Jeremy Stanley [Wed, 7 Oct 2020 15:34:02 +0000 (15:34 +0000)]
Support Python 3.10
Update the package's trove metadata to indicate support for Python
3.10 now that 3.10.0a1 has been tagged.
Jeremy Stanley [Wed, 7 Oct 2020 15:27:33 +0000 (15:27 +0000)]
Don't fail dist or docs builds on deprecations
The current deprecation issues in dependencies raise warnings for
the dist and docs tox environments when run with Python 3.9 as the
default python3 interpreter. Use the same exclusions in the base
testenv definition for them now, until the maintainers of those
dependencies release updates.
Jeremy Stanley [Sat, 3 Oct 2020 20:16:02 +0000 (20:16 +0000)]
Replace show result with debug evaluate command
The show result subcommand was quite unsafe. Even though it limited
the globals for strings passed to the env() builtin, it was still
possible for admins to do things like call the exec() builtin and
then import other modules, or use open() to overwrite files
writeable by the user under which the engine was running.
Introduce a new evaluate command as a substitute and remove the show
result subcommand. Use the debugging framework to limit access to
evaluate so that it's only available if debug mode is enabled in the
configuration at the time the daemon is started. Further limit
evaluate to not have most of the normal builtins, and explicitly
reject any strings containing a double-underscore (__) so that base
attributes of other modules such as __builtins__ can't be called
into easily, or "lambda" so that lambda functions can't be used to
work around protections. Also add some selftests to make sure
evaluate can still use the expressions we previously tested with
show result, and that only administrators can use it, and that it's
only available to them when debug mode is enabled.
The evaluate command is still to be considered quite unsafe, and
debug mode should only be engaged when all administrators with
access to the service are trusted with the same permissions the
system account running the service also possesses.
Jeremy Stanley [Sat, 3 Oct 2020 19:04:58 +0000 (19:04 +0000)]
Run different selftests when debug mode is engaged
Add two skiplist tuples to the selftest framework, one for tests to
remove when debug mode is on, another for tests to remove when debug
mode is off. This is not used yet, so the tuples are initially
empty. Also enable debug mode in the daemon config fixture so that
debug functionality can be tested in the normal selftest run. The
default example config (tested with tox -e selftest_config) covers
the debug disabled case.
Jeremy Stanley [Sun, 4 Oct 2020 15:11:58 +0000 (15:11 +0000)]
Add warnings about debugging mode
Debugging mode is intended to enable administrative commands which
are especially unsafe and could even be used to run arbitrary shell
commands or alter files accessible to the user under which the
service runs. Log a warning about it at startup if the option has
been set, and insert some comments to that effect in the sample
configuration so that hopefully no one will turn it on without due
forethought. Also add a mention about its risks in the config doc.
Jeremy Stanley [Sat, 3 Oct 2020 18:09:10 +0000 (18:09 +0000)]
Add restricted debug mode
Create a new configuration flag, .mudpy.limit.debug, which indicates
unsafe debugging options will be available in the running engine.
This is unused, but lays the groundwork for future unsafe commands
to be toggled at start in base configuration.
Jeremy Stanley [Sat, 3 Oct 2020 17:45:47 +0000 (17:45 +0000)]
Make selftest dialogue mutable
In order to support future selectivity of test sets, replace the
immutable tuple of all tests with a dict keyed by test object.
Iterate over a copy of it so that the original is not altered when
tests are eventually removed during runtime. For Python 3.5 and
earlier, use OrderedDict so that test order is explicitly preserved.
Jeremy Stanley [Sat, 3 Oct 2020 17:32:56 +0000 (17:32 +0000)]
Skip spellcheck on logfiles
Add any filenames ending with .log to the skiplist for codespell
testing.
Jeremy Stanley [Fri, 2 Oct 2020 19:59:45 +0000 (19:59 +0000)]
Add is_restricted boolean check for commands
In preparation for adding additional command restriction indicators,
add a simple Element class method to return whether a command
element is flagged as administrative.
Jeremy Stanley [Wed, 30 Sep 2020 19:57:13 +0000 (19:57 +0000)]
Add is_admin method to Element and User classes
For clarity and convenience, create an is_admin() boolean check for
whether a User's account or an actor Element's owner's account is
flagged as an administrator. Put them to use in places where the
administrator facet was previously checked directly. This allows us
to do a little additional safety checking to avoid hitting corner
cases where we try to check some object which may or may not have an
owner.
Jeremy Stanley [Wed, 30 Sep 2020 18:07:46 +0000 (18:07 +0000)]
Streamline can_run access control method
Minor rework of can_run() to replace the chain of elifs with simple
short-circuiting conditions each with its own return() so that it's
clearer this operates in a "first match" model.
Jeremy Stanley [Sat, 19 Sep 2020 14:34:43 +0000 (14:34 +0000)]
Check for warnings in the to dist env
Some deprecated Setuptools operations were removed in a recent PBR
release, allowing us to now build sdist and wheel artifacts with
warnings as errors. There are still a couple more outstanding
deprecation fixes needed for other envs, so update the comment in
tox.ini accordingly.
Jeremy Stanley [Sat, 19 Sep 2020 14:32:11 +0000 (14:32 +0000)]
Explicitly close files opened by selftest
Newer Python interpreters emit a warning during cleanup if open
files are not closed prior to termination. Our selftest opens the
pidfile for reading in a couple of places, as well as logfiles to
capture stdout/stderr. Open them in context blocks so they will be
closed on return rather than remaining open until the process ends.
Jeremy Stanley [Sat, 19 Sep 2020 14:29:59 +0000 (14:29 +0000)]
Handle early wrapping in test_show_result
When showing a Python module object, the included file path can
easily be long enough to wrap to the next line. Allow for line
breaks immediately before it in the test_show_result test where it
sometimes surfaces.
Jeremy Stanley [Sat, 19 Sep 2020 14:28:11 +0000 (14:28 +0000)]
Drop redundant master_doc setting from Sphinx conf
The master_doc option to Sphinx already defaults to looking for a
document named "index" so it's unnecessary to set explicitly in our
case. Clean it up.
Jeremy Stanley [Wed, 16 Sep 2020 22:38:28 +0000 (22:38 +0000)]
Switch tox to use allowlist_externals
The whitelist_externals option in tox in deprecated in favor of
allowlist_externals. Update this and also bump our tox minversion to
the earliest version which supports this new syntax. While we're at
it, update a few code comments about bandit "nosec" exceptions to
refer to allowing instead of whitelisting.
Jeremy Stanley [Wed, 16 Sep 2020 22:24:02 +0000 (22:24 +0000)]
Start checking codebase with the codespell tool
Use master branch tip of codespell for now, until it supports
configuration in the included .codespellrc in a released version.
Also correct things its default dictionary selection identified as
misspellings, with the exception of intentional misspellings in the
sample spelling correction config and selftest which exercises it.
Jeremy Stanley [Sun, 23 Aug 2020 21:38:37 +0000 (21:38 +0000)]
Revert "No longer run setup.py in docs builds"
Turns out, PBR won't generate the ChangeLog without an explicit
install/build after all, or at least not in the way which tox is
handling it. This slipped through testing due to not running in a
clean tree.
This reverts commit
70381626690da47866363ef51ef8a37a4831dffa.
Jeremy Stanley [Sun, 23 Aug 2020 21:14:43 +0000 (21:14 +0000)]
Ratchet down Python warnings in tox
Where possible, have tox envs treat any Python warning as an error.
This is not currently possible for any envs which invoke certain PBR
functionality, since it has a couple of outstanding fixes under
review to make it cease calling into deprecated code on newer Python
releases. Eventually this should be set in the global testenv when
possible, and only rolled back in case of dependency regressions or
new errors introduced by future interpreter versions.
Jeremy Stanley [Wed, 12 Aug 2020 09:56:24 +0000 (09:56 +0000)]
No longer run setup.py in docs builds
Since we don't skip sdist generation for our documentation builds in
tox, the separate setup.py install step is unnecessary as PBR will
already generate a current ChangeLog when the sdist is built.
Jeremy Stanley [Mon, 3 Aug 2020 10:35:10 +0000 (10:35 +0000)]
Set python_requires
Newer versions of pip will check PyPI for python_requires metadata,
helping to determine prior to package download if the local version
of the interpreter is sufficiently new to support a given package
version. Set ours to >= 3.5 for now. This should be increased any
time support for an old interpreter release is dropped from the list
in our trove classifiers.
Jeremy Stanley [Tue, 7 Jul 2020 10:50:19 +0000 (10:50 +0000)]
Correct package metadata
Use the more correct metadata fields recognized by
Setuptools/distutils rather in lieu of some used only by PBR.
Jeremy Stanley [Tue, 2 Jun 2020 23:12:45 +0000 (23:12 +0000)]
Report if service does not start under selftest
Output a useful error and stop the selftest script immediately if
the service it tries to start does not actually start, to make
debugging some classes of errors slightly faster.
Jeremy Stanley [Sat, 23 May 2020 20:11:18 +0000 (20:11 +0000)]
Prefer importlib over pkg_resources
Since Setuptools pkg_resources library is effectively deprecated in
newer releases, try to use the equivalent importlib.metadata
features and exceptions when they're available.
Jeremy Stanley [Wed, 22 Apr 2020 19:54:54 +0000 (19:54 +0000)]
Record the reported rows from NAWS negotiation
In preparation for future pagination support, get the rows included
in NAWS responses and record that as an integer in the User.rows
attribute, similar to the existing User.columns value used for line
wrapping.
Jeremy Stanley [Sun, 12 Apr 2020 20:17:57 +0000 (20:17 +0000)]
Obtain terminal type (RFC 1091)
Implement rudimentary support for determining the terminal type
reported by RFC 1091 TTYPE compatible clients, and store any initial
value returned in the User.ttype attribute. This implementation does
not iterate over SEND TTYPE commands until UNKNOWN is returned, it
only takes the first value returned and assumes this is the default
terminal type for the user's current connection.
Jeremy Stanley [Sat, 21 Mar 2020 03:25:14 +0000 (03:25 +0000)]
Overhaul coder guide, add commands and misc
Brush up the quality of the coder guide, using relevant autodoc
references and clearer markup, as well as improving some wording.
Add a section on custom commands, and another for miscellaneous
design discussions taken from various recent E-mail threads.
Jeremy Stanley [Fri, 7 Feb 2020 08:12:17 +0000 (08:12 +0000)]
Start the install guide
Create a stub document with some installation and configuration
tips, to be expanded into something more useful over time.
Jeremy Stanley [Sun, 12 Jan 2020 08:04:54 +0000 (08:04 +0000)]
Add the beginnings of an admin guide
Some initial prose to seed the admin guide, taken from various
E-mails to users in recent months.
Jeremy Stanley [Wed, 8 Jan 2020 23:29:54 +0000 (23:29 +0000)]
Collapse redundant exceptions
In User.enqueue_input() combine a redundant match on BlockingIOError
and OSError since the former is a subclass of the latter. This was
caught by the B014 check introduced in flake8-bugbear 20.1.1.
Jeremy Stanley [Tue, 7 Jan 2020 00:45:35 +0000 (00:45 +0000)]
Indicate support for Python 3.9
Python 3.9 is well into its second alpha, is a recognized trove
classifier on PyPI, and all mudpy changes are being successfully
tested against it. Add the classifier to our package metadata to
reflect this.
Jeremy Stanley [Tue, 7 Jan 2020 00:43:14 +0000 (00:43 +0000)]
Link the ChangeLog from package metadata
Users of PyPI are going to want to know where to find the ChangeLog
without going to the project homepage/docs and hunting around. Add a
flexible redirect URL for it so we can move it easily later.
Jeremy Stanley [Tue, 7 Jan 2020 00:38:14 +0000 (00:38 +0000)]
Drop section numbering from documentation builds
Sphinx section numbering leads to confusing output, particularly for
the rendered ChangeLog. Remove it.
Update copyright year in the LICENSE as this is the first change of
the new year, and similarly update it in rendered documentation
footers as this is the first documentation change of the year.
Jeremy Stanley [Mon, 30 Dec 2019 17:52:01 +0000 (17:52 +0000)]
Make sure all command functions return True
Because recent adjustments to handler_active() rely on the
call_handler_function() return value to determine whether something
went wrong, we need command functions to return something which
evaluates boolean True if they ran to completion and didn't raise an
exception. Just return True from all of them for now, but they may
see more dynamic result handling in the future.
Jeremy Stanley [Mon, 30 Dec 2019 15:41:34 +0000 (15:41 +0000)]
Increase timer resolution in test config
Significantly speed up the timer in the test config (by a factor of
1000). On fast machines with cached tox envs, this results in an
order of magnitude improvement in test runtime. Related timer values
are lengthened to avoid test failures due to timeouts, and some
others are shortened for consistency.
This is obviously not suitable for normal operation, so the sample
configuration remains untouched and thus the tox selftest_config
testenv does not benefit from it.
Jeremy Stanley [Mon, 30 Dec 2019 15:18:52 +0000 (15:18 +0000)]
Use call_hook_function() in handler_active()
Simplify mudpy.misc.handler_active() by making it a wrapper around
the more general mudpy.misc.call_hook_function() which was
originally derived from it.
Jeremy Stanley [Mon, 30 Dec 2019 01:49:32 +0000 (01:49 +0000)]
Preserve loglines on reload
When a reload occurs, prepend the new universe's loglines with those
from the old universe so they are not lost. This may temporarily
bloat the loglines list slightly over the limit, but it will be
adjusted downward the next time anything new gets logged. Also
adjust the `show log` selftests to handle linewraps in a new place
when the total loglines count is higher.
Jeremy Stanley [Sun, 29 Dec 2019 14:25:17 +0000 (14:25 +0000)]
Set bandit to error on risks of any severity
Now that the last of the low-level risks has been reviewed and
whitelisted, remove the severity filter from the bandit command so
that incorporation of any unexpected risks it can spot will be
blocked for future commits.
Jeremy Stanley [Sun, 29 Dec 2019 14:19:57 +0000 (14:19 +0000)]
Whitelist uses of stdlib random module for bandit
There are currently two uses of random.randrange() and one of
random.choice() for non-security/non-crypto purposes. Mark them as
whitelisted for bandit checks and add comments explaining why.
Jeremy Stanley [Sun, 29 Dec 2019 12:31:36 +0000 (12:31 +0000)]
Clean up function names in menu definitions
Now that the functions called from menus are filtered and resolved
safely rather than being directly executed, the explicit mudpy
package name and the user parameter passing are no longer necessary.
Remove them from the function names in menu definitions and also
drop the old compatibility code which trims them.
Jeremy Stanley [Sun, 29 Dec 2019 12:23:44 +0000 (12:23 +0000)]
Ratchet bandit checking down to medium severity
Now that the last of the medium-severity risks have been eliminated,
adjust the bandit command line so that it will prevent addition of
any new instances.
Jeremy Stanley [Sat, 28 Dec 2019 21:01:32 +0000 (21:01 +0000)]
Replace eval() and exec() use for menu functions
Add a new misc.call_hook_function() routine based on the existing
command execution in misc.handler_active() to eliminate all use of
eval() and exec() built-ins in menu operations.
Jeremy Stanley [Thu, 26 Dec 2019 02:45:25 +0000 (02:45 +0000)]
Relocate main_utility menu functions
Move the action and demand logic for the main_utility state from
their respective facets to the menu module, hiding them behind
consistently-named entry points.
Jeremy Stanley [Wed, 25 Dec 2019 22:49:48 +0000 (22:49 +0000)]
Relocate delete_avatar menu functions
Move the action and create logic for the delete_avatar state from
their respective facets to the menu module, hiding them behind
consistently-named entry points.
Jeremy Stanley [Wed, 25 Dec 2019 22:23:08 +0000 (22:23 +0000)]
Relocate delete_account menu function
Move the action logic for the delete_account state from its
corresponding facet to the menu module, hiding it behind a
consistently-named entry point.
Jeremy Stanley [Wed, 25 Dec 2019 22:13:16 +0000 (22:13 +0000)]
Relocate choose_name menu functions
Move the action and create logic for the choose_name state from
their respective facets to the menu module, hiding them behind
consistently-named entry points.
Jeremy Stanley [Wed, 25 Dec 2019 21:52:02 +0000 (21:52 +0000)]
Relocate choose_gender menu function
Move the action logic for the choose_gender state from its
corresponding facet to the menu module, hiding it behind a
consistently-named entry point.
Jeremy Stanley [Wed, 25 Dec 2019 21:45:45 +0000 (21:45 +0000)]
Relocate checking_new_account_name menu functions
Move the action logic for the checking_new_account_name state from
its respective facets to the menu module, hiding them behind
consistently-named entry points.
Jeremy Stanley [Wed, 25 Dec 2019 20:02:41 +0000 (20:02 +0000)]
Relocate activate_avatar menu functions
Move the action and create logic for the activate_avatar state from
their respective facets to the menu module, hiding them behind
consistently-named entry points.
Jeremy Stanley [Tue, 24 Dec 2019 22:55:01 +0000 (22:55 +0000)]
Add a mudpy.menu module to hold menu functions
In preparation for relocating arbitrary Python expressions out of
the standard menu elements, provide a stub mudpy.menu module which
will house equivalent convenience functions and include an autodoc
section for it in the Sphinx API documentation template.
Jeremy Stanley [Wed, 25 Dec 2019 21:24:06 +0000 (21:24 +0000)]
Move selected menu item into the User object
In order to simplify menu handlers, move the active choice into an
attribute of the User class so that only one object needs to be
handed off, and update menus accordingly.
Jeremy Stanley [Wed, 25 Dec 2019 13:12:43 +0000 (13:12 +0000)]
Rename state variable in get_menu_choices()
Avoid shadowing the new menu module in misc.get_menu_choices() by
renaming its menu variable to state, which is also more consistent
with other menu-related functions.
Jeremy Stanley [Tue, 24 Dec 2019 22:37:18 +0000 (22:37 +0000)]
Remove exec() from handle_user_input() function
Stop passing the constructed handler function name into an exec()
and instead reference it from the globals() dict.
Jeremy Stanley [Tue, 24 Dec 2019 22:23:32 +0000 (22:23 +0000)]
Eliminate exec() in Universe.new()
Replace questionable exec call in the new() method of the Universe
class with cleaner getattr/setattr equivalents.
Jeremy Stanley [Thu, 26 Dec 2019 01:57:24 +0000 (01:57 +0000)]
More thoroughly test account and avatar menus
Split up the teardown "test" into separate tests for avatar and
account deletion. Avatar deletion was previously not being exercised
correctly, instead avatar deletion aborting was what was actually
being tested. Add separate tests that the avatar and account
deletion default actions are to abort. Also add a test of the avatar
creation limit.
Jeremy Stanley [Wed, 25 Dec 2019 23:04:20 +0000 (23:04 +0000)]
Properly escape punctuation in test patterns
Make sure all literal question marks (?) and periods (.) in selftest
match patterns are backslash-escaped in raw strings.
Jeremy Stanley [Tue, 24 Dec 2019 21:33:37 +0000 (21:33 +0000)]
Tighten up eval() scope in show result subcommand
In order to slightly reduce risk but mostly to increase convenience
with the `show result` administrative subcommand, replace its eval()
invocation's globals with just the mudpy module namespace and the
actor's universe pointer as "universe" (this way exploratory
expressions don't need to do things relative to actor.universe all
the time). Extend the selftest to confirm these are present and that
any attempts to access other globals and locals within the
command.show() function's scope raise an exception.
Whitelist this intentional use of eval() for bandit analysis.
Jeremy Stanley [Sun, 22 Dec 2019 20:48:12 +0000 (20:48 +0000)]
Replace uses of exec() in module loader
Improve the module loader to avoid the more dangerous exec()
function in favor of smarter use of importlib. This allows us to
drop some flake8 whitelisting. Also switch out the hard-coded module
list (which missed addition of the daemon module) with a more
dynamic routine on Python 3.7 and later, which will use all *.py
files in the top level of the package so none are forgotten in the
future. Keep a hard-coded fallback list for support of earlier
Python versions, but compare the two so this list is guaranteed
complete for as long as it is maintained.
Jeremy Stanley [Tue, 12 Nov 2019 15:25:59 +0000 (15:25 +0000)]
Use generic authors for copyright shown in docs
Adjust the copyright holder listed in the Sphinx-built documentation
to match the more general "mudpy authors" used in copyright headers
for files.
Jeremy Stanley [Thu, 17 Oct 2019 07:21:36 +0000 (07:21 +0000)]
Update copyright for files edited in 2019
These files missed a copyright year bump when they were edited.
Jeremy Stanley [Wed, 16 Oct 2019 11:11:43 +0000 (11:11 +0000)]
Satisfy yamllint checking of .yamllint
The 1.18.0 release of yamllint has started linting its .yamllint
config file by default. Add a document marker at the top of the file
so that it will pass document-start rule.
Jeremy Stanley [Fri, 27 Sep 2019 16:26:54 +0000 (16:26 +0000)]
Log User object ID even when account is an admin
Adjust authentication logging to consistently record the User object
instance ID regardless of, and separately from, whether the account
which authenticated is an administrator.
Jeremy Stanley [Sun, 1 Sep 2019 21:35:00 +0000 (21:35 +0000)]
Log starting directory during initialization
Update the initialization logging to also include the starting
directory, since some of the startup routines form their file paths
relative to it.
Jeremy Stanley [Sat, 24 Aug 2019 19:32:33 +0000 (19:32 +0000)]
Separate listening port in startup logging
Using a port separator of ":" is vague in combination with IPv6
addresses, so separate the listening port number more clearly in the
startup log message.
Jeremy Stanley [Wed, 10 Jul 2019 17:18:53 +0000 (17:18 +0000)]
Disable usedevelop for some tox testenvs
Tox's usedevelop option implicitly installs the project and its
dependencies, and is enabled in the base testenv. Disable it in
testenvs which don't make use of the installed project, but add the
project dependencies to the docs testenv since it needs them to be
able to generate the API docs. This results in a fairly substantial
speedup of >10% for a full `tox` invocation.
Jeremy Stanley [Sun, 7 Jul 2019 11:36:22 +0000 (11:36 +0000)]
Correct reference to main config in walk-through
The main sample configuration is mudpy.yaml, not mudpy.conf.
Jeremy Stanley [Sun, 7 Jul 2019 03:06:15 +0000 (03:06 +0000)]
Add info on what's missing and included
To properly set expectations, update the README file with
information on the current state of development, what's done so far
and what's not yet.
Jeremy Stanley [Sun, 7 Jul 2019 01:49:28 +0000 (01:49 +0000)]
Add a demo walk-through to the coder guide
Include an example of a simple development environment setup,
explaining how to start the server using the provided sample
configuration and then interact with it using a console-based MUD
client.
Jeremy Stanley [Sun, 7 Jul 2019 01:45:47 +0000 (01:45 +0000)]
Recommend the tox-venv plug-in
In the coder guide, include a suggestion for tox-venv (a tox plug-in
which makes tox use the venv module from the Python 3 standard
library in place of the separate virtualenv package).
Jeremy Stanley [Sun, 7 Jul 2019 01:42:20 +0000 (01:42 +0000)]
Link API documentation in the coder guide
In the API section of the coder guide, add a cross-link to the API
documentation for the package and modules.
Jeremy Stanley [Sat, 6 Jul 2019 22:13:00 +0000 (22:13 +0000)]
Drop Python 3.4 and add 3.8
Python 3.4 reached end-of-life status nearly 4 months ago with the
release of 3.4.10 on 2019-03-18, so stop asserting we test new
commits against it (truth be told, it was already hard to build on
modern distros with newer libssl anyway).
Python 3.8 has been in beta for over a month already, and 3.8.0b2
was tagged earlier this week. New commits have been tested against
3.8 alpha and beta builds for a while, so add it to the list of
trove classifiers.
Update the README file to stop mentioning minimum Python 3 versions,
so that it won't need further updates as older interpreters age out.
Jeremy Stanley [Mon, 10 Jun 2019 22:49:15 +0000 (22:49 +0000)]
Update minimum PBR for setup_requires
Some of the recently-added Python package metadata (particularly
project_urls and description-content-type) need newer PBR where that
support was added. PBR 5.0.0 is the oldest version with the
particular features we're using, so update the lower bound for it
accordingly.
Jeremy Stanley [Mon, 13 May 2019 20:26:09 +0000 (20:26 +0000)]
Improve preferences display
When displaying preferences, color-code the base and admin
preferences similar to command help. Also show a placeholder when
there is no existing value set for a preference. Add a hyphen
separator between preference names and values. Update tests to
accommodate the new formatting, and while we're there add a test to
make sure non-admins can't set values for admin-only preferences.
Jeremy Stanley [Mon, 13 May 2019 19:28:30 +0000 (19:28 +0000)]
Support abbreviating portal names when moving
Allow users to abbreviate portal names provided to the move command
for convenience.
Jeremy Stanley [Mon, 13 May 2019 19:23:51 +0000 (19:23 +0000)]
Provide normal error if command raises exception
If a attempting to execute a user-supplied command results in a
Python exception, return the normal error message string to the user
(in addition to logging the exception and traceback). This way,
normal users won't see any difference between unknown/invalid
commands and broken ones.
Jeremy Stanley [Mon, 13 May 2019 19:22:24 +0000 (19:22 +0000)]
Safely log when a command error cannot be sent
If a command triggers an error back to the user and sending that
error raises an exception, log it and continue to avoid crashing the
engine.
Jeremy Stanley [Mon, 13 May 2019 03:30:53 +0000 (03:30 +0000)]
Correct data type for see_also command facets
Make the see_also facets of the chat and say commands list items as
they were originally intended to be, and test that they get
displayed.
Jeremy Stanley [Mon, 13 May 2019 03:06:42 +0000 (03:06 +0000)]
Show possible abbreviations in help list
When listing available commands via the help command, show which
parts of a given command word are optional to type. Also test it.
Jeremy Stanley [Mon, 13 May 2019 02:24:59 +0000 (02:24 +0000)]
Correct logged error for missing action function
When logging an error for a missing command action function,
correctly include the function name. Also go ahead and add the
action name sought for improved clarity.
Jeremy Stanley [Sun, 12 May 2019 13:22:42 +0000 (13:22 +0000)]
Make command actions implicit
If an action is not listed for a command, assume the action function
is named the same as the command itself.
Jeremy Stanley [Sat, 11 May 2019 13:24:02 +0000 (13:24 +0000)]
Dereference command action functions
Replace the use of Python expressions for command actions with
simple names of functions relative to the mudpy package namespace.
This removes an unsafe use of exec(). Also start catching all
exceptions raised by the execution of a command and simply logging
them rather than allowing them to crash the engine.
Jeremy Stanley [Sat, 11 May 2019 13:20:55 +0000 (13:20 +0000)]
Test the show result command
Add self test coverage for the show result administrative command,
both with a working expression and one which raises an exception.
Jeremy Stanley [Sat, 11 May 2019 13:18:04 +0000 (13:18 +0000)]
Correct a TypeError in the show time command
Add missing type conversion in the output of the show time
administrative command, and include a regression test so we assure
it continues to work.
Jeremy Stanley [Thu, 9 May 2019 21:06:35 +0000 (21:06 +0000)]
Always pass parameters in commands
When calling a command handler, pass a parameters object regardless
of whether the command actually needs one. This normalizes the
interface between command actions and their corresponding handler
functions so they can be called through a generic interface in the
future.
Jeremy Stanley [Thu, 9 May 2019 20:19:50 +0000 (20:19 +0000)]
Don't allow abbreviating administrative commands
If a command is flagged as administrative, don't match substring
abbreviations for it. For example, an admin entering "h" should get
the help summary, not halt the engine.
Jeremy Stanley [Thu, 9 May 2019 20:18:13 +0000 (20:18 +0000)]
Show full command name in help output
When help is requested on an abbreviated command, include the full
name (rather than the provided abbreviation) in the synopsis.
Jeremy Stanley [Mon, 6 May 2019 19:00:13 +0000 (19:00 +0000)]
Implicitly support abbreviating commands
Match entered commands against initial substrings of a sorted list
of command keywords, effectively supporting abbreviated commands.
Also test it works.
Jeremy Stanley [Sun, 5 May 2019 21:07:26 +0000 (21:07 +0000)]
Allow including time in the active state prompt
Occurrences of $(time) in the user's prompt string will be replaced
by the current World clock increment when displayed. Also test this
works as intended.
Jeremy Stanley [Sun, 5 May 2019 20:37:43 +0000 (20:37 +0000)]
Escape replacement macros in preferences
Don't let users inject replacement macros into their preferences,
just escape them so they're harmless. Also adjust the preferences
tests to include macros so this safety measure does not regress.
Jeremy Stanley [Sun, 5 May 2019 20:36:17 +0000 (20:36 +0000)]
Test that macros are escaped in communication
We explicitly escape replacement macros in user input for
communication commands (say, ask, et cetera). Test to make sure this
safety measure does not regress.
Jeremy Stanley [Sun, 5 May 2019 16:44:10 +0000 (16:44 +0000)]
Use the active state prompt as the default prompt
In order to stop hard-coding the default prompt string into the
prompt method, use the prompt string associated with the active
state to provide it. This is intuitive and allows it to be more
easily overridden if desired.
Jeremy Stanley [Sun, 5 May 2019 16:20:48 +0000 (16:20 +0000)]
Add a prompt generator method
Move the retrieval and assembly of the prompt string fragment for
active state users into its own method, paving the way for more
dynamic and extensible prompts.
Jeremy Stanley [Sun, 5 May 2019 15:26:10 +0000 (15:26 +0000)]
Fix selftest telopt callback for Python 3.4
Python 3.4 is unable to handle formatted bytestrings. Replace two
occurrences in the Telnet option callback handler in the selftest
script to use concatenation operators instead.
Jeremy Stanley [Sat, 27 Apr 2019 19:13:58 +0000 (19:13 +0000)]
Use ISO 8601 time in logs
For ease of readability, switch log timestamps from traditional
"asctime" format to ISO 8601 date and time.
Jeremy Stanley [Sat, 27 Apr 2019 16:14:45 +0000 (16:14 +0000)]
Test for high-severity vulnerabilities with bandit
Use the bandit analyzer to check non-test-related Python source code
for potential vulnerabilities. To start, only error on matches with
severity "high" (we can ratchet it down later as lower-severity
items are addressed).
Jeremy Stanley [Sat, 30 Mar 2019 19:09:01 +0000 (19:09 +0000)]
Test with the bugbear plugin for flake8
Add the bugbear plugin to the flake8 tox testenv, and mark as
private a couple of loop control variables it identified (B007).
Jeremy Stanley [Sun, 3 Feb 2019 00:28:23 +0000 (00:28 +0000)]
Fix comparisons for pyflakes 2.1
The latest release of flake8 updates to pyflakes 2.1, and with that
comes an expectation that typical variable equality comparisons
should avoid the use of "is" and "is not" for safety. Adjust a
couple places we previously ran afoul of the new F632 check.
Jeremy Stanley [Sun, 3 Feb 2019 00:07:36 +0000 (00:07 +0000)]
Safely log unknown Telnet options and commands
During Telnet negotiation, log unknown options by numeric value if
there is no listed name for them. Do the same for unknown Telnet
commands, though in reality this should never happen as they get
filtered by the existing implementation. Add regression testing to
make certain the crash bug which this fixes doesn't recur.
Jeremy Stanley [Sun, 27 Jan 2019 19:25:19 +0000 (19:25 +0000)]
Be explicit about test requirements in tox.ini
Only a couple of the testenvs listed in tox.ini actually made use of
the packages claimed as general test dependencies inherited by all
testenvs. Move these to their corresponding declarations and drop
the old test-requirements.txt file.
Jeremy Stanley [Sun, 27 Jan 2019 19:14:04 +0000 (19:14 +0000)]
Switch to passlib.PasswordHash.hash
Starting with passlib 1.7 the PasswordHash.encrypt() method has been
renamed to PasswordHash.hash() for clarity, and the old name
deprecated. Use the new name and update our minimum passlib
dependency version accordingly.