SONARJAVA-6208 S2699: Add approve to assertion method name pattern

[NoemieBenard]

Add approve keyword to the assertion methods pattern to support ApproveJ library

[hashicorp-vault-sonar-prod]

SONARJAVA-6208

[sonar-review-alpha]

Summary

This PR extends the S2699 rule ("Tests should include assertions") to recognize assertion calls from the ApproveJ library. ApproveJ uses an approve() method for snapshot-style assertions, which was not previously recognized by SonarJava's assertion detection pattern.

The change adds "approve" as an additional assertion method prefix to the existing pattern that already recognizes assert, verify, fail, should, check, expect, validate, andExpect, and others. A new test file with ApproveJ usage examples is included, along with documentation updates listing ApproveJ as a supported framework.

What reviewers should know

Where to start: Review the core change in UnitTestUtils.java (line 44) where "approve" is added to the regex pattern. This is the single-line change that enables ApproveJ support.

Test coverage: The new ApproveJ.java test file demonstrates the rule behavior with ApproveJ—one test with no assertions (should be flagged as noncompliant) and two tests using approve() calls (should pass). Check that test cases cover the library's common usage patterns.

Metrics update: The false negatives count in diff_S2699.json increases by 1 (157→158), indicating one more false negative was found and is now fixed by this change.

Why this matters: ApproveJ is a snapshot testing library that provides approval-style assertions. Without recognizing approve(), the rule would incorrectly flag tests using this library as having no assertions.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[tomasz-tylenda-sonarsource]

Overall this change looks good, but we should also update the documentation in RSpec. Let me know when you have time and I'll show you how to do this.

[tomasz-tylenda-sonarsource]

Please fix formatting.

[sonar-review-alpha]

Small, focused PR overall. One question worth discussing regarding the autoscan metrics change.

🗣️ Give feedback

[sonar-review-alpha]

The false negatives count went up by 1 (157 → 158) after adding approve to the pattern. This suggests the autoscan corpus contains at least one test method that calls something like approveOrder() or approvePayment() — a business-logic domain method that the rule now silently treats as an assertion, causing it to miss a genuine missing-assertion issue.

The word approve is broad enough to appear in non-assertion domain methods inside test code. Is this increase expected/acceptable as a deliberate trade-off, or is it a signal that the pattern should be narrowed (e.g. via a type-based check anchored to org.approvej, similar to how other frameworks are handled)?

• Mark as noise

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube