compliance-scanner-agent/compliance-agent/tests/integration/api/dast.rs

use crate::common::TestServer;
use serde_json::json;

#[tokio::test]
async fn add_and_list_dast_targets() {
    let server = TestServer::start().await;

    // Initially empty
    let resp = server.get("/api/v1/dast/targets").await;
    assert_eq!(resp.status(), 200);
    let body: serde_json::Value = resp.json().await.unwrap();
    assert_eq!(body["data"].as_array().unwrap().len(), 0);

    // Add a target
    let resp = server
        .post(
            "/api/v1/dast/targets",
            &json!({
                "name": "test-app",
                "base_url": "https://test-app.example.com",
                "target_type": "webapp",
            }),
        )
        .await;
    assert_eq!(resp.status(), 200);

    // List should return 1
    let resp = server.get("/api/v1/dast/targets").await;
    let body: serde_json::Value = resp.json().await.unwrap();
    let targets = body["data"].as_array().unwrap();
    assert_eq!(targets.len(), 1);
    assert_eq!(targets[0]["name"], "test-app");
    assert_eq!(targets[0]["base_url"], "https://test-app.example.com");

    server.cleanup().await;
}

#[tokio::test]
async fn list_dast_findings_empty() {
    let server = TestServer::start().await;

    let resp = server.get("/api/v1/dast/findings").await;
    assert_eq!(resp.status(), 200);
    let body: serde_json::Value = resp.json().await.unwrap();
    assert_eq!(body["data"].as_array().unwrap().len(), 0);

    server.cleanup().await;
}