guarddog-nexus/tests/test_scanner.py

"""Tests for GuardDog scanner integration."""

from guarddog_nexus.core.scanner import _normalize_output


def test_normalize_clean_output(guarddog_output_clean):
    result = _normalize_output(guarddog_output_clean)
    assert len(result["findings"]) == 0
    assert len(result["errors"]) == 0


def test_normalize_flagged_output(guarddog_output_flagged):
    result = _normalize_output(guarddog_output_flagged)
    assert len(result["findings"]) == 3
    rules = {f["rule"] for f in result["findings"]}
    assert "shady-links" in rules
    assert "exec-base64" in rules
    assert "empty_information" in rules


def test_normalize_skips_null_and_empty_dicts():
    data = {
        "issues": 0,
        "errors": {},
        "results": {
            "foo": None,
            "bar": {},
            "baz": "metadata finding",
        },
    }
    result = _normalize_output(data)
    assert len(result["findings"]) == 1
    assert result["findings"][0]["rule"] == "baz"
    assert result["findings"][0]["message"] == "metadata finding"


def test_normalize_semgrep_list():
    data = {
        "issues": 2,
        "errors": {},
        "results": {
            "code-execution": [
                {"message": "Found exec()", "location": "setup.py:10", "severity": "ERROR"},
                {"message": "Found eval()", "location": "core.py:5", "severity": "ERROR"},
            ],
        },
    }
    result = _normalize_output(data)
    assert len(result["findings"]) == 2
    assert result["findings"][0]["location"] == "setup.py:10"
    assert result["findings"][0]["severity"] == "ERROR"