"""User command functions for the mudpy engine."""
-# Copyright (c) 2004-2019 mudpy authors. Permission to use, copy,
+# Copyright (c) 2004-2020 mudpy authors. Permission to use, copy,
# modify, and distribute this software is granted under terms
# provided in the LICENSE file distributed with this software.
actor.send("Exiting chat mode.")
else:
actor.send("Sorry, but you're already busy with something else!")
+ return True
def create(actor, parameters):
elif len(arguments) > 2:
message = "You can only specify an element and a filename."
actor.send(message)
+ return True
def delete(actor, parameters):
+ '". Try "show element ' +
element + '" for verification.')
actor.send(message)
+ return True
def destroy(actor, parameters):
6
)
actor.send(message)
+ return True
def error(actor, input_data):
"""Generic error for an unrecognized command word."""
# 90% of the time use a generic error
- # Whitelist the random.randrange() call in bandit since it's not used for
+ # Allow the random.randrange() call in bandit since it's not used for
# security/cryptographic purposes
if random.randrange(10): # nosec
message = '''I'm not sure what "''' + input_data + '''" means...'''
mudpy.misc.log(
'Sending a command error to user %s raised exception...\n%s' % (
actor.owner.account.get("name"), traceback.format_exc()))
+ return True
+
+
+def evaluate(actor, parameters):
+ """Evaluate a Python expression."""
+
+ if not parameters:
+ message = "You need to supply a Python expression."
+ elif "__" in parameters:
+ message = "Double-underscores (__) are not allowed in expressions."
+ elif "lambda" in parameters:
+ message = "Lambda functions are not allowed in expressions."
+ else:
+ # Strictly limit the allowed builtins and modules
+ eval_globals = {"__builtins__": dict()}
+ for allowed in ("dir", "globals", "len", "locals"):
+ eval_globals["__builtins__"][allowed] = __builtins__[allowed]
+ eval_globals["mudpy"] = mudpy
+ eval_globals["universe"] = actor.universe
+ try:
+ # there is no other option than to use eval() for this, since
+ # its purpose is to evaluate arbitrary expressions, so do what
+ # we can to secure it and allow it for bandit analysis
+ message = repr(eval(parameters, eval_globals)) # nosec
+ except Exception as e:
+ message = ("$(red)Your expression raised an exception...$(eol)"
+ "$(eol)$(bld)%s$(nrm)" % e)
+ actor.send(message)
+ return True
def halt(actor, parameters):
# set a flag to terminate the world
actor.universe.terminate_flag = True
+ return True
def help(actor, parameters):
description = command.get("description")
if not description:
description = "(no short description provided)"
- if command.get("administrative"):
+ if command.is_restricted():
output = "$(red)"
else:
output = "$(grn)"
if actor.can_run(command):
if really_see_also:
really_see_also += ", "
- if command.get("administrative"):
+ if command.is_restricted():
really_see_also += "$(red)"
else:
really_see_also += "$(grn)"
"description", "(no short description provided)")
# administrative command names are in red, others in green
- if command.get("administrative"):
+ if command.is_restricted():
color = "red"
else:
color = "grn"
# send the accumulated output to the user
actor.send(output)
+ return True
def look(actor, parameters):
actor.send("You can't look at or in anything yet.")
else:
actor.look_at(actor.get("location"))
+ return True
def move(actor, parameters):
actor.universe.contents[actor.get("location")].portals()):
if portal.startswith(parameters):
actor.move_direction(portal)
- return(portal)
+ return portal
actor.send("You cannot go that way.")
+ return True
def preferences(actor, parameters):
'Preference "%s" cannot be set to type "%s".' % (
pref, type(value)))
actor.send(message)
+ return True
def quit(actor, parameters):
if actor.owner:
actor.owner.state = "main_utility"
actor.owner.deactivate_avatar()
+ return True
def reload(actor, parameters):
# set a flag to reload
actor.universe.reload_flag = True
+ return True
def say(actor, parameters):
# there was no message
else:
actor.send("What do you want to say?")
+ return True
def c_set(actor, parameters):
+ '". Try "show element ' +
element + '" for verification.')
actor.send(message)
+ return True
def show(actor, parameters):
(facet, str(facets[facet])))
else:
message = 'Element "' + arguments[1] + '" does not exist.'
- elif arguments[0] == "result":
- if len(arguments) < 2:
- message = "You need to specify an expression."
- else:
- try:
- # there is no other option than to use eval() for this, since
- # its purpose is to evaluate arbitrary expressions, so do what
- # we can to secure it and whitelist it for bandit analysis
- message = repr(eval( # nosec
- " ".join(arguments[1:]),
- {"mudpy": mudpy, "universe": actor.universe}))
- except Exception as e:
- message = ("$(red)Your expression raised an exception...$(eol)"
- "$(eol)$(bld)%s$(nrm)" % e)
elif arguments[0] == "log":
if len(arguments) == 4:
if re.match(r"^\d+$", arguments[3]) and int(arguments[3]) >= 0:
else:
message = '''I don't know what "''' + parameters + '" is.'
actor.send(message)
+ return True