fix: provide output when there are no vulns found

cmars · cmars · commit 4e0643c19dfc · 2025-07-29T17:30:24.000-05:00
OS test workflow was providing no output and exit code 0 when no vulns were
found.

This displays a sensible summary indicating no vulnerabilities in the human
readable output.
diff --git a/internal/commands/ostest/test_execution.go b/internal/commands/ostest/test_execution.go
@@ -224,19 +224,14 @@ func extractSeverityKeys(summaries ...*testapi.FindingSummary) map[string]bool {
 // NewSummaryData creates a workflow.Data object containing a json_schemas.TestSummary
 // from a testapi.TestResult. This is used for downstream processing, like determining
 // the CLI exit code.
-func NewSummaryData(testResult testapi.TestResult, logger *zerolog.Logger, path string) (*json_schemas.TestSummary, workflow.Data, error) {
+func NewSummaryData(testResult testapi.TestResult, _ *zerolog.Logger, path string) (*json_schemas.TestSummary, workflow.Data, error) {
 	rawSummary := testResult.GetRawSummary()
 	effectiveSummary := testResult.GetEffectiveSummary()
 
 	if rawSummary == nil || effectiveSummary == nil {
 		return nil, nil, fmt.Errorf("test result missing summary information")
 	}
 
-	if rawSummary.Count == 0 {
-		logger.Debug().Msg("No findings in summary, skipping summary creation.")
-		return nil, nil, fmt.Errorf("no findings in summary: %w", ErrNoSummaryData)
-	}
-
 	severityKeys := extractSeverityKeys(rawSummary, effectiveSummary)
 
 	var summaryResults []json_schemas.TestSummaryResult
@@ -258,27 +253,23 @@ func NewSummaryData(testResult testapi.TestResult, logger *zerolog.Logger, path
 		}
 	}
 
-	if len(summaryResults) > 0 {
-		// Sort results for consistent output, matching the standard CLI order.
-		sort.Slice(summaryResults, func(i, j int) bool {
-			order := map[string]int{"critical": 4, "high": 3, "medium": 2, "low": 1}
-			return order[summaryResults[i].Severity] > order[summaryResults[j].Severity]
-		})
-
-		testSummary := json_schemas.NewTestSummary("open-source", path)
-		testSummary.Results = summaryResults
-		testSummary.SeverityOrderAsc = []string{"low", "medium", "high", "critical"}
+	// Sort results for consistent output, matching the standard CLI order.
+	sort.Slice(summaryResults, func(i, j int) bool {
+		order := map[string]int{"critical": 4, "high": 3, "medium": 2, "low": 1}
+		return order[summaryResults[i].Severity] > order[summaryResults[j].Severity]
+	})
 
-		summaryBytes, err := json.Marshal(testSummary)
-		if err != nil {
-			return nil, nil, fmt.Errorf("failed to marshal test summary: %w", err)
-		}
+	testSummary := json_schemas.NewTestSummary("open-source", path)
+	testSummary.Results = summaryResults
+	testSummary.SeverityOrderAsc = []string{"low", "medium", "high", "critical"}
 
-		summaryWorkflowData := NewWorkflowData(content_type.TEST_SUMMARY, summaryBytes)
-		return testSummary, summaryWorkflowData, nil
+	summaryBytes, err := json.Marshal(testSummary)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to marshal test summary: %w", err)
 	}
 
-	return nil, nil, fmt.Errorf("no summary results to process: %w", ErrNoSummaryData)
+	summaryWorkflowData := NewWorkflowData(content_type.TEST_SUMMARY, summaryBytes)
+	return testSummary, summaryWorkflowData, nil
 }
 
 // calculateUniqueIssueCount iterates through findings to determine the number of unique issues.
diff --git a/internal/commands/ostest/test_execution_test.go b/internal/commands/ostest/test_execution_test.go
@@ -3,7 +3,6 @@ package ostest_test
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"testing"
 	"time"
 
@@ -13,6 +12,7 @@ import (
 	"github.com/snyk/go-application-framework/pkg/apiclients/testapi"
 	"github.com/snyk/go-application-framework/pkg/local_workflows/content_type"
 	"github.com/snyk/go-application-framework/pkg/local_workflows/json_schemas"
+	"github.com/snyk/go-application-framework/pkg/workflow"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -90,17 +90,32 @@ func Test_NewSummaryData(t *testing.T) {
 	logger := zerolog.Nop()
 	path := "/test/path"
 
-	t.Run("no findings should not create summary data, implying exit code 0", func(t *testing.T) {
+	t.Run("no findings creates empty summary data, exit code 0", func(t *testing.T) {
 		testResult := &mockTestResult{
 			rawSummary:       &testapi.FindingSummary{Count: 0},
 			effectiveSummary: &testapi.FindingSummary{Count: 0},
 		}
 
 		summary, data, err := ostest.NewSummaryData(testResult, &logger, path)
-		assert.Nil(t, data)
-		assert.Nil(t, summary)
-		assert.True(t, errors.Is(err, ostest.ErrNoSummaryData))
-		assert.ErrorContains(t, err, "no findings in summary")
+		assert.NoError(t, err)
+		assert.Equal(t,
+			workflow.NewData(
+				data.GetIdentifier(),
+				content_type.TEST_SUMMARY,
+				[]byte(`{"results":null,"severity_order_asc":["low","medium","high","critical"],"type":"open-source","artifacts":0,"path":"/test/path"}`),
+			),
+			data,
+		)
+		assert.Equal(t,
+			&json_schemas.TestSummary{
+				Results:          nil,
+				SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+				Type:             "open-source",
+				Artifacts:        0,
+				Path:             "/test/path",
+			},
+			summary,
+		)
 	})
 
 	t.Run("no open or total findings should not create summary data", func(t *testing.T) {
@@ -120,10 +135,23 @@ func Test_NewSummaryData(t *testing.T) {
 		}
 
 		summaryStruct, data, err := ostest.NewSummaryData(testResult, &logger, path)
-		assert.Nil(t, data)
-		assert.Nil(t, summaryStruct)
-		assert.True(t, errors.Is(err, ostest.ErrNoSummaryData))
-		assert.ErrorContains(t, err, "no findings in summary")
+		assert.NoError(t, err)
+		assert.Equal(t,
+			workflow.NewData(
+				data.GetIdentifier(),
+				content_type.TEST_SUMMARY,
+				[]byte(`{"results":null,"severity_order_asc":["low","medium","high","critical"],"type":"open-source","artifacts":0,"path":"/test/path"}`),
+			),
+			data)
+		assert.Equal(t,
+			&json_schemas.TestSummary{
+				Results:          nil,
+				SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+				Type:             "open-source",
+				Artifacts:        0,
+				Path:             "/test/path",
+			},
+			summaryStruct)
 	})
 
 	t.Run("one critical finding should create summary data, implying exit code 1", func(t *testing.T) {
diff --git a/internal/commands/ostest/workflow_test.go b/internal/commands/ostest/workflow_test.go
@@ -532,9 +532,9 @@ func TestOSWorkflow_AllProjects_UnifiedFlow(t *testing.T) {
 		}
 	}
 
-	// Should have 1 JSON output (as an array of results) and 0 summary outputs (since there are no findings)
+	// Should have 1 JSON output (as an array of results) and 2 summary outputs (no findings, empty summaries)
 	assert.Len(t, jsonOutputs, 1)
-	assert.Len(t, summaryOutputs, 0)
+	assert.Len(t, summaryOutputs, 2)
 
 	// Verify JSON output is an array of 2 results
 	var legacyResults []definitions.LegacyVulnerabilityResponse

Original file line number	Diff line number	Diff line change
`@@ -532,9 +532,9 @@ func TestOSWorkflow_AllProjects_UnifiedFlow(t *testing.T) {`
`532`	`532`	`}`
`533`	`533`	`}`
`534`	`534`
`535`		`- // Should have 1 JSON output (as an array of results) and 0 summary outputs (since there are no findings)`
	`535`	`+ // Should have 1 JSON output (as an array of results) and 2 summary outputs (no findings, empty summaries)`
`536`	`536`	`assert.Len(t, jsonOutputs, 1)`
`537`		`- assert.Len(t, summaryOutputs, 0)`
	`537`	`+ assert.Len(t, summaryOutputs, 2)`
`538`	`538`
`539`	`539`	`// Verify JSON output is an array of 2 results`
`540`	`540`	`var legacyResults []definitions.LegacyVulnerabilityResponse`