@@ -137,6 +137,22 @@ func (m *secTestController) GetCurrentConfig() interface{} {
137137}
138138
139139// helper to create a test server with security controller
140+
141+ // secParseData extracts the "data" field from an APIResponse wrapper {success: true, data: ...}
142+ func secParseData (t * testing.T , body * bytes.Buffer , target interface {}) {
143+ t .Helper ()
144+ var wrapper struct {
145+ Success bool `json:"success"`
146+ Data json.RawMessage `json:"data"`
147+ }
148+ err := json .NewDecoder (body ).Decode (& wrapper )
149+ require .NoError (t , err )
150+ assert .True (t , wrapper .Success )
151+ if target != nil && wrapper .Data != nil {
152+ require .NoError (t , json .Unmarshal (wrapper .Data , target ))
153+ }
154+ }
155+
140156func newTestServerWithSecurity (t * testing.T , secCtrl SecurityController ) * Server {
141157 t .Helper ()
142158 logger := zap .NewNop ().Sugar ()
@@ -165,8 +181,7 @@ func TestSecurityHandlerListScanners(t *testing.T) {
165181 assert .Equal (t , http .StatusOK , w .Code )
166182
167183 var scanners []* scanner.ScannerPlugin
168- err := json .NewDecoder (w .Body ).Decode (& scanners )
169- require .NoError (t , err )
184+ secParseData (t , w .Body , & scanners )
170185 assert .Len (t , scanners , 2 )
171186 assert .Equal (t , "mcp-scan" , scanners [0 ].ID )
172187}
@@ -184,8 +199,7 @@ func TestSecurityHandlerInstallScanner(t *testing.T) {
184199 assert .Equal (t , http .StatusOK , w .Code )
185200
186201 var resp map [string ]string
187- err := json .NewDecoder (w .Body ).Decode (& resp )
188- require .NoError (t , err )
202+ secParseData (t , w .Body , & resp )
189203 assert .Equal (t , "installed" , resp ["status" ])
190204 assert .Equal (t , "mcp-scan" , resp ["id" ])
191205}
@@ -229,8 +243,7 @@ func TestSecurityHandlerRemoveScanner(t *testing.T) {
229243 assert .Equal (t , http .StatusOK , w .Code )
230244
231245 var resp map [string ]string
232- err := json .NewDecoder (w .Body ).Decode (& resp )
233- require .NoError (t , err )
246+ secParseData (t , w .Body , & resp )
234247 assert .Equal (t , "removed" , resp ["status" ])
235248}
236249
@@ -247,8 +260,7 @@ func TestSecurityHandlerConfigureScanner(t *testing.T) {
247260 assert .Equal (t , http .StatusOK , w .Code )
248261
249262 var resp map [string ]string
250- err := json .NewDecoder (w .Body ).Decode (& resp )
251- require .NoError (t , err )
263+ secParseData (t , w .Body , & resp )
252264 assert .Equal (t , "configured" , resp ["status" ])
253265}
254266
@@ -280,8 +292,7 @@ func TestSecurityHandlerGetScannerStatus(t *testing.T) {
280292 assert .Equal (t , http .StatusOK , w .Code )
281293
282294 var sc scanner.ScannerPlugin
283- err := json .NewDecoder (w .Body ).Decode (& sc )
284- require .NoError (t , err )
295+ secParseData (t , w .Body , & sc )
285296 assert .Equal (t , "mcp-scan" , sc .ID )
286297 assert .Equal (t , scanner .ScannerStatusInstalled , sc .Status )
287298}
@@ -312,8 +323,7 @@ func TestSecurityHandlerStartScan(t *testing.T) {
312323 assert .Equal (t , http .StatusAccepted , w .Code )
313324
314325 var job scanner.ScanJob
315- err := json .NewDecoder (w .Body ).Decode (& job )
316- require .NoError (t , err )
326+ secParseData (t , w .Body , & job )
317327 assert .Equal (t , "my-server" , job .ServerName )
318328 assert .True (t , job .DryRun )
319329}
@@ -350,8 +360,7 @@ func TestSecurityHandlerGetScanStatus(t *testing.T) {
350360 assert .Equal (t , http .StatusOK , w .Code )
351361
352362 var job scanner.ScanJob
353- err := json .NewDecoder (w .Body ).Decode (& job )
354- require .NoError (t , err )
363+ secParseData (t , w .Body , & job )
355364 assert .Equal (t , "scan-123" , job .ID )
356365 assert .Equal (t , scanner .ScanJobStatusCompleted , job .Status )
357366}
@@ -387,8 +396,7 @@ func TestSecurityHandlerGetScanReport(t *testing.T) {
387396 assert .Equal (t , http .StatusOK , w .Code )
388397
389398 var report scanner.AggregatedReport
390- err := json .NewDecoder (w .Body ).Decode (& report )
391- require .NoError (t , err )
399+ secParseData (t , w .Body , & report )
392400 assert .Equal (t , "scan-123" , report .JobID )
393401 assert .Len (t , report .Findings , 1 )
394402 assert .Equal (t , 1 , report .Summary .High )
@@ -431,8 +439,7 @@ func TestSecurityHandlerApproveServer(t *testing.T) {
431439 assert .Equal (t , http .StatusOK , w .Code )
432440
433441 var resp map [string ]string
434- err := json .NewDecoder (w .Body ).Decode (& resp )
435- require .NoError (t , err )
442+ secParseData (t , w .Body , & resp )
436443 assert .Equal (t , "approved" , resp ["status" ])
437444}
438445
@@ -460,8 +467,7 @@ func TestSecurityHandlerRejectServer(t *testing.T) {
460467 assert .Equal (t , http .StatusOK , w .Code )
461468
462469 var resp map [string ]string
463- err := json .NewDecoder (w .Body ).Decode (& resp )
464- require .NoError (t , err )
470+ secParseData (t , w .Body , & resp )
465471 assert .Equal (t , "rejected" , resp ["status" ])
466472}
467473
@@ -482,8 +488,7 @@ func TestSecurityHandlerCheckIntegrity(t *testing.T) {
482488 assert .Equal (t , http .StatusOK , w .Code )
483489
484490 var result scanner.IntegrityCheckResult
485- err := json .NewDecoder (w .Body ).Decode (& result )
486- require .NoError (t , err )
491+ secParseData (t , w .Body , & result )
487492 assert .True (t , result .Passed )
488493}
489494
@@ -524,8 +529,7 @@ func TestSecurityHandlerOverview(t *testing.T) {
524529 assert .Equal (t , http .StatusOK , w .Code )
525530
526531 var overview scanner.SecurityOverview
527- err := json .NewDecoder (w .Body ).Decode (& overview )
528- require .NoError (t , err )
532+ secParseData (t , w .Body , & overview )
529533 assert .Equal (t , 5 , overview .TotalScans )
530534 assert .Equal (t , 1 , overview .ActiveScans )
531535 assert .Equal (t , 2 , overview .ScannersInstalled )
0 commit comments