monkeyman192
commented
1 month ago This looks like it might actually be trickier than I thought... For one thing, bandit doesn't have any easy way to call it programatically. It is possible, but I found that it doesn't actually detect issues of the type I was expecting (was thinking of detecting malicious code etc). There is https://github.com/DataDog/guarddog which seems promising, but I think for now this is probably reasonably low priority and so can be moved out of the 0.2 milestone...
Since the mods which can be written can contain malicious code, it would be good to be able to use bandit to scan the python code which makes up a mod to try and discern any potential threats contained, and not load the mod if there are any found.