refactor: modularize codebase and add 404 unit tests (#13)

compliance-agent/src/pipeline/semgrep.rs

@@ -108,3 +108,124 @@ struct SemgrepExtra {
     #[serde(default)]
     metadata: Option<serde_json::Value>,
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn deserialize_semgrep_output() {
+        let json = r#"{
+            "results": [
+                {
+                    "check_id": "python.lang.security.audit.exec-detected",
+                    "path": "src/main.py",
+                    "start": {"line": 15},
+                    "extra": {
+                        "message": "Detected use of exec()",
+                        "severity": "ERROR",
+                        "lines": "exec(user_input)",
+                        "metadata": {"cwe": "CWE-78"}
+                    }
+                }
+            ]
+        }"#;
+        let output: SemgrepOutput = serde_json::from_str(json).unwrap();
+        assert_eq!(output.results.len(), 1);
+
+        let r = &output.results[0];
+        assert_eq!(r.check_id, "python.lang.security.audit.exec-detected");
+        assert_eq!(r.path, "src/main.py");
+        assert_eq!(r.start.line, 15);
+        assert_eq!(r.extra.message, "Detected use of exec()");
+        assert_eq!(r.extra.severity, "ERROR");
+        assert_eq!(r.extra.lines, "exec(user_input)");
+        assert_eq!(
+            r.extra
+                .metadata
+                .as_ref()
+                .unwrap()
+                .get("cwe")
+                .unwrap()
+                .as_str(),
+            Some("CWE-78")
+        );
+    }
+
+    #[test]
+    fn deserialize_semgrep_empty_results() {
+        let json = r#"{"results": []}"#;
+        let output: SemgrepOutput = serde_json::from_str(json).unwrap();
+        assert!(output.results.is_empty());
+    }
+
+    #[test]
+    fn deserialize_semgrep_no_metadata() {
+        let json = r#"{
+            "results": [
+                {
+                    "check_id": "rule-1",
+                    "path": "app.py",
+                    "start": {"line": 1},
+                    "extra": {
+                        "message": "found something",
+                        "severity": "WARNING",
+                        "lines": "import os"
+                    }
+                }
+            ]
+        }"#;
+        let output: SemgrepOutput = serde_json::from_str(json).unwrap();
+        assert!(output.results[0].extra.metadata.is_none());
+    }
+
+    #[test]
+    fn semgrep_severity_mapping() {
+        let cases = vec![
+            ("ERROR", "High"),
+            ("WARNING", "Medium"),
+            ("INFO", "Low"),
+            ("UNKNOWN", "Info"),
+        ];
+        for (input, expected) in cases {
+            let result = match input {
+                "ERROR" => "High",
+                "WARNING" => "Medium",
+                "INFO" => "Low",
+                _ => "Info",
+            };
+            assert_eq!(result, expected, "Severity for '{input}'");
+        }
+    }
+
+    #[test]
+    fn deserialize_semgrep_multiple_results() {
+        let json = r#"{
+            "results": [
+                {
+                    "check_id": "rule-a",
+                    "path": "a.py",
+                    "start": {"line": 1},
+                    "extra": {
+                        "message": "msg a",
+                        "severity": "ERROR",
+                        "lines": "line a"
+                    }
+                },
+                {
+                    "check_id": "rule-b",
+                    "path": "b.py",
+                    "start": {"line": 99},
+                    "extra": {
+                        "message": "msg b",
+                        "severity": "INFO",
+                        "lines": "line b"
+                    }
+                }
+            ]
+        }"#;
+        let output: SemgrepOutput = serde_json::from_str(json).unwrap();
+        assert_eq!(output.results.len(), 2);
+        assert_eq!(output.results[1].start.line, 99);
+    }
+}