test: update legacy FOSSA-shape assertions for wrapper parity

flowstate · flowstate · commit 8ec189b0d90c · 2026-05-26T13:49:56.000-07:00
Pin project.id to dollar separator, replace 2-key SBOM with 5-key
shape, and update per-dependency assertions to the 14-key
_build_dependency_entry contract.
diff --git a/tests/unit/test_output.py b/tests/unit/test_output.py
@@ -322,7 +322,7 @@ def test_json_file_saving_in_fossa_format(self, tmp_path):
         saved = json.loads(json_path.read_text())
         assert saved["project"] == {
             "branch": "refs/heads/main",
-            "id": "owner/repo-scan-123",
+            "id": "owner/repo$scan-123",
             "project": "owner/repo",
             "projectId": "owner/repo",
             "revision": "scan-123",
diff --git a/tests/unit/test_socketcli.py b/tests/unit/test_socketcli.py
@@ -57,15 +57,11 @@ class Config:
     payload = build_license_artifact_payload(diff, legal_format="fossa", config=Config())
 
     assert payload == {
-        "project": {
-            "branch": "main",
-            "id": "owner/repo-scan-1",
-            "project": "owner/repo",
-            "projectId": "owner/repo",
-            "revision": "scan-1",
-            "url": "https://socket.dev/report/1",
-        },
-        "dependencies": [],
+        "copyrightsByLicense": {},
+        "deepDependencies": [],
+        "directDependencies": [],
+        "licenses": {},
+        "project": {"name": "owner/repo", "revision": "scan-1"},
     }
 
 
@@ -115,16 +111,23 @@ class Config:
 
     payload = build_license_artifact_payload(diff, legal_format="fossa", config=Config())
 
-    assert payload["project"]["projectId"] == "owner/repo"
-    assert payload["dependencies"] == [{
-        "id": "pkg-1",
-        "name": "requests",
+    assert payload["project"] == {"name": "owner/repo", "revision": "scan-1"}
+    assert payload["directDependencies"] == [{
+        "authors": [],
+        "dependencyPaths": ["requests"],
+        "description": "",
+        "downloadUrl": "",
+        "hash": None,
+        "isGolang": None,
+        "licenses": [{"attribution": "", "name": "Apache-2.0"}],
+        "notes": [],
+        "otherLicenses": [],
+        "package": "requests",
+        "projectUrl": "",
+        "source": "pip",
+        "title": "requests",
         "version": "2.31.0",
-        "ecosystem": "pip",
-        "direct": True,
-        "url": "https://socket.dev/pypi/package/requests/overview/2.31.0",
-        "purl": "pkg:pypi/requests@2.31.0",
-        "declaredLicense": "Apache-2.0",
-        "licenseDetails": [{"id": "Apache-2.0"}],
-        "licenseAttrib": [{"id": "Apache-2.0"}],
     }]
+    assert payload["deepDependencies"] == []
+    assert payload["copyrightsByLicense"] == {}
+    assert payload["licenses"] == {}
