+def evaluate(actor, parameters):
+ """Evaluate a Python expression."""
+
+ if not parameters:
+ message = "You need to supply a Python expression."
+ elif "__" in parameters:
+ message = "Double-underscores (__) are not allowed in expressions."
+ elif "lambda" in parameters:
+ message = "Lambda functions are not allowed in expressions."
+ else:
+ # Strictly limit the allowed builtins and modules
+ eval_globals = {"__builtins__": dict()}
+ for allowed in ("dir", "globals", "len", "locals"):
+ eval_globals["__builtins__"][allowed] = __builtins__[allowed]
+ eval_globals["mudpy"] = mudpy
+ eval_globals["universe"] = actor.universe
+ try:
+ # there is no other option than to use eval() for this, since
+ # its purpose is to evaluate arbitrary expressions, so do what
+ # we can to secure it and allow it for bandit analysis
+ message = repr(eval(parameters, eval_globals)) # nosec
+ except Exception as e:
+ message = ("$(red)Your expression raised an exception...$(eol)"
+ "$(eol)$(bld)%s$(nrm)" % e)
+ actor.send(message)
+ return True
+
+