom/spdx,sbom/cdx",
+				"--experimental-disable-plugins=sbom",
 			},
 			Exit: 127,
 		},
 		{
 			Name: "extractors_cancelled_out_with_presets",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=sbom",
-				"--experimental-disable-extractors=sbom",
+				"--experimental-plugins=sbom",
+				"--experimental-disable-plugins=sbom",
 			},
 			Exit: 127,
 		},
@@ -341,7 +341,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_directory_with_one_specific_extractor_enabled",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson",
+				"--experimental-plugins=javascript/packagelockjson",
 				"./fixtures/locks-many",
 			},
 			Exit: 0,
@@ -350,9 +350,9 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_directory_with_an_extractor_that_does_not_exist",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson",
-				"--experimental-extractors=custom/extractor",
-				"--experimental-disable-extractors=custom/anotherextractor",
+				"--experimental-plugins=javascript/packagelockjson",
+				"--experimental-plugins=custom/extractor",
+				"--experimental-disable-plugins=custom/anotherextractor",
 				"./fixtures/locks-many",
 			},
 			Exit: 127,
@@ -363,8 +363,8 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_directory_with_a_couple_of_specific_extractors_enabled_individually",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson",
-				"--experimental-extractors=php/composerlock",
+				"--experimental-plugins=javascript/packagelockjson",
+				"--experimental-plugins=php/composerlock",
 				"./fixtures/locks-many",
 			},
 			Exit: 0,
@@ -375,7 +375,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson,php/composerlock",
+				"--experimental-plugins=javascript/packagelockjson,php/composerlock",
 				"./fixtures/locks-many",
 			},
 			Exit: 0,
@@ -386,7 +386,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_directory_with_one_specific_extractor_disabled",
 			Args: []string{
 				"", "source",
-				"--experimental-disable-extractors=javascript/packagelockjson",
+				"--experimental-disable-plugins=javascript/packagelockjson",
 				"./fixtures/locks-many",
 			},
 			Exit: 0,
@@ -397,7 +397,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_file_with_one_specific_extractor_enabled",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson",
+				"--experimental-plugins=javascript/packagelockjson",
 				"./fixtures/locks-many/package-lock.json",
 			},
 			Exit: 0,
@@ -408,7 +408,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_file_with_one_different_extractor_enabled",
 			Args: []string{
 				"", "source",
-				"--experimental-extractors=javascript/packagelockjson",
+				"--experimental-plugins=javascript/packagelockjson",
 				"./fixtures/locks-many/composer.lock",
 			},
 			Exit: 128,
@@ -420,7 +420,7 @@ func TestCommand_ExplicitExtractors(t *testing.T) {
 			Name: "scanning_file_with_parse_as_but_specific_extractor_disabled",
 			Args: []string{
 				"", "source",
-				"--experimental-disable-extractors=javascript/packagelockjson",
+				"--experimental-disable-plugins=javascript/packagelockjson",
 				"-L", "package-lock.json:./fixtures/locks-many/composer.lock",
 			},
 			Exit: 127,
@@ -1050,7 +1050,8 @@ func TestCommand_WithDetector_OnLinux(t *testing.T) {
 			Name: "ssh_version_is_before_first_vuln_version",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,
@@ -1060,7 +1061,8 @@ func TestCommand_WithDetector_OnLinux(t *testing.T) {
 			Name: "ssh_version_is_after_last_vuln_version",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,
@@ -1070,7 +1072,8 @@ func TestCommand_WithDetector_OnLinux(t *testing.T) {
 			Name: "ssh_version_errors",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,
@@ -1119,7 +1122,8 @@ func TestCommand_WithDetector_OffLinux(t *testing.T) {
 			Name: "ssh_version_is_before_first_vuln_version",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,
@@ -1129,7 +1133,8 @@ func TestCommand_WithDetector_OffLinux(t *testing.T) {
 			Name: "ssh_version_is_after_last_vuln_version",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,
@@ -1139,7 +1144,8 @@ func TestCommand_WithDetector_OffLinux(t *testing.T) {
 			Name: "ssh_version_errors",
 			Args: []string{
 				"", "source",
-				"--experimental-detectors", "cve/cve-2023-38408",
+				"--experimental-plugins", "php/composerlock",
+				"--experimental-plugins", "cve/cve-2023-38408",
 				filepath.Join(testDir, "composer.lock"),
 			},
 			Exit: 0,