feat: pass the same config with user agent to all plugins (#2545)

G-Rath · web-flow · commit a796e33b59e9 · 2026-02-23T00:33:43.000Z
I think this will be very useful for #2537 - on its own, it means that all plugins which make external requests will use the configured user agent, though I think in practice that's really just our two transitive enrichers 😅
diff --git a/internal/scalibrplugin/resolve.go b/internal/scalibrplugin/resolve.go
@@ -14,8 +14,8 @@ import (
 	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
 )
 
-func resolveFromName(name string) (plugin.Plugin, error) {
-	plug, err := list.FromName(name, nil)
+func resolveFromName(name string, cfg *cpb.PluginConfig) (plugin.Plugin, error) {
+	plug, err := list.FromName(name, cfg)
 
 	if err == nil {
 		return plug, nil
@@ -24,20 +24,20 @@ func resolveFromName(name string) (plugin.Plugin, error) {
 	switch name {
 	// Javascript
 	case nodemodules.Name:
-		return nodemodules.New(&cpb.PluginConfig{})
+		return nodemodules.New(cfg)
 	// Directories
 	case vendored.Name:
-		return vendored.New(&cpb.PluginConfig{})
+		return vendored.New(cfg)
 	case gitrepo.Name:
-		return gitrepo.New(&cpb.PluginConfig{})
+		return gitrepo.New(cfg)
 	case osvscannerjson.Name:
-		return osvscannerjson.New(&cpb.PluginConfig{})
+		return osvscannerjson.New(cfg)
 	default:
 		return nil, fmt.Errorf("not an exact name for a plugin: %q", name)
 	}
 }
 
-func Resolve(enabledPlugins []string, disabledPlugins []string) []plugin.Plugin {
+func Resolve(enabledPlugins []string, disabledPlugins []string, cfg *cpb.PluginConfig) []plugin.Plugin {
 	plugins := make(map[string]bool)
 
 	for i, exts := range [][]string{enabledPlugins, disabledPlugins} {
@@ -83,7 +83,7 @@ func Resolve(enabledPlugins []string, disabledPlugins []string) []plugin.Plugin
 
 	for name, value := range plugins {
 		if name != "" && value {
-			plug, err := resolveFromName(name)
+			plug, err := resolveFromName(name, cfg)
 
 			if err != nil {
 				cmdlogger.Errorf("%s", err)
diff --git a/internal/scalibrplugin/resolve_test.go b/internal/scalibrplugin/resolve_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	apkanno "github.com/google/osv-scalibr/annotator/osduplicate/apk"
 	dpkganno "github.com/google/osv-scalibr/annotator/osduplicate/dpkg"
+	cpb "github.com/google/osv-scalibr/binary/proto/config_go_proto"
 	"github.com/google/osv-scalibr/detector/cis/generic_linux/etcpasswdpermissions"
 	"github.com/google/osv-scalibr/detector/govulncheck/binary"
 	"github.com/google/osv-scalibr/detector/weakcredentials/codeserver"
@@ -161,7 +162,7 @@ func TestResolve(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled)
+			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled, &cpb.PluginConfig{})
 
 			slices.Sort(tt.want)
 
@@ -331,7 +332,7 @@ func TestResolve_Detectors(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled)
+			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled, &cpb.PluginConfig{})
 
 			slices.Sort(tt.want)
 
@@ -516,7 +517,7 @@ func TestResolve_Extractors(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled)
+			got := scalibrplugin.Resolve(tt.args.enabled, tt.args.disabled, &cpb.PluginConfig{})
 
 			slices.Sort(tt.want)
 
@@ -541,7 +542,7 @@ func TestResolve_Detectors_Presets(t *testing.T) {
 		t.Run(preset, func(t *testing.T) {
 			t.Parallel()
 
-			got := scalibrplugin.Resolve([]string{preset}, []string{})
+			got := scalibrplugin.Resolve([]string{preset}, []string{}, &cpb.PluginConfig{})
 
 			gotNames := make([]string, 0, len(got))
 			for _, detector := range got {
@@ -562,7 +563,7 @@ func TestResolve_Extractors_Presets(t *testing.T) {
 		t.Run(preset, func(t *testing.T) {
 			t.Parallel()
 
-			got := scalibrplugin.Resolve([]string{preset}, []string{})
+			got := scalibrplugin.Resolve([]string{preset}, []string{}, &cpb.PluginConfig{})
 
 			gotNames := make([]string, 0, len(got))
 			for _, extractor := range got {
diff --git a/pkg/osvscanner/scan.go b/pkg/osvscanner/scan.go
@@ -72,6 +72,20 @@ func isPomXMLExtractorEnabled(plugins []plugin.Plugin) bool {
 }
 
 func getPlugins(defaultPlugins []string, accessors ExternalAccessors, actions ScannerActions) []plugin.Plugin {
+	cfg := &cpb.PluginConfig{
+		UserAgent: actions.RequestUserAgent,
+		PluginSpecific: []*cpb.PluginSpecificConfig{
+			{
+				Config: &cpb.PluginSpecificConfig_PomXmlNet{
+					PomXmlNet: &cpb.POMXMLNetConfig{
+						UpstreamRegistry:    actions.TransitiveScanning.MavenRegistry,
+						DepsDevRequirements: !actions.TransitiveScanning.NativeDataSource,
+					},
+				},
+			},
+		},
+	}
+
 	if !actions.PluginsNoDefaults {
 		actions.PluginsEnabled = append(actions.PluginsEnabled, defaultPlugins...)
 	}
@@ -84,14 +98,12 @@ func getPlugins(defaultPlugins []string, accessors ExternalAccessors, actions Sc
 		actions.PluginsDisabled = append(actions.PluginsDisabled, vendored.Name)
 	}
 
-	plugins := scalibrplugin.Resolve(actions.PluginsEnabled, actions.PluginsDisabled)
+	plugins := scalibrplugin.Resolve(actions.PluginsEnabled, actions.PluginsDisabled, cfg)
 
 	if !actions.TransitiveScanning.Disabled {
 		// TODO: Use Enricher.RequiredPlugins to check this generically
 		if isRequirementsExtractorEnabled(plugins) {
-			p, err := transitivedependencyrequirements.New(&cpb.PluginConfig{
-				UserAgent: actions.RequestUserAgent,
-			})
+			p, err := transitivedependencyrequirements.New(cfg)
 			if err != nil {
 				log.Errorf("Failed to make transitivedependencyrequirements enricher: %v", err)
 			} else {
@@ -101,19 +113,7 @@ func getPlugins(defaultPlugins []string, accessors ExternalAccessors, actions Sc
 
 		// TODO: Use Enricher.RequiredPlugins to check this generically
 		if isPomXMLExtractorEnabled(plugins) {
-			p, err := transitivedependencypomxml.New(&cpb.PluginConfig{
-				UserAgent: actions.RequestUserAgent,
-				PluginSpecific: []*cpb.PluginSpecificConfig{
-					{
-						Config: &cpb.PluginSpecificConfig_PomXmlNet{
-							PomXmlNet: &cpb.POMXMLNetConfig{
-								UpstreamRegistry:    actions.TransitiveScanning.MavenRegistry,
-								DepsDevRequirements: !actions.TransitiveScanning.NativeDataSource,
-							},
-						},
-					},
-				},
-			})
+			p, err := transitivedependencypomxml.New(cfg)
 			if err != nil {
 				log.Errorf("Failed to make transitivedependencypomxml enricher: %v", err)
 			} else {
@@ -216,7 +216,7 @@ func scan(accessors ExternalAccessors, actions ScannerActions) (*inventory.Inven
 
 	// --- SBOMs (Deprecated) ---
 	// none of the SBOM extractors need configuring
-	sbomExtractors := scalibrplugin.Resolve([]string{"sbom"}, []string{})
+	sbomExtractors := scalibrplugin.Resolve([]string{"sbom"}, []string{}, &cpb.PluginConfig{})
 
 SBOMLoop:
 	for _, sbomPath := range actions.SBOMPaths {
