From 7ab97ce4b194ab370f093f4fc3f4fc25b9c44aba Mon Sep 17 00:00:00 2001
From: Michael <michael@michaels.mac.studio.siteshadow>
Date: Sun, 29 Mar 2026 11:27:19 -0400
Subject: [PATCH] Add SiteShadowReader for SARIF-based taint analysis results

SiteShadow is an open-source SAST tool that performs graph-based
intraprocedural and interprocedural taint analysis using tree-sitter
WASM parsing. It outputs results in SARIF 2.1.0 format with CWEs
encoded in rule property tags.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../benchmarkutils/score/parsers/Reader.java  |  2 ++
 .../score/parsers/sarif/SiteShadowReader.java | 25 +++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SiteShadowReader.java

diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java
index fd38ccbf..e2aeca65 100644
--- a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java
+++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/Reader.java
@@ -38,6 +38,7 @@
 import org.owasp.benchmarkutils.score.parsers.sarif.PTAIReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.PrecautionReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.SemgrepSarifReader;
+import org.owasp.benchmarkutils.score.parsers.sarif.SiteShadowReader;
 import org.owasp.benchmarkutils.score.parsers.sarif.SnykReader;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
@@ -106,6 +107,7 @@ public static List<Reader> allReaders() {
                 new ShiftLeftReader(),
                 new ShiftLeftScanReader(),
                 new SnappyTickReader(),
+                new SiteShadowReader(),
                 new SnykReader(),
                 new SonarQubeJsonReader(),
                 new SonarQubeReader(),
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SiteShadowReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SiteShadowReader.java
new file mode 100644
index 00000000..943b5bfc
--- /dev/null
+++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SiteShadowReader.java
@@ -0,0 +1,25 @@
+/**
+ * OWASP Benchmark Project
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Michael (SiteShadow)
+ * @created 2026
+ */
+package org.owasp.benchmarkutils.score.parsers.sarif;
+
+public class SiteShadowReader extends SarifReader {
+
+    public SiteShadowReader() {
+        super("SiteShadow", false, CweSourceType.TAG);
+    }
+}