pkg/report/parser_test.go

package report

import (
	"encoding/json"
	"testing"
)

func TestExtractJSONField(t *testing.T) {
	semgrepRaw := []byte(`{
		"check_id": "crypto-bad-mac",
		"extra": {
			"severity": "WARNING",
			"message": "Use of weak MAC"
		}
	}`)
	var semgrep map[string]any
	json.Unmarshal(semgrepRaw, &semgrep)

	trivyRaw := []byte(`{
		"VulnerabilityID": "CVE-2021-44228",
		"PkgName": "log4j-core",
		"Severity": "CRITICAL"
	}`)
	var trivy map[string]any
	json.Unmarshal(trivyRaw, &trivy)

	openvasRaw := []byte(`{
		"name": "Cleartext Transmission",
		"host": {
			"details": [
				{"ip": "192.168.1.50"},
				{"ip": "10.0.0.5"}
			]
		},
		"threat": "High"
	}`)
	var openvas map[string]any
	json.Unmarshal(openvasRaw, &openvas)

	tests := []struct {
		name     string
		finding  any
		path     string
		expected string
	}{
		{"Semgrep Flat", semgrep, "check_id", "crypto-bad-mac"},
		{"Semgrep Nested", semgrep, "extra.severity", "WARNING"},
		{"Semgrep Deep Nested", semgrep, "extra.message", "Use of weak MAC"},

		{"Trivy Flat 1", trivy, "VulnerabilityID", "CVE-2021-44228"},
		{"Trivy Flat 2", trivy, "Severity", "CRITICAL"},

		{"OpenVAS Flat", openvas, "threat", "High"},
		{"OpenVAS Array Index", openvas, "host.details.0.ip", "192.168.1.50"},

		{"Missing Field", trivy, "does.not.exist", ""},
		{"Empty Path", trivy, "", ""},
	}

	for _, tc := range tests {
		t.Run(tc.name, func(t *testing.T) {
			result := ExtractJSONField(tc.finding, tc.path)
			if result != tc.expected {
				t.Errorf("Path '%s': expected '%s', got '%s'", tc.path, tc.expected, result)
			}
		})
	}
}
First release of open core 2026-04-02 10:57:36 -04:00			`package report`

			`import (`
			`"encoding/json"`
			`"testing"`
			`)`

			`func TestExtractJSONField(t *testing.T) {`
			semgrepRaw := []byte(`{
			`"check_id": "crypto-bad-mac",`
			`"extra": {`
			`"severity": "WARNING",`
			`"message": "Use of weak MAC"`
			`}`
			}`)
			`var semgrep map[string]any`
			`json.Unmarshal(semgrepRaw, &semgrep)`

			trivyRaw := []byte(`{
			`"VulnerabilityID": "CVE-2021-44228",`
			`"PkgName": "log4j-core",`
			`"Severity": "CRITICAL"`
			}`)
			`var trivy map[string]any`
			`json.Unmarshal(trivyRaw, &trivy)`

			openvasRaw := []byte(`{
			`"name": "Cleartext Transmission",`
			`"host": {`
			`"details": [`
			`{"ip": "192.168.1.50"},`
			`{"ip": "10.0.0.5"}`
			`]`
			`},`
			`"threat": "High"`
			}`)
			`var openvas map[string]any`
			`json.Unmarshal(openvasRaw, &openvas)`

			`tests := []struct {`
			`name string`
			`finding any`
			`path string`
			`expected string`
			`}{`
			`{"Semgrep Flat", semgrep, "check_id", "crypto-bad-mac"},`
			`{"Semgrep Nested", semgrep, "extra.severity", "WARNING"},`
			`{"Semgrep Deep Nested", semgrep, "extra.message", "Use of weak MAC"},`

			`{"Trivy Flat 1", trivy, "VulnerabilityID", "CVE-2021-44228"},`
			`{"Trivy Flat 2", trivy, "Severity", "CRITICAL"},`

			`{"OpenVAS Flat", openvas, "threat", "High"},`
			`{"OpenVAS Array Index", openvas, "host.details.0.ip", "192.168.1.50"},`

			`{"Missing Field", trivy, "does.not.exist", ""},`
			`{"Empty Path", trivy, "", ""},`
			`}`

			`for _, tc := range tests {`
			`t.Run(tc.name, func(t *testing.T) {`
			`result := ExtractJSONField(tc.finding, tc.path)`
			`if result != tc.expected {`
			`t.Errorf("Path '%s': expected '%s', got '%s'", tc.path, tc.expected, result)`
			`}`
			`})`
			`}`
			`}`