Cargo Feature and Optional Dependencies Support

[zahidblackduck]

JIRA Ticket

IDETECT-4960

Description

This merge request adds support for Cargo features and optional dependencies in the Cargo CLI Detector so that optional dependencies can be reported in the SBOM.

Previously, the cargo detectors did not provide a way to control which Cargo features were enabled.

The current implementation allows users to specify which features to enable, disable default features, or enable all features via new detect properties. These properties are translated into appropriate cargo tree flags (--features, --all-features, --no-default-features).

Feature Support Scope

Feature and optional dependency support is only available for the Cargo CLI Detector, as it requires the cargo executable to properly resolve features at build time.

Cargo Lockfile Detector Limitations: The Cargo Lockfile Detector cannot accurately honor features because Cargo.lock does not store feature activation information. When feature-related properties are provided with the Cargo Lockfile Detector, a warning is logged and the properties are ignored. Detection proceeds normally without failing.

New Properties

1. detect.cargo.included.features=<comma-separated list | ALL | NONE>

   Controls which Cargo features are enabled when running cargo tree for the Cargo CLI Detector.

2. detect.cargo.disable.default.features=<true|false> (default: false)

   Controls whether Cargo's default features are disabled.

Cargo Lockfile Detector Handling

When feature-related properties are specified with the Cargo Lockfile Detector, the following warning is logged:

Feature inclusion or exclusion (detect.cargo.included.features, detect.cargo.disable.default.features)
are not supported by the Cargo Lockfile Detector and will be ignored.
Use Cargo CLI Detector for accurate feature-based dependency resolution.
Cargo CLI Detector requires the 'cargo' executable to be available in PATH.