test: reject null cweIds on advisory create handler

Array Fleet · cursoragent · Array Fleet · commit 6f477b45ea31 · 2026-06-10T16:57:28.000Z
Mirror the existing null credits guard test on the create path so
null optional array fields are validated consistently at handler level.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/pkg/github/security_advisories_test.go b/pkg/github/security_advisories_test.go
@@ -801,6 +801,23 @@ func Test_CreateRepositorySecurityAdvisory(t *testing.T) {
 			expectError:    true,
 			expectedErrMsg: "invalid credits: value must not be null",
 		},
+		{
+			name: "reject null cweIds",
+			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
+				PostReposSecurityAdvisoriesByOwnerByRepo: mockResponse(t, http.StatusCreated, mockAdvisory),
+			}),
+			requestArgs: map[string]any{
+				"owner":           "octo",
+				"repo":            "hello-world",
+				"summary":         "Stored XSS in Core",
+				"description":     "A stored XSS vulnerability in Core.",
+				"severity":        "high",
+				"vulnerabilities": sampleAdvisoryVulnerabilities(),
+				"cweIds":          nil,
+			},
+			expectError:    true,
+			expectedErrMsg: "invalid cweIds: value must not be null",
+		},
 		{
 			name: "API error handling",
 			mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
