From: Jeremy Stanley <fungi@yuggoth.org>
Date: Tue, 24 Dec 2019 21:33:37 +0000 (+0000)
Subject: Tighten up eval() scope in show result subcommand
X-Git-Tag: 0.1.0~22
X-Git-Url: https://mudpy.org/gitweb?a=commitdiff_plain;h=13ad9d33469c0ad12d0de34744cb30cc00bdba32;hp=13ad9d33469c0ad12d0de34744cb30cc00bdba32;p=mudpy.git

Tighten up eval() scope in show result subcommand

In order to slightly reduce risk but mostly to increase convenience
with the `show result` administrative subcommand, replace its eval()
invocation's globals with just the mudpy module namespace and the
actor's universe pointer as "universe" (this way exploratory
expressions don't need to do things relative to actor.universe all
the time). Extend the selftest to confirm these are present and that
any attempts to access other globals and locals within the
command.show() function's scope raise an exception.

Whitelist this intentional use of eval() for bandit analysis.
---