fix e2e reachability tests, respect --disable-blocking when set

lelia · lelia · commit ce33da64e3fd · 2026-05-21T14:38:38.000-04:00
Signed-off-by: lelia &lt;2418071+lelia@users.noreply.github.com&gt;
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
@@ -947,6 +947,8 @@ def get_added_and_removed_packages(
             )
         except APIFailure as e:
             log.error(f"API Error: {e}")
+            if self.cli_config and self.cli_config.disable_blocking:
+                sys.exit(0)
             sys.exit(1)
         except Exception as e:
             import traceback
@@ -1124,6 +1126,8 @@ def create_new_diff(
                     os.unlink(temp_file)
                 except OSError:
                     pass
+            if self.cli_config and self.cli_config.disable_blocking:
+                sys.exit(0)
             sys.exit(1)
         except Exception as e:
             import traceback
diff --git a/tests/e2e/validate-reachability.sh b/tests/e2e/validate-reachability.sh
@@ -27,31 +27,47 @@ else
   exit 1
 fi
 
-# 3. Run SARIF with --sarif-reachability all
-socketcli \
-  --target-path tests/e2e/fixtures/simple-npm \
-  --reach \
-  --sarif-file /tmp/sarif-all.sarif \
-  --sarif-scope full \
-  --sarif-reachability all \
-  --disable-blocking \
-  2>/dev/null
+FACTS_PATH="tests/e2e/fixtures/simple-npm/.socket.facts.json"
+if [ ! -f "$FACTS_PATH" ]; then
+  echo "FAIL: Expected reachability facts at $FACTS_PATH after initial scan"
+  exit 1
+fi
+echo "PASS: Reachability facts file present at $FACTS_PATH"
+
+# 3-4. Build SARIF from the facts file produced by the initial --reach run.
+# Avoid re-running reach + full scan here; duplicate API scans are slow and flaky in CI.
+uv run python -c "
+import json
+from pathlib import Path
 
-# 4. Run SARIF with --sarif-reachability reachable (filtered)
-socketcli \
-  --target-path tests/e2e/fixtures/simple-npm \
-  --reach \
-  --sarif-file /tmp/sarif-reachable.sarif \
-  --sarif-scope full \
-  --sarif-reachability reachable \
-  --disable-blocking \
-  2>/dev/null
+from socketsecurity.core.alert_selection import load_components_with_alerts
+from socketsecurity.core.messages import Messages
+
+target = 'tests/e2e/fixtures/simple-npm'
+facts_file = '.socket.facts.json'
+components = load_components_with_alerts(target, facts_file)
+if not components:
+    raise SystemExit('FAIL: no components with alerts in .socket.facts.json')
+
+for outfile, reach_filter in [
+    ('/tmp/sarif-all.sarif', 'all'),
+    ('/tmp/sarif-reachable.sarif', 'reachable'),
+]:
+    sarif = Messages.create_security_comment_sarif_from_facts(
+        components,
+        reachability_filter=reach_filter,
+        grouping='instance',
+    )
+    Path(outfile).write_text(json.dumps(sarif, indent=2))
+    count = len(sarif['runs'][0]['results'])
+    print(f'PASS: Wrote {outfile} ({count} results, filter={reach_filter})')
+"
 
 # 5. Verify reachable-only results are a subset of all results
 test -f /tmp/sarif-all.sarif
 test -f /tmp/sarif-reachable.sarif
 
-python3 -c "
+uv run python -c "
 import json
 with open('/tmp/sarif-all.sarif') as f:
     all_data = json.load(f)
