From e07521f1bfe9cbb4ebf8e4e2971659ae7933adc2 Mon Sep 17 00:00:00 2001
From: Zheng Hao Tang <zhentan@microsoft.com>
Date: Tue, 7 Apr 2026 21:11:22 -0700
Subject: [PATCH 1/2] Make mvn cli component respect cancellation token

---
 .../maven/MvnCliComponentDetector.cs          | 20 +++----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/src/Microsoft.ComponentDetection.Detectors/maven/MvnCliComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/maven/MvnCliComponentDetector.cs
index 264b740ea..f25d82fac 100644
--- a/src/Microsoft.ComponentDetection.Detectors/maven/MvnCliComponentDetector.cs
+++ b/src/Microsoft.ComponentDetection.Detectors/maven/MvnCliComponentDetector.cs
@@ -101,13 +101,6 @@ public class MvnCliComponentDetector : FileComponentDetector
         @"https?://[^\s\]\)>]+",
         RegexOptions.Compiled | RegexOptions.IgnoreCase);
 
-    /// <summary>
-    /// Maximum time allowed for the OnPrepareDetectionAsync phase.
-    /// This is a safety guardrail to prevent hangs.
-    /// Most repos should complete the full Maven CLI scan within this window.
-    /// </summary>
-    private static readonly TimeSpan PrepareDetectionTimeout = TimeSpan.FromMinutes(5);
-
     private readonly IMavenCommandService mavenCommandService;
     private readonly IEnvironmentVariableService envVarService;
     private readonly IFileUtilityService fileUtilityService;
@@ -298,20 +291,13 @@ protected override async Task<IObservable<ProcessRequest>> OnPrepareDetectionAsy
         // This is critical because detectors are registered as singletons
         this.ResetScanState();
 
-        // Wrap the entire method in a try-catch with timeout to protect against hangs.
-        // OnPrepareDetectionAsync doesn't have the same guardrails as OnFileFoundAsync,
-        // so we need to be extra careful here.
         try
         {
-            using var timeoutCts = new CancellationTokenSource(PrepareDetectionTimeout);
-            using var linkedCts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, timeoutCts.Token);
-
-            return await this.OnPrepareDetectionCoreAsync(processRequests, linkedCts.Token);
+            return await this.OnPrepareDetectionCoreAsync(processRequests, cancellationToken);
         }
-        catch (OperationCanceledException) when (!cancellationToken.IsCancellationRequested)
+        catch (OperationCanceledException)
         {
-            // Timeout occurred (not user cancellation)
-            this.LogWarning($"OnPrepareDetectionAsync timed out after {PrepareDetectionTimeout.TotalMinutes} minutes. Falling back to static pom.xml parsing.");
+            this.LogWarning("OnPrepareDetectionAsync was cancelled. Falling back to static pom.xml parsing.");
             this.Telemetry["TimedOut"] = "true";
             this.fallbackReason = MavenFallbackReason.OtherMvnCliFailure;
             this.usedDetectionMethod = MavenDetectionMethod.Mixed;

From 35b7f9d7e87bc25f053dc76c0d3b17eadecb2ca3 Mon Sep 17 00:00:00 2001
From: Zheng Hao Tang <zhentan@microsoft.com>
Date: Wed, 8 Apr 2026 08:16:43 -0700
Subject: [PATCH 2/2] chore: retrigger CI