fix: scanner now handles real guarddog v2 JSON format

2026-05-09 04:55:58 +03:00
parent 4ce99d3c85
commit 4bfead8d6e
9 changed files with 201 additions and 116 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -23,7 +23,9 @@ from guarddog_nexus.main import app  # noqa: E402

@pytest_asyncio.fixture
 async def db_engine():
-    engine = create_async_engine("sqlite+aiosqlite:///file:guarddog_test?mode=memory&cache=shared&uri=true")
+    engine = create_async_engine(
+        "sqlite+aiosqlite:///file:guarddog_test?mode=memory&cache=shared&uri=true"
+    )
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    yield engine
@@ -76,29 +78,44 @@ def sample_nexus_webhook():
@pytest.fixture
 def guarddog_output_clean():
    return {
-        "results": [],
-        "errors": [],
+        "package": "safe-pkg",
+        "issues": 0,
+        "errors": {},
+        "results": {
+            "obfuscation": {},
+            "exec-base64": {},
+            "shady-links": {},
+            "typosquatting": None,
+            "empty_information": None,
+        },
    }


@pytest.fixture
 def guarddog_output_flagged():
    return {
-        "results": [
-            {
-                "rule": "shady-links",
-                "severity": "WARNING",
-                "message": "Package contains URL to suspicious domain",
-                "location": "setup.py:15",
-            },
-            {
-                "rule": "exec-base64",
-                "severity": "ERROR",
-                "message": "Base64-encoded code execution detected",
-                "location": "core.py:42",
-            },
-        ],
-        "errors": [],
+        "package": "bad-pkg",
+        "issues": 3,
+        "errors": {},
+        "results": {
+            "shady-links": [
+                {
+                    "message": "Package contains URL to suspicious domain",
+                    "location": "setup.py:15",
+                    "code": "url = 'http://evil.com'",
+                }
+            ],
+            "exec-base64": [
+                {
+                    "message": "Base64-encoded code execution detected",
+                    "location": "core.py:42",
+                    "code": "exec(base64.b64decode(...))",
+                }
+            ],
+            "empty_information": "Package description is empty",
+            "obfuscation": {},
+            "typosquatting": None,
+        },
    }


@@ -109,15 +126,21 @@ def guarddog_normalized_flagged():
            {
                "rule": "shady-links",
                "severity": "WARNING",
-                "message": "Suspicious URL",
+                "message": "Package contains URL to suspicious domain",
                "location": "setup.py:15",
            },
            {
                "rule": "exec-base64",
-                "severity": "ERROR",
-                "message": "Base64 exec",
+                "severity": "WARNING",
+                "message": "Base64-encoded code execution detected",
                "location": "core.py:42",
            },
+            {
+                "rule": "empty_information",
+                "severity": "WARNING",
+                "message": "Package description is empty",
+                "location": "",
+            },
        ],
        "errors": [],
    }