SONARJAVA-6208 S2699: Add approve to assertion method name pattern

[NoemieBenard]

Add approve keyword to the assertion methods pattern to support ApproveJ library

[hashicorp-vault-sonar-prod]

SONARJAVA-6208

[sonar-review-alpha]

Summary

This PR extends rule S2699 (test method contains assertions) to recognize ApproveJ's approve() method as a valid assertion. The change adds "approve" to the assertion method name pattern in UnitTestUtils.java, allowing tests that use ApproveJ for approval testing to pass the rule check instead of being flagged as having missing assertions.

The implementation includes:

• Pattern update to match "approve" prefix (e.g., approve(), approveMessage())
• Test cases demonstrating ApproveJ usage
• Documentation update listing ApproveJ alongside other supported frameworks
• Metrics baseline adjustment (158 false negatives, up from 157)

What reviewers should know

Start here: Review the pattern change in UnitTestUtils.java:44 — it's the only production code change. The regex now includes approve alongside existing assertion keywords.

Test coverage: The new ApproveJ.java file demonstrates both patterns — one method without assertions (expected to fail) and two using approve() (expected to pass).

Note: The false negatives metric increased by 1, which reflects a test case that was previously flagged but is now correctly handled by the enhanced pattern detection.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[tomasz-tylenda-sonarsource]

Overall this change looks good, but we should also update the documentation in RSpec. Let me know when you have time and I'll show you how to do this.

[tomasz-tylenda-sonarsource]

Please fix formatting.

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonar-review-alpha]

Small, focused PR overall. One question worth discussing regarding the autoscan metrics change.

🗣️ Give feedback

[sonar-review-alpha]

The false negatives count went up by 1 (157 → 158) after adding approve to the pattern. This suggests the autoscan corpus contains at least one test method that calls something like approveOrder() or approvePayment() — a business-logic domain method that the rule now silently treats as an assertion, causing it to miss a genuine missing-assertion issue.

The word approve is broad enough to appear in non-assertion domain methods inside test code. Is this increase expected/acceptable as a deliberate trade-off, or is it a signal that the pattern should be narrowed (e.g. via a type-based check anchored to org.approvej, similar to how other frameworks are handled)?

• Mark as noise