Create a control flow graph to traverse code in possible execution order

[ericwb]

Is your feature request related to a problem? Please describe. Bandit could really benefit from a Control Flow Graph to do things like taint analysis and analysis based on possible execution order.

Describe the solution you'd like There is an existing Python package staticfg that might be useful to generate the CFG. From the CFG bandit can traverse the generated graph instead of the AST.

Describe alternatives you've considered Current behavior does analysis top-down in the file, which is almost never the execution of the program making things like taint analysis next to impossible.

Additional context https://github.com/coetaur0/staticfg

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.