Add targeted check --junitxml test coverage for XML output and failure reporting

tests/test_check.py

@@ -1,7 +1,17 @@
 from click.testing import CliRunner
+from pathlib import Path
+import xml.etree.ElementTree as ET
+import pytest
 
 from sigma.cli.check import check
 
+TEST_FILES_DIR = Path(__file__).parent / "files"
+
+
+def skip_if_junitxml_unavailable():
+    if "junitxml" not in {param.name for param in check.params}:
+        pytest.skip("--junitxml option is not available in this branch")
+
 
 def test_check_help():
     cli = CliRunner()
@@ -88,3 +98,43 @@ def test_check_exclude():
     assert "Invalid validators name" in result.stdout
     assert "myvalidator" in result.stdout
     assert "Check failure" in result.stdout
+
+
+def test_check_junitxml_created_and_well_formed(tmp_path):
+    runner = CliRunner()
+    skip_if_junitxml_unavailable()
+    report_path = tmp_path / "check-report.xml"
+    result = runner.invoke(
+        check,
+        [
+            "--junitxml",
+            str(report_path),
+            str(TEST_FILES_DIR / "invalid"),
+        ],
+    )
+    assert result.exit_code == 1
+    assert report_path.exists()
+    root = ET.parse(report_path).getroot()
+    # JUnit XML producers can emit either a single "testsuite" root
+    # or a "testsuites" wrapper for multiple suites.
+    assert root.tag in {"testsuites", "testsuite"}
+    if root.tag == "testsuites":
+        assert len(root.findall("testsuite")) > 0
+
+
+def test_check_junitxml_reports_failures_for_invalid_rules(tmp_path):
+    runner = CliRunner()
+    skip_if_junitxml_unavailable()
+    report_path = tmp_path / "check-report.xml"
+    result = runner.invoke(
+        check,
+        [
+            "--junitxml",
+            str(report_path),
+            str(TEST_FILES_DIR / "invalid"),
+        ],
+    )
+    assert result.exit_code == 1
+    root = ET.parse(report_path).getroot()
+    failures = root.findall(".//failure")
+    assert len(failures) > 0