Add BanditReader for Python and add new vuln category for new Python

Dave Wichers · Dave Wichers · commit 586cc9477a4f · 2025-10-30T13:51:52.000-04:00
Benchmark being developed.
diff --git a/library/src/main/resources/categories.xml b/library/src/main/resources/categories.xml
@@ -123,6 +123,14 @@
         <isInjection>true</isInjection>
         <shortname>SQLI</shortname>
     </category>
+    <category>
+        <id>tempfile</id>
+        <name>Insecure Temporary File</name>
+        <cwe>377</cwe>
+        <childof>668</childof>
+        <parentof>378,379</parentof>
+        <shortname>TEMP</shortname>
+    </category>
     <category>
         <id>trustbound</id>
         <name>Trust Boundary</name>
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BanditReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BanditReader.java
@@ -0,0 +1,37 @@
+/**
+ * OWASP Benchmark Project
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Dave Wichers
+ * @created 2025
+ */
+package org.owasp.benchmarkutils.score.parsers.sarif;
+
+import org.owasp.benchmarkutils.score.ResultFile;
+
+/**
+ * This reader is made for the datadog-static-analyzer available on <a
+ * href="https://github.com/DataDog/datadog-static-analyzer">...</a>. It uses the SARIF file
+ * produces by the tool.
+ */
+public class BanditReader extends SarifReader {
+
+    public BanditReader() {
+        super("Bandit", false, CweSourceType.TAG);
+    }
+
+    @Override
+    public String toolName(ResultFile resultFile) {
+        return "Bandit";
+    }
+}
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java
@@ -30,6 +30,7 @@
 import org.owasp.benchmarkutils.score.TestSuiteResults;
 import org.owasp.benchmarkutils.score.parsers.csv.SemgrepCSVReader;
 import org.owasp.benchmarkutils.score.parsers.csv.WhiteHatDynamicReader;
+import org.owasp.benchmarkutils.score.parsers.sarif.BanditReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.CodeQLReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.ContrastScanReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.DatadogSastReader;
@@ -56,6 +57,7 @@ public static List<Reader> allReaders() {
                 new AppScanDynamicReader(),
                 new AppScanSourceReader(),
                 new ArachniReader(),
+                new BanditReader(),
                 new BearerReader(),
                 new BlackDuckReader(),
                 new BurpJsonReader(),
