feat: replace pomxmlenhanceable extractor with transitive enricher (#2466)

~Blocked by #2461~
~Blocked by google/osv-scalibr#1674

Resolves #2465

Author: G-Rath

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

@@ -430,7 +430,7 @@ Scanned <rootdir>/testdata/locks-many-with-insecure/alpine.cdx.xml file and foun
 Scanned <rootdir>/testdata/locks-many-with-insecure/composer.lock file and found 6 packages
 Scanned <rootdir>/testdata/locks-many-with-insecure/package-lock.json file and found 1 package
 Scanned <rootdir>/testdata/locks-many-with-insecure/yarn.lock file and found 1 package
-Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 3 packages
+Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package
 Filtered 1 local/unscannable package/s from the scan.
 Package npm/has-flag/4.0.0 has been filtered out because: (no reason given)
 Package npm/wrappy/1.0.2 has been filtered out because: (no reason given)
@@ -5444,7 +5444,7 @@ Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/
 Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-web/2.14.1/log4j-web-2.14.1.pom
 Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j/2.14.1/log4j-2.14.1.pom
 Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/logging-parent/3/logging-parent-3.pom
-Scanned <rootdir>/testdata/maven-transitive/registry.xml file and found 59 packages
+Scanned <rootdir>/testdata/maven-transitive/registry.xml file and found 2 packages
 Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
 6 vulnerabilities can be fixed.
 
@@ -5499,7 +5499,7 @@ Total 3 packages affected by 11 known vulnerabilities (1 Critical, 4 High, 6 Med
 ---
 
 [TestCommand_Transitive/scans_dependencies_from_multiple_registries - 1]
-Scanned <rootdir>/testdata/maven-transitive/registry.xml file and found 59 packages
+Scanned <rootdir>/testdata/maven-transitive/registry.xml file and found 2 packages
 Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
 6 vulnerabilities can be fixed.
 
@@ -5522,7 +5522,7 @@ Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medi
 ---
 
 [TestCommand_Transitive/scans_pom.xml_with_non_UTF-8_encoding - 1]
-Scanned <rootdir>/testdata/maven-transitive/encoding.xml file and found 2 packages
+Scanned <rootdir>/testdata/maven-transitive/encoding.xml file and found 1 package
 Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
 1 vulnerability can be fixed.
 
@@ -5540,7 +5540,7 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium,
 ---
 
 [TestCommand_Transitive/scans_transitive_dependencies_by_specifying_pom.xml - 1]
-Scanned <rootdir>/testdata/maven-transitive/abc.xml file and found 3 packages
+Scanned <rootdir>/testdata/maven-transitive/abc.xml file and found 1 package
 Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
 5 vulnerabilities can be fixed.
 
@@ -5563,7 +5563,7 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu
 
 [TestCommand_Transitive/scans_transitive_dependencies_for_pom.xml_by_default - 1]
 Scanning dir ./testdata/maven-transitive/pom.xml
-Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 3 packages
+Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package
 Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
 5 vulnerabilities can be fixed.
 
@@ -5584,6 +5584,16 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu
 
 ---
 
+[TestCommand_Transitive/transitive_pomxml_enricher_requires_enabled_pomxml_extractor - 1]
+Scanning dir ./testdata/maven-transitive/abc.xml
+
+---
+
+[TestCommand_Transitive/transitive_pomxml_enricher_requires_enabled_pomxml_extractor - 2]
+No package sources found, --help for usage information.
+
+---
+
 [TestCommand_Transitive/transitive_requirements_enricher_requires_enabled_requirements_extractor - 1]
 Scanning dir ./testdata/locks-requirements/requirements-transitive.txt
 

cmd/osv-scanner/scan/source/command_test.go

@@ -1335,6 +1335,11 @@ func TestCommand_Transitive(t *testing.T) {
 			Args: []string{"", "source", "--experimental-disable-plugins=python/requirements", "./testdata/locks-requirements/requirements-transitive.txt"},
 			Exit: 128,
 		},
+		{
+			Name: "transitive_pomxml_enricher_requires_enabled_pomxml_extractor",
+			Args: []string{"", "source", "--experimental-disable-plugins=java/pomxml", "./testdata/maven-transitive/abc.xml"},
+			Exit: 128,
+		},
 	}
 
 	for _, tt := range tests {

internal/scalibrextract/language/java/pomxmlenhanceable/pomxmlenhanceable.go

@@ -53,7 +53,7 @@ haskell/cabal
 haskell/stacklock
 java/gradlelockfile
 java/gradleverificationmetadataxml
-java/pomxmlenhanceable
+java/pomxml
 javascript/bunlock
 javascript/packagelockjson
 javascript/pnpmlock

internal/scalibrplugin/__snapshots__/resolve_test.snap

@@ -24,6 +24,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/archive"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
@@ -48,7 +49,6 @@ import (
 	"github.com/google/osv-scanner/v2/internal/datasource"
 	"github.com/google/osv-scanner/v2/internal/depsdev"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
@@ -83,7 +83,7 @@ var ExtractorPresets = map[string]extractors.InitMap{
 		// Java
 		gradlelockfile.Name:                {gradlelockfile.New},
 		gradleverificationmetadataxml.Name: {gradleverificationmetadataxml.New},
-		pomxmlenhanceable.Name:             {pomxmlenhanceable.New},
+		pomxml.Name:                        {pomxml.New},
 
 		// Javascript
 		packagelockjson.Name: {packagelockjson.New},

internal/scalibrplugin/presets.go

@@ -9,7 +9,6 @@ import (
 	"github.com/google/osv-scalibr/plugin/list"
 	"github.com/google/osv-scanner/v2/internal/cmdlogger"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
@@ -23,9 +22,6 @@ func resolveFromName(name string) (plugin.Plugin, error) {
 	}
 
 	switch name {
-	// Java
-	case pomxmlenhanceable.Name:
-		return pomxmlenhanceable.New(&cpb.PluginConfig{})
 	// Javascript
 	case nodemodules.Name:
 		return nodemodules.New(&cpb.PluginConfig{})

internal/scalibrplugin/resolve.go

@@ -21,6 +21,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/haskell/stacklock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
@@ -38,7 +39,6 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/apk"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
 	"github.com/google/osv-scalibr/plugin"
-	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlenhanceable"
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
 )
 
@@ -50,7 +50,7 @@ var osvscannerScalibrExtractionMapping = map[string][]string{
 	"pnpm-lock.yaml":              {pnpmlock.Name},
 	"yarn.lock":                   {yarnlock.Name},
 	"package-lock.json":           {packagelockjson.Name},
-	"pom.xml":                     {pomxmlenhanceable.Name},
+	"pom.xml":                     {pomxml.Name},
 	"buildscript-gradle.lockfile": {gradlelockfile.Name},
 	"gradle.lockfile":             {gradlelockfile.Name},
 	"verification-metadata.xml":   {gradleverificationmetadataxml.Name},