# Acceptance Criteria for Tests in Rust This document provides the acceptance criteria for writing and executing tests in Rust. The examples are drawn from the provided files: `test.rs` (which contains the logic to perform the tests) and `test-configuration.yaml` (which contains the paths and configurations for the tests). ## Acceptance Criteria for Adding Examples and Ensuring Tests Work ### 1. Valid YAML Structure The `test-configuration.yaml` file must be a valid YAML file that follows the specific structure of `detectors`. Each `detector` should have a unique name and include a `DetectorConfig` object. ### 2. Warning Message Each `DetectorConfig` must include a `warning_message`. This message is expected to appear in the output when a test against a vulnerable path is executed. The `warning_message` should be specific and unique to the vulnerability that the detector is designed to identify. ### 3. Examples Each `DetectorConfig` must also include at least one `Example` object. An `Example` consists of a `vulnerable_path` and a `remediated_path`. ### 4. Path Specification The `vulnerable_path` and `remediated_path` in each `Example` must point to valid `Cargo.toml` files in the project. These paths are relative to the directory where the tests are executed from. - `vulnerable_path`: This is the path to the project file of the code that is expected to contain the vulnerability. - `remediated_path`: This is the path to the project file of the code that has been remediated and is expected to be free of the vulnerability. ### 5. Path Validation All paths specified in the `vulnerable_path` and `remediated_path` must be valid and the referenced `Cargo.toml` files should exist. If a path is invalid or the referenced file does not exist, the test will fail. ### 6. Successful Command Execution Each `Example` will be tested by executing the `cargo scout-audit` command with the provided paths. The test must be able to execute this command successfully. If the command execution fails, the test will fail. ### 7. Proper Linter Output Validation Each `Example` will be tested by running our Rust linter using the `cargo scout-audit` command. The output generated by this linter is then compared against the `warning_message` specified in the `DetectorConfig`. - If the `Example` is a `vulnerable_path`, the linter output (specifically, the `stderr` or error stream) should contain the `warning_message`. If the linter output does not contain the expected warning, the test will fail. - If the `Example` is a `remediated_path`, the linter output should not contain the `warning_message`. If the linter output still contains the warning, indicating a detected vulnerability, the test will fail.