fix: address Copilot review comments on PR #32

- Move filterUserInstalledExtensions to model package (was duplicated)
- Thread context.Context through Eclipse detection pipeline (was using
  context.Background())
- Drive letter probes check if drive exists before probing (avoids
  network drive timeouts)
- Fix eclipseBundledPrefixes comment to match actual Source values
- Add --include-bundled-plugins to help text
- Add 14 unit tests for Eclipse detection pipeline (validation,
  bundles.info parsing, p2 director output parsing, dropins, etc.)

Author: swarit-stepsecurity

internal/cli/cli.go

@@ -148,9 +148,10 @@ Options:
   --disable-npm-scan     Disable Node.js package scanning
   --enable-brew-scan     Enable Homebrew package scanning
   --disable-brew-scan    Disable Homebrew package scanning
-  --enable-python-scan   Enable Python package scanning
-  --disable-python-scan  Disable Python package scanning
-  --verbose              Show progress messages (suppressed by default)
+  --enable-python-scan          Enable Python package scanning
+  --disable-python-scan         Disable Python package scanning
+  --include-bundled-plugins     Include bundled/platform plugins in output (Windows)
+  --verbose                     Show progress messages (suppressed by default)
   --color=WHEN           Color mode: auto | always | never (default: auto)
   -v, --version          Show version
   -h, --help             Show this help

internal/detector/eclipse_plugins.go

@@ -12,8 +12,9 @@ import (
 // eclipseBundledPrefixes are bundle ID prefixes that ship as part of the
 // base Eclipse platform. Bundles matching these are tagged as "bundled".
 // eclipseBundledPrefixes identifies bundles that ship as part of the Eclipse
-// platform or are standard dependencies. Everything NOT matching is classified
-// as "marketplace" (user-installed from Eclipse Marketplace or update sites).
+// platform or are standard dependencies. Bundles that do not match these
+// prefixes are treated as non-bundled and may be classified into source
+// categories such as "marketplace", "user_installed", or "dropins".
 var eclipseBundledPrefixes = []string{
 	// Eclipse platform
 	"org.eclipse.",
@@ -96,7 +97,7 @@ var eclipseFeatureDirsDarwin = []string{
 // On macOS: scans features/dropins directories.
 // On Windows: multi-stage pipeline using detected IDE paths, path probes,
 // and drive letter scanning, with validation before reporting.
-func (d *ExtensionDetector) DetectEclipsePlugins(ides []model.IDE) []model.Extension {
+func (d *ExtensionDetector) DetectEclipsePlugins(ctx context.Context, ides []model.IDE) []model.Extension {
 	if d.exec.GOOS() != "windows" {
 		var results []model.Extension
 		for _, dir := range eclipseFeatureDirsDarwin {
@@ -106,12 +107,12 @@ func (d *ExtensionDetector) DetectEclipsePlugins(ides []model.IDE) []model.Exten
 		}
 		return results
 	}
-	return d.detectEclipsePluginsWindows(ides)
+	return d.detectEclipsePluginsWindows(ctx, ides)
 }
 
 // ---------- Windows multi-stage pipeline ----------
 
-func (d *ExtensionDetector) detectEclipsePluginsWindows(ides []model.IDE) []model.Extension {
+func (d *ExtensionDetector) detectEclipsePluginsWindows(ctx context.Context, ides []model.IDE) []model.Extension {
 	// Stage 1+2: Collect candidate paths from detected IDEs + well-known locations
 	candidates := d.gatherEclipseCandidates(ides)
 
@@ -134,7 +135,7 @@ func (d *ExtensionDetector) detectEclipsePluginsWindows(ides []model.IDE) []mode
 	pluginSeen := make(map[string]bool)
 	var results []model.Extension
 	for _, installDir := range validInstalls {
-		plugins := d.enumerateEclipsePlugins(installDir)
+		plugins := d.enumerateEclipsePlugins(ctx, installDir)
 		for _, p := range plugins {
 			dedupKey := p.ID + "@" + p.Version
 			if pluginSeen[dedupKey] {
@@ -200,10 +201,14 @@ func (d *ExtensionDetector) gatherEclipseCandidates(ides []model.IDE) []string {
 		candidates = append(candidates, d.globDirs(filepath.Join(localAppData, "Programs", "Spring*"))...)
 	}
 
-	// Drive letter probe: D:\eclipse through Z:\eclipse (fixed drives only)
+	// Drive letter probe: D:\eclipse through Z:\eclipse.
+	// Only probe drives that actually exist to avoid slow network drive timeouts.
 	for drive := 'D'; drive <= 'Z'; drive++ {
-		driveRoot := string(drive) + `:\eclipse`
-		candidates = append(candidates, driveRoot)
+		driveRoot := string(drive) + `:\`
+		if !d.exec.DirExists(driveRoot) {
+			continue
+		}
+		candidates = append(candidates, string(drive)+`:\eclipse`)
 	}
 
 	return candidates
@@ -257,9 +262,9 @@ func (d *ExtensionDetector) validateEclipseInstall(installDir string) bool {
 // enumerateEclipsePlugins collects plugins from a validated Eclipse install.
 // Uses the p2 director API (eclipsec.exe -listInstalledRoots) to get authoritative
 // installed features, then enriches with bundles.info for full bundle details.
-func (d *ExtensionDetector) enumerateEclipsePlugins(installDir string) []model.Extension {
+func (d *ExtensionDetector) enumerateEclipsePlugins(ctx context.Context, installDir string) []model.Extension {
 	// Try p2 director first — returns authoritative list of installed root features
-	roots := d.queryP2InstalledRoots(installDir)
+	roots := d.queryP2InstalledRoots(ctx, installDir)
 
 	// Build a set of root feature prefixes for marketplace classification.
 	// Root features that are NOT org.eclipse.* or epp.* are marketplace-installed.
@@ -336,7 +341,7 @@ func (d *ExtensionDetector) enumerateEclipsePlugins(installDir string) []model.E
 // queryP2InstalledRoots invokes Eclipse's p2 director to get the authoritative
 // list of installed root features. Returns nil if eclipsec.exe is not available
 // or the command fails. Output format: "feature.id/version" per line.
-func (d *ExtensionDetector) queryP2InstalledRoots(installDir string) []model.Extension {
+func (d *ExtensionDetector) queryP2InstalledRoots(ctx context.Context, installDir string) []model.Extension {
 	// Find eclipsec.exe (console launcher)
 	eclipsec := filepath.Join(installDir, "eclipsec.exe")
 	if !d.exec.FileExists(eclipsec) {
@@ -347,7 +352,6 @@ func (d *ExtensionDetector) queryP2InstalledRoots(installDir string) []model.Ext
 		}
 	}
 
-	ctx := context.Background()
 	stdout, _, exitCode, err := d.exec.RunWithTimeout(ctx, 30*time.Second,
 		eclipsec, "-nosplash",
 		"-application", "org.eclipse.equinox.p2.director",

internal/detector/eclipse_plugins_test.go

@@ -0,0 +1,293 @@
+package detector
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/step-security/dev-machine-guard/internal/executor"
+	"github.com/step-security/dev-machine-guard/internal/model"
+)
+
+func TestValidateEclipseInstall(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+
+	installDir := `C:\eclipse`
+	mock.SetDir(installDir)
+	// filepath.Join on macOS uses "/" between parts but preserves existing "\"
+	mock.SetFile(installDir+"/eclipse.ini", []byte{})
+	mock.SetDir(installDir + "/plugins")
+	mock.SetDir(installDir + "/configuration")
+
+	det := &ExtensionDetector{exec: mock}
+	if !det.validateEclipseInstall(installDir) {
+		t.Error("expected valid Eclipse install")
+	}
+}
+
+func TestValidateEclipseInstall_MissingIni(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+
+	installDir := `C:\eclipse`
+	mock.SetDir(installDir)
+	// No eclipse.ini
+	mock.SetDir(installDir + `\plugins`)
+	mock.SetDir(installDir + `\configuration`)
+
+	det := &ExtensionDetector{exec: mock}
+	if det.validateEclipseInstall(installDir) {
+		t.Error("expected invalid — missing eclipse.ini")
+	}
+}
+
+func TestValidateEclipseInstall_BrandedIni(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+
+	installDir := `C:\sts`
+	mock.SetDir(installDir)
+	mock.SetFile(installDir+"/sts.ini", []byte{}) // Spring Tool Suite
+	mock.SetDir(installDir + "/plugins")
+	mock.SetDir(installDir + "/configuration")
+
+	det := &ExtensionDetector{exec: mock}
+	if !det.validateEclipseInstall(installDir) {
+		t.Error("expected valid — branded sts.ini should count")
+	}
+}
+
+func TestParseEclipseBundlesInfo(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetFile("/test/bundles.info", []byte(`#encoding=UTF-8
+#version=1
+org.eclipse.platform,4.39.0,file:/plugins/org.eclipse.platform_4.39.0.jar,4,false
+com.anthropic.claudecode.eclipse,2.3.11,file:/plugins/com.anthropic.claudecode.eclipse_2.3.11.jar,4,false
+`))
+
+	det := &ExtensionDetector{exec: mock}
+	results := det.parseEclipseBundlesInfo("/test/bundles.info")
+
+	if len(results) != 2 {
+		t.Fatalf("expected 2 bundles, got %d", len(results))
+	}
+
+	if results[0].ID != "org.eclipse.platform" {
+		t.Errorf("expected org.eclipse.platform, got %s", results[0].ID)
+	}
+	if results[0].Source != "bundled" {
+		t.Errorf("expected bundled, got %s", results[0].Source)
+	}
+
+	if results[1].ID != "com.anthropic.claudecode.eclipse" {
+		t.Errorf("expected com.anthropic.claudecode.eclipse, got %s", results[1].ID)
+	}
+	if results[1].Source != "user_installed" {
+		t.Errorf("expected user_installed, got %s", results[1].Source)
+	}
+}
+
+func TestParseEclipseBundlesInfo_MissingFile(t *testing.T) {
+	mock := executor.NewMock()
+	det := &ExtensionDetector{exec: mock}
+	results := det.parseEclipseBundlesInfo("/nonexistent")
+	if len(results) != 0 {
+		t.Errorf("expected 0, got %d", len(results))
+	}
+}
+
+func TestQueryP2InstalledRoots_ParsesOutput(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+	// filepath.Join on macOS uses "/" between parts
+	eclipsec := `C:\eclipse` + "/eclipsec.exe"
+	mock.SetFile(eclipsec, []byte{})
+
+	mock.SetCommand(
+		"civerooni.com.putman.feature.feature.group/1.0.0\n"+
+			"com.anthropic.claudecode.eclipse.feature.feature.group/2.3.11\n"+
+			"org.eclipse.jdt.feature.group/3.20.0\n"+
+			"epp.package.java/4.39.0\n"+
+			"Operation completed in 2131 ms.\n",
+		"", 0,
+		eclipsec, "-nosplash",
+		"-application", "org.eclipse.equinox.p2.director",
+		"-listInstalledRoots",
+	)
+
+	det := &ExtensionDetector{exec: mock}
+	results := det.queryP2InstalledRoots(context.Background(), `C:\eclipse`)
+
+	if len(results) != 4 {
+		t.Fatalf("expected 4 root features, got %d", len(results))
+	}
+
+	marketplace := 0
+	bundled := 0
+	for _, r := range results {
+		if r.Source == "marketplace" {
+			marketplace++
+		} else if r.Source == "bundled" {
+			bundled++
+		}
+	}
+
+	if marketplace != 2 {
+		t.Errorf("expected 2 marketplace, got %d", marketplace)
+	}
+	if bundled != 2 {
+		t.Errorf("expected 2 bundled, got %d", bundled)
+	}
+}
+
+func TestQueryP2InstalledRoots_SkipsDebugLines(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+	eclipsec := `C:\eclipse` + "/eclipsec.exe"
+	mock.SetFile(eclipsec, []byte{})
+
+	mock.SetCommand(
+		"18:53:22.314 [Start Level] DEBUG org.eclipse.jgit -- some debug\n"+
+			"org.eclipse.platform.feature.group/4.39.0\n"+
+			"Operation completed in 100 ms.\n",
+		"", 0,
+		eclipsec, "-nosplash",
+		"-application", "org.eclipse.equinox.p2.director",
+		"-listInstalledRoots",
+	)
+
+	det := &ExtensionDetector{exec: mock}
+	results := det.queryP2InstalledRoots(context.Background(), `C:\eclipse`)
+
+	if len(results) != 1 {
+		t.Fatalf("expected 1 (debug lines filtered), got %d", len(results))
+	}
+	if results[0].ID != "org.eclipse.platform.feature.group" {
+		t.Errorf("expected org.eclipse.platform.feature.group, got %s", results[0].ID)
+	}
+}
+
+func TestQueryP2InstalledRoots_NoEclipsec(t *testing.T) {
+	mock := executor.NewMock()
+	mock.SetGOOS("windows")
+	// No eclipsec.exe or eclipse.exe
+
+	det := &ExtensionDetector{exec: mock}
+	results := det.queryP2InstalledRoots(context.Background(), `C:\eclipse`)
+
+	if len(results) != 0 {
+		t.Errorf("expected 0 when no exe found, got %d", len(results))
+	}
+}
+
+func TestCollectDropins_DirectJAR(t *testing.T) {
+	mock := executor.NewMock()
+	dropinsDir := "/eclipse/dropins"
+	mock.SetDir(dropinsDir)
+	mock.SetDirEntries(dropinsDir, []os.DirEntry{
+		executor.MockDirEntry("com.example.plugin_1.0.0.jar", false),
+	})
+
+	det := &ExtensionDetector{exec: mock}
+	results := det.collectDropins(dropinsDir)
+
+	if len(results) != 1 {
+		t.Fatalf("expected 1 dropin, got %d", len(results))
+	}
+	if results[0].ID != "com.example.plugin" {
+		t.Errorf("expected com.example.plugin, got %s", results[0].ID)
+	}
+	if results[0].Version != "1.0.0" {
+		t.Errorf("expected 1.0.0, got %s", results[0].Version)
+	}
+	if results[0].Source != "dropins" {
+		t.Errorf("expected dropins source, got %s", results[0].Source)
+	}
+}
+
+func TestCollectDropins_Empty(t *testing.T) {
+	mock := executor.NewMock()
+	det := &ExtensionDetector{exec: mock}
+	results := det.collectDropins("/nonexistent")
+	if len(results) != 0 {
+		t.Errorf("expected 0, got %d", len(results))
+	}
+}
+
+func TestParseEclipsePluginName(t *testing.T) {
+	tests := []struct {
+		input   string
+		id      string
+		version string
+	}{
+		{"com.github.spotbugs.plugin.eclipse_4.9.8.r202510181643-c1fa7f2", "com.github.spotbugs.plugin.eclipse", "4.9.8.r202510181643-c1fa7f2"},
+		{"org.eclipse.jdt.core_3.36.0.v20240103-1234", "org.eclipse.jdt.core", "3.36.0.v20240103-1234"},
+		{"simple.plugin_1.0", "simple.plugin", "1.0"},
+	}
+
+	for _, tt := range tests {
+		ext := parseEclipsePluginName(tt.input)
+		if ext == nil {
+			t.Errorf("parseEclipsePluginName(%q) returned nil", tt.input)
+			continue
+		}
+		if ext.ID != tt.id {
+			t.Errorf("ID: expected %s, got %s", tt.id, ext.ID)
+		}
+		if ext.Version != tt.version {
+			t.Errorf("Version: expected %s, got %s", tt.version, ext.Version)
+		}
+	}
+}
+
+func TestParseEclipsePluginName_Invalid(t *testing.T) {
+	invalid := []string{
+		"nounderscore",
+		"no_version_starts_with_letter",
+		"",
+	}
+	for _, input := range invalid {
+		if ext := parseEclipsePluginName(input); ext != nil {
+			t.Errorf("parseEclipsePluginName(%q) should return nil, got %+v", input, ext)
+		}
+	}
+}
+
+func TestIsEclipseBundled(t *testing.T) {
+	bundled := []string{"org.eclipse.jdt.core", "javax.annotation", "ch.qos.logback.classic", "bcprov"}
+	for _, id := range bundled {
+		if !isEclipseBundled(id) {
+			t.Errorf("%q should be bundled", id)
+		}
+	}
+
+	notBundled := []string{"com.anthropic.claudecode", "civerooni.com.putman", "my.custom.plugin"}
+	for _, id := range notBundled {
+		if isEclipseBundled(id) {
+			t.Errorf("%q should NOT be bundled", id)
+		}
+	}
+}
+
+// Ensure model.FilterUserInstalledExtensions works correctly
+func TestFilterUserInstalledExtensions(t *testing.T) {
+	exts := []model.Extension{
+		{ID: "bundled1", Source: "bundled"},
+		{ID: "marketplace1", Source: "marketplace"},
+		{ID: "user1", Source: "user_installed"},
+		{ID: "dropin1", Source: "dropins"},
+		{ID: "nosource"},
+	}
+
+	filtered := model.FilterUserInstalledExtensions(exts)
+	if len(filtered) != 4 {
+		t.Fatalf("expected 4 (all except bundled), got %d", len(filtered))
+	}
+	for _, e := range filtered {
+		if e.Source == "bundled" {
+			t.Errorf("bundled extension should have been filtered: %s", e.ID)
+		}
+	}
+}
+