Add new unit tests for unchanged alerts

lelia · lelia · commit 11ac5c416c7e · 2026-04-09T13:42:53.000-04:00
Signed-off-by: lelia &lt;2418071+lelia@users.noreply.github.com&gt;
diff --git a/tests/unit/test_gitlab_format.py b/tests/unit/test_gitlab_format.py
@@ -507,6 +507,52 @@ def test_dependency_files_skips_unknown_manifest(self):
         report = Messages.create_security_comment_gitlab(diff)
         assert report["dependency_files"] == []
 
+    def test_unchanged_alerts_included_in_report(self):
+        """Test that unchanged_alerts are included alongside new_alerts in the GitLab report"""
+        diff = Diff()
+        diff.id = "test-scan-id"
+        diff.diff_url = "https://socket.dev/test"
+
+        diff.new_alerts = [
+            Issue(
+                pkg_name="new-pkg", pkg_version="1.0.0", type="malware", severity="high",
+                title="New Alert", manifests="package.json", pkg_type="npm", key="k1", purl="pkg:npm/new-pkg@1.0.0"
+            ),
+        ]
+        diff.unchanged_alerts = [
+            Issue(
+                pkg_name="existing-pkg", pkg_version="2.0.0", type="vulnerability", severity="medium",
+                title="Existing Alert", manifests="package.json", pkg_type="npm", key="k2", purl="pkg:npm/existing-pkg@2.0.0"
+            ),
+        ]
+
+        report = Messages.create_security_comment_gitlab(diff)
+        assert len(report["vulnerabilities"]) == 2
+
+        names = {v["name"] for v in report["vulnerabilities"]}
+        assert "New Alert" in names
+        assert "Existing Alert" in names
+
+    def test_only_unchanged_alerts_produces_nonempty_report(self):
+        """Test that a diff with no new alerts but unchanged alerts still populates the report"""
+        diff = Diff()
+        diff.id = "test-scan-id"
+        diff.diff_url = "https://socket.dev/test"
+
+        diff.new_alerts = []
+        diff.unchanged_alerts = [
+            Issue(
+                pkg_name="stable-pkg", pkg_version="3.0.0", type="vulnerability", severity="critical",
+                title="Known Issue", manifests="requirements.txt", pkg_type="pypi", key="k1", purl="pkg:pypi/stable-pkg@3.0.0"
+            ),
+        ]
+
+        report = Messages.create_security_comment_gitlab(diff)
+        assert len(report["vulnerabilities"]) == 1
+        assert report["vulnerabilities"][0]["name"] == "Known Issue"
+        assert len(report["dependency_files"]) == 1
+        assert report["dependency_files"][0]["path"] == "requirements.txt"
+
     def test_pkg_type_to_package_manager_mapping(self):
         """Test package manager mapping covers common ecosystems"""
         assert Messages._pkg_type_to_package_manager("npm") == "npm"
