test(sasts): add Cppcheck

nolliv22 · nolliv22 · commit 8d45e1c71e97 · 2025-11-04T10:32:06.000+01:00
diff --git a/tests/Dockerfile b/tests/Dockerfile
@@ -21,6 +21,7 @@ RUN apt update -qq && \
         curl git \
         cloc \
         openjdk-17-jdk-headless maven \
+        build-essential bear \
     -y -qq --no-install-recommends && \
     rm -rf /var/lib/apt/lists/*
 
@@ -50,6 +51,10 @@ RUN curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/insta
 RUN curl -sL https://github.com/spotbugs/spotbugs/releases/download/4.9.7/spotbugs-4.9.7.tgz | tar -xzvf - && \
     mv spotbugs-* /tmp/spotbugs
 ENV PATH="/tmp/spotbugs/bin:$PATH"
+# Cppcheck
+RUN apt update -qq && \
+    DEBIAN_FRONTEND=noninteractive apt install cppcheck -y -qq --no-install-recommends && \
+    rm -rf /var/lib/apt/lists/*
 
 # === Run tests ===
 COPY --from=builder --chown=app:app /app /app
diff --git a/tests/test_sasts.py b/tests/test_sasts.py
@@ -27,7 +27,12 @@
 
 @pytest.fixture(autouse=True, scope="module")
 def update_sast_module_state() -> GeneratorType:
-    """Update the state of SAST modules between tests."""
+    """Update the state of SAST modules before running tests in this module.
+
+    This fixture re-initializes each SAST tool's status and missing requirements
+    to ensure a clean state for the test functions.
+
+    """
     for sast_data in SASTS_ALL.values():
         sast_instance = sast_data["sast"]()
         sast_data["cli_factory"].sast.__init__()
@@ -40,7 +45,12 @@ def update_sast_module_state() -> GeneratorType:
 runner = CliRunner(env={"COLUMNS": "200"})
 
 TEST_CODES_DIR = Path("tests/testcodes").resolve()
-TEST_CODES = {"java": {"build_command": "javac {filename}"}}
+TEST_CODES = {
+    "java": {"build_command": "javac {filename}"},
+    "c": {"build_command": "bear -- gcc {filename}"},
+}
+
+ARTIFACTS_ARG = {"java": ".", "c": "compile_commands.json"}
 
 
 @pytest.mark.order(0)
@@ -51,7 +61,7 @@ def test_compile() -> None | AssertionError:
         if isinstance(dataset, PrebuiltDatasetMixin):
             logging.info(f"Compiling dataset: {dataset.name}")
             retcode, stdout = run_command(
-                dataset.build_command.split(" ") + ["--test"], cwd=dataset.directory
+                dataset.build_command.split(" "), cwd=dataset.directory
             )
             assert retcode == 0
 
@@ -115,7 +125,9 @@ def test_sasts_analyze(monkeypatch: pytest.MonkeyPatch) -> None | AssertionError
                 for file in Path(TEST_CODES_DIR, lang).iterdir():
                     Path(temp_dir, file.name).write_bytes(file.read_bytes())
 
-                result = runner.invoke(sast_cli, ["analyze", lang, "--artifacts", "."])
+                result = runner.invoke(
+                    sast_cli, ["analyze", lang, "--artifacts", ARTIFACTS_ARG[lang]]
+                )
                 assert result.exit_code == 0
                 assert "--overwrite" not in result.output
 
