From 330ff01e0f4d4d6a5975218c0187cb0628910eb6 Mon Sep 17 00:00:00 2001
From: Wes Tarle <westarle@google.com>
Date: Fri, 12 Jun 2026 15:43:26 +0000
Subject: [PATCH] test(auth): verify malformed JSON array payloads do not crash
 credentials parser

The C++ test sufficiency gap report originally assumed that calling `.find()` on an array payload would crash the parser. However, the `nlohmann::json` library safely returns `.end()` on non-object types. Added this test to explicitly verify and enforce this type-safe behavior moving forward without needing redundant production code checks.
---
 google/cloud/internal/oauth2_compute_engine_credentials_test.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/google/cloud/internal/oauth2_compute_engine_credentials_test.cc b/google/cloud/internal/oauth2_compute_engine_credentials_test.cc
index e714a925db93d..c56422f3177f6 100644
--- a/google/cloud/internal/oauth2_compute_engine_credentials_test.cc
+++ b/google/cloud/internal/oauth2_compute_engine_credentials_test.cc
@@ -224,6 +224,7 @@ TEST(ComputeEngineCredentialsTest, ParseMetadataServerResponse) {
       {R"js({"email": "foo@bar.baz"})js",
        ServiceAccountMetadata{{}, "foo@bar.baz", "googleapis.com"}},
       {R"js({})js", ServiceAccountMetadata{{}, "", "googleapis.com"}},
+      {R"js([])js", ServiceAccountMetadata{{}, "", "googleapis.com"}},
   };
 
   for (auto const& test : cases) {