fix: Update to the commit before container optimisation (google#1702)

Scalibr changed their extractor naming scheme recently, this updates the
mapping so it doesn't rely on the exact name but uses the variable
instead.

Author: another-rex

cmd/osv-scanner/__snapshots__/main_test.snap

@@ -2879,7 +2879,7 @@ stat <rootdir>/path/to/my:project/package-lock.json: no such file or directory
 ---
 
 [Test_run_LockfileWithExplicitParseAs/files_that_error_on_parsing_stop_parsable_files_from_being_checked - 2]
-(extracting as rust/Cargolock) could not extract from <rootdir>/fixtures/locks-insecure/my-package-lock.json: toml: line 1: expected '.' or '=', but got '{' instead
+(extracting as rust/cargolock) could not extract from <rootdir>/fixtures/locks-insecure/my-package-lock.json: toml: line 1: expected '.' or '=', but got '{' instead
 
 ---
 

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.6.2
 	github.com/go-git/go-git/v5 v5.14.0
 	github.com/google/go-cmp v0.7.0
-	github.com/google/osv-scalibr v0.1.7-0.20250221211628-93fce0090be1
+	github.com/google/osv-scalibr v0.1.7-0.20250303175259-e23d5cb8ef2d
 	github.com/ianlancetaylor/demangle v0.0.0-20240912202439-0a2b6291aafd
 	github.com/jedib0t/go-pretty/v6 v6.6.7
 	github.com/muesli/reflow v0.3.0

go.sum

@@ -183,8 +183,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo=
 github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
-github.com/google/osv-scalibr v0.1.7-0.20250221211628-93fce0090be1 h1:ohLgSz1puJE45l3xzpjSJYMwLgJkN6N7zsTbczu31sY=
-github.com/google/osv-scalibr v0.1.7-0.20250221211628-93fce0090be1/go.mod h1:WCoQkl3WaqtPg0JRfuANQybxLsna3qmaFHQhBgCv/7I=
+github.com/google/osv-scalibr v0.1.7-0.20250303175259-e23d5cb8ef2d h1:qLSgkbvTBhZkWiMAttaQw3RZCEExLuR+MLHicN9JdiY=
+github.com/google/osv-scalibr v0.1.7-0.20250303175259-e23d5cb8ef2d/go.mod h1:WCoQkl3WaqtPg0JRfuANQybxLsna3qmaFHQhBgCv/7I=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

pkg/osvscanner/internal/scanners/lockfile.go

@@ -10,6 +10,31 @@ import (
 
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/extractor/filesystem"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/cpp/conanlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/dart/pubspec"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/dotnet/depsjson"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/dotnet/packageslockjson"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/erlang/mixlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/golang/gomod"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/haskell/cabal"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/haskell/stacklock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxmlnet"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/yarnlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/php/composerlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/python/pdmlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/python/pipfilelock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/python/poetrylock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/python/requirements"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/python/uvlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/r/renvlock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/ruby/gemfilelock"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/rust/cargolock"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/apk"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
 	"github.com/google/osv-scanner/v2/internal/output"
@@ -18,32 +43,32 @@ import (
 )
 
 var lockfileExtractorMapping = map[string][]string{
-	"pubspec.lock":                {"dart/pubspec"},
-	"pnpm-lock.yaml":              {"javascript/pnpmlock"},
-	"yarn.lock":                   {"javascript/yarnlock"},
-	"package-lock.json":           {"javascript/packagelockjson"},
-	"pom.xml":                     {"java/pomxmlnet", "java/pomxml"},
-	"buildscript-gradle.lockfile": {"java/gradlelockfile"},
-	"gradle.lockfile":             {"java/gradlelockfile"},
-	"verification-metadata.xml":   {"java/gradleverificationmetadataxml"},
-	"poetry.lock":                 {"python/poetrylock"},
-	"Pipfile.lock":                {"python/Pipfilelock"},
-	"pdm.lock":                    {"python/pdmlock"},
-	"requirements.txt":            {"python/requirements"},
-	"uv.lock":                     {"python/uvlock"},
-	"Cargo.lock":                  {"rust/Cargolock"},
-	"composer.lock":               {"php/composerlock"},
-	"mix.lock":                    {"erlang/mixlock"},
-	"renv.lock":                   {"r/renvlock"},
-	"deps.json":                   {"dotnet/depsjson"},
-	"packages.lock.json":          {"dotnet/packageslockjson"},
-	"conan.lock":                  {"cpp/conanlock"},
-	"go.mod":                      {"go/gomod"},
-	"bun.lock":                    {"javascript/bunlock"},
-	"Gemfile.lock":                {"ruby/gemfilelock"},
-	"cabal.project.freeze":        {"haskell/cabal"},
-	"stack.yaml.lock":             {"haskell/stacklock"},
-	// "Package.resolved":            "swift/packageresolved",
+	"pubspec.lock":                {pubspec.Name},
+	"pnpm-lock.yaml":              {pnpmlock.Name},
+	"yarn.lock":                   {yarnlock.Name},
+	"package-lock.json":           {packagelockjson.Name},
+	"pom.xml":                     {pomxmlnet.Name, pomxml.Name},
+	"buildscript-gradle.lockfile": {gradlelockfile.Name},
+	"gradle.lockfile":             {gradlelockfile.Name},
+	"verification-metadata.xml":   {gradleverificationmetadataxml.Name},
+	"poetry.lock":                 {poetrylock.Name},
+	"Pipfile.lock":                {pipfilelock.Name},
+	"pdm.lock":                    {pdmlock.Name},
+	"requirements.txt":            {requirements.Name},
+	"uv.lock":                     {uvlock.Name},
+	"Cargo.lock":                  {cargolock.Name},
+	"composer.lock":               {composerlock.Name},
+	"mix.lock":                    {mixlock.Name},
+	"renv.lock":                   {renvlock.Name},
+	"deps.json":                   {depsjson.Name},
+	"packages.lock.json":          {packageslockjson.Name},
+	"conan.lock":                  {conanlock.Name},
+	"go.mod":                      {gomod.Name},
+	"bun.lock":                    {bunlock.Name},
+	"Gemfile.lock":                {gemfilelock.Name},
+	"cabal.project.freeze":        {cabal.Name},
+	"stack.yaml.lock":             {stacklock.Name},
+	// "Package.resolved":            {packageresolved.Name},
 }
 
 // ScanSingleFile is similar to ScanSingleFileWithMapping, just without supporting the <lockfileformat>:/path/to/lockfile prefix identifier

pkg/osvscanner/internal/scanners/lockfile_test.go

@@ -21,7 +21,7 @@ func TestLockfileScalibrMappingExists(t *testing.T) {
 		}
 
 		if !found {
-			t.Errorf("Extractor %v not found.", target)
+			t.Errorf("Extractor %v not found.", target.Name())
 		}
 	}
 }