Parse bandit results

Author: ggabarrin

README.md

@@ -14,7 +14,10 @@
 
 Security Notes allows the creation of notes within source files, which can be replied to, reacted to using emojis, and assigned statuses such as "TODO", "Vulnerable" and "Not Vulnerable".
 
-Also, it allows importing the output from SAST tools (currently only [Semgrep](https://semgrep.dev/)) into notes, making the processing of the findings much easier.
+Also, it allows importing the output from SAST tools into notes, making the processing of the findings much easier. Currently supported tools include:
+
+- semgrep (https://semgrep.dev/)
+- bandit (https://bandit.readthedocs.io/en/latest/)
 
 Finally, collaborate with others by using a centralized database for notes that will be automatically synced in **real-time**! Create a note locally, and it will be automatically pushed to whoever is working with you on the project.
 
@@ -70,7 +73,7 @@ The extension allows you to import the output from SAST tools (currently only [S
 
 ## Extension Settings
 
-Various settings for the extension can be configured in VSCode's User Settings page (`CMD+Shift+P` / `Ctrl + Shift + P` -> *Preferences: Open Settings (UI)*):
+Various settings for the extension can be configured in VSCode's User Settings page (`CMD+Shift+P` / `Ctrl + Shift + P` -> _Preferences: Open Settings (UI)_):
 
 ![Extension Settings](images/settings.png)
 

src/parsers/bandit.ts

@@ -0,0 +1,41 @@
+'use strict';
+
+import * as vscode from 'vscode';
+import { ToolFinding } from '../models/toolFinding';
+
+class BanditParser {
+  static parse(fileContent: string) {
+    const toolFindings: ToolFinding[] = [];
+
+    try {
+      const banditFindings = JSON.parse(fileContent).results;
+      banditFindings.map((banditFinding: any) => {
+        // uri
+        let fullPath = '';
+        if (vscode.workspace.workspaceFolders) {
+          fullPath = vscode.workspace.workspaceFolders[0].uri.fsPath + '/';
+        }
+        const uri = vscode.Uri.file(`${fullPath}${banditFinding.filename}`);
+
+        // range
+        const lineRange = banditFinding.line_range;
+        const range = new vscode.Range(
+          lineRange[0] - 1,
+          0,
+          (lineRange[1] ? lineRange[1] : lineRange[0]) - 1,
+          0,
+        );
+
+        // instantiate tool finding and add to list
+        const toolFinding = new ToolFinding(uri, range, banditFinding.issue_text);
+        toolFindings.push(toolFinding);
+      });
+    } catch {
+      /* empty */
+    }
+
+    return toolFindings;
+  }
+}
+
+export { BanditParser };

src/webviews/importToolResultsWebview.ts

@@ -2,6 +2,7 @@
 
 import * as vscode from 'vscode';
 import { commentController } from '../controllers/comments';
+import { BanditParser } from '../parsers/bandit';
 import { SemgrepParser } from '../parsers/semgrep';
 import { ToolFinding } from '../models/toolFinding';
 import { saveNoteComment } from '../helpers';
@@ -42,12 +43,7 @@ export class ImportToolResultsWebview implements vscode.WebviewViewProvider {
     webviewView.webview.onDidReceiveMessage((data) => {
       switch (data.type) {
         case 'processToolFile': {
-          processToolFile(
-            data.toolName,
-            data.fileContent,
-            this.noteMap,
-            this.remoteDb,
-          );
+          processToolFile(data.toolName, data.fileContent, this.noteMap, this.remoteDb);
         }
       }
     });
@@ -86,6 +82,7 @@ export class ImportToolResultsWebview implements vscode.WebviewViewProvider {
             <p>
             <select id="toolSelect">
             <option value="semgrep">semgrep</option>
+            <option value="bandit">bandit</option>
             </select>
             </p>
             <p>Select file:</p>
@@ -113,6 +110,11 @@ function processToolFile(
   switch (toolName) {
     case 'semgrep': {
       toolFindings = SemgrepParser.parse(fileContent);
+      break;
+    }
+    case 'bandit': {
+      toolFindings = BanditParser.parse(fileContent);
+      break;
     }
   }