Skip to content

Add OpenTaint SARIF reader support#266

Open
seqradev wants to merge 4 commits intoOWASP-Benchmark:mainfrom
seqradev:seqradev/support-seqra
Open

Add OpenTaint SARIF reader support#266
seqradev wants to merge 4 commits intoOWASP-Benchmark:mainfrom
seqradev:seqradev/support-seqra

Conversation

@seqradev
Copy link
Copy Markdown

@seqradev seqradev commented Feb 6, 2026
edited
Loading

  • Add OpenTaintReader, a new SARIF-based parser for the OpenTaint static analysis tool
  • Include CWE mapping override for the cookie-issecure-false rule, which reports CWE-319 but should map to CWE-614 (Insecure Cookie) for Benchmark scoring
  • Register the reader in Reader.java alongside existing parsers

@seqradev
Add Seqra SARIF reader support
b7932c5 
Add support for Seqra security static analysis tool:
- SeqraReader.java: SARIF reader using CweSourceType.TAG
- SeqraReaderTest.java: Unit tests for the reader
- Benchmark_Seqra.sarif: Test data file
- Register reader in Reader.java
@seqradev seqradev mentioned this pull request Feb 6, 2026
Open
@davewichers
Copy link
Copy Markdown
Contributor

davewichers commented Feb 6, 2026

@darkspirit510 - Can you review all this and the change to BencharkJava too. This tool's repo is apparently at: https://github.com/seqra/seqra-jvm and there is a wiki article about it here: https://deepwiki.com/seqra/seqra-jvm-sast.

@seqradev
Copy link
Copy Markdown
Author

seqradev commented Feb 6, 2026

Hi @davewichers,
The main repository for the tool is https://github.com/seqra/seqra, and the corresponding wiki article is https://deepwiki.com/seqra/seqra. We also have a website at https://seqra.dev.

If you have any questions, feel free to ask. Thanks for the quick response!

darkspirit510
darkspirit510 reviewed Feb 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@darkspirit510 darkspirit510 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one minor thing, the rest looks good to me.

@darkspirit510 darkspirit510 mentioned this pull request Feb 15, 2026
Closed
@darkspirit510
Copy link
Copy Markdown
Contributor

darkspirit510 commented Mar 30, 2026

@davewichers I guess this one can be merged.

@seqradev seqradev marked this pull request as draft March 30, 2026 10:16
@seqradev
Copy link
Copy Markdown
Author

seqradev commented Mar 30, 2026

Hi @darkspirit510, we've updated the analyzer's name, so I need to make the same change in this PR. Please let me handle it — I need a day to do it.

@seqradev seqradev changed the title Add Seqra SARIF reader support Add OpenTaint SARIF reader support Mar 30, 2026
@seqradev seqradev marked this pull request as ready for review March 30, 2026 21:50
@seqradev seqradev force-pushed the seqradev/support-seqra branch 2 times, most recently from beda9d2 to d7f0857 Compare March 30, 2026 22:46
@seqradev seqradev force-pushed the seqradev/support-seqra branch from d7f0857 to 0f94428 Compare March 30, 2026 22:48
@davewichers
Copy link
Copy Markdown
Contributor

davewichers commented Mar 31, 2026

@seqradev - Failing a test case.

@davewichers
Copy link
Copy Markdown
Contributor

davewichers commented Mar 31, 2026

@darkspirit510 - Can you review this again to see if you are OK to merge it now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@darkspirit510 darkspirit510 darkspirit510 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seqradev @davewichers @darkspirit510