Update shared examples of integration test project to allow fixtures without vulnerabilities
Proposal
While working on Output CycloneDX reports, I needed to create some fixture projects with dependencies, however, when attempting to use the report with scanned files
shared example from the integration test project, I ran into issues, because it fails unless the given dependency also has a vulnerability.
The purpose of this issue is to update the report with scanned files
shared example so that it functions properly with fixture files that only have a dependency without a related vulnerability.
Further details
Current implementation:
RSpec.shared_examples "report with scanned files" do |scanned_files|
it "matches scanned files" do
skip missing_report_message if report.nil?
want = scanned_files.sort
expect(report["vulnerabilities"].map { |v| v.dig("location", "file") }.uniq.sort).to eql want
if report.dig("scan", "type") == "dependency_scanning"
expect(report["dependency_files"].map { |df| df["path"] }.uniq.sort).to eql want
end
end
end
Edited by Adam Cohen