message = "You need to specify an expression."
else:
try:
- message = repr(eval(" ".join(arguments[1:])))
+ # there is no other option than to use eval() for this, since
+ # its purpose is to evaluate arbitrary expressions, so do what
+ # we can to secure it and whitelist it for bandit analysis
+ message = repr(eval( # nosec
+ " ".join(arguments[1:]),
+ {"mudpy": mudpy, "universe": actor.universe}))
except Exception as e:
message = ("$(red)Your expression raised an exception...$(eol)"
"$(eol)$(bld)%s$(nrm)" % e)