DxsSucuk
commented
1 year ago Current Idea would be to allow them to upload a Addon over the Webinterface which will be scanned by a various amount of tools, and then will go to manual checking where the provider of the bot will check the addon themself and check if its okay. Afterwards it will simply be approved or denied based on the providers decision.
Major Issue about this is, that the provider might not see specific parts on just doesn't know better, so instead of doing that in the first place OR instead of only doing that. There should be a sandbox system integrated into the bot itself, to keep the addons in their own little devil box, to keep them from accessing any other important stuff.
Why? Without a proper sandbox the addon code which might be malicious could easly access the bot token, the SQL Worker and more!
We would need ALOT more checks and prevention lines to keep malicous actors from doing anything. Otherwise we could just remove the whole addon system. Which I dont want to, since its there to allow developers to make additions even quicker without making their complete own version of ree6 and needing to activily update and modify it.
Allow Users to add custom Addons over the Webinterface.