fix: scanner now handles real guarddog v2 JSON format

tests/test_scanner.py

@@ -11,18 +11,41 @@ def test_normalize_clean_output(guarddog_output_clean):
 
 def test_normalize_flagged_output(guarddog_output_flagged):
     result = _normalize_output(guarddog_output_flagged)
-    assert len(result["findings"]) == 2
-    assert result["findings"][0]["rule"] == "shady-links"
-    assert result["findings"][0]["severity"] == "WARNING"
-    assert result["findings"][1]["rule"] == "exec-base64"
-    assert result["findings"][1]["severity"] == "ERROR"
+    assert len(result["findings"]) == 3
+    rules = {f["rule"] for f in result["findings"]}
+    assert "shady-links" in rules
+    assert "exec-base64" in rules
+    assert "empty_information" in rules
 
 
-def test_normalize_issues_format():
+def test_normalize_skips_null_and_empty_dicts():
     data = {
-        "issues": [{"id": "test-rule", "severity": "ERROR", "description": "Bad"}],
-        "errors": [],
+        "issues": 0,
+        "errors": {},
+        "results": {
+            "foo": None,
+            "bar": {},
+            "baz": "metadata finding",
+        },
     }
     result = _normalize_output(data)
     assert len(result["findings"]) == 1
-    assert result["findings"][0]["rule"] == "test-rule"
+    assert result["findings"][0]["rule"] == "baz"
+    assert result["findings"][0]["message"] == "metadata finding"
+
+
+def test_normalize_semgrep_list():
+    data = {
+        "issues": 2,
+        "errors": {},
+        "results": {
+            "code-execution": [
+                {"message": "Found exec()", "location": "setup.py:10", "severity": "ERROR"},
+                {"message": "Found eval()", "location": "core.py:5", "severity": "ERROR"},
+            ],
+        },
+    }
+    result = _normalize_output(data)
+    assert len(result["findings"]) == 2
+    assert result["findings"][0]["location"] == "setup.py:10"
+    assert result["findings"][0]["severity"] == "ERROR"