import random
import re
+import traceback
import unicodedata
import mudpy
"""Generic error for an unrecognized command word."""
# 90% of the time use a generic error
- if random.randrange(10):
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ if random.randrange(10): # nosec
message = '''I'm not sure what "''' + input_data + '''" means...'''
# 10% of the time use the classic diku error
else:
message = "Arglebargle, glop-glyf!?!"
- # send the error message
- actor.send(message)
+ # try to send the error message, and log if we can't
+ try:
+ actor.send(message)
+ except Exception:
+ mudpy.misc.log(
+ 'Sending a command error to user %s raised exception...\n%s' % (
+ actor.owner.account.get("name"), traceback.format_exc()))
def halt(actor, parameters):
def move(actor, parameters):
"""Move the avatar in a given direction."""
- if parameters in actor.universe.contents[actor.get("location")].portals():
- actor.move_direction(parameters)
- else:
- actor.send("You cannot go that way.")
+ for portal in sorted(
+ actor.universe.contents[actor.get("location")].portals()):
+ if portal.startswith(parameters):
+ actor.move_direction(portal)
+ return(portal)
+ actor.send("You cannot go that way.")
def preferences(actor, parameters):
message = ""
arguments = parameters.split()
allowed_prefs = set()
+ base_prefs = []
user_config = actor.universe.contents.get("mudpy.user")
if user_config:
- allowed_prefs.update(user_config.get("pref_allow", []))
+ base_prefs = user_config.get("pref_allow", [])
+ allowed_prefs.update(base_prefs)
if actor.owner.account.get("administrator"):
allowed_prefs.update(user_config.get("pref_admin", []))
if not arguments:
message += "These are your current preferences:"
- for pref in allowed_prefs:
- message += ("$(eol) $(red)%s $(grn)%s$(nrm)"
- % (pref, actor.owner.account.get(pref)))
+
+ # color-code base and admin prefs
+ for pref in sorted(allowed_prefs):
+ if pref in base_prefs:
+ color = "grn"
+ else:
+ color = "red"
+ message += ("$(eol) $(%s)%s$(nrm) - %s" % (
+ color, pref, actor.owner.account.get(pref, "<not set>")))
+
elif arguments[0] not in allowed_prefs:
message += (
'Preference "%s" does not exist. Try the `preferences` command by '
"itself for a list of valid preferences." % arguments[0])
elif len(arguments) == 1:
- message += "%s" % actor.owner.account.get(arguments[0])
+ message += "%s" % actor.owner.account.get(arguments[0], "<not set>")
else:
pref = arguments[0]
value = " ".join(arguments[1:])
message = "You need to specify an expression."
else:
try:
- message = repr(eval(" ".join(arguments[1:])))
+ # there is no other option than to use eval() for this, since
+ # its purpose is to evaluate arbitrary expressions, so do what
+ # we can to secure it and whitelist it for bandit analysis
+ message = repr(eval( # nosec
+ " ".join(arguments[1:]),
+ {"mudpy": mudpy, "universe": actor.universe}))
except Exception as e:
message = ("$(red)Your expression raised an exception...$(eol)"
"$(eol)$(bld)%s$(nrm)" % e)
projects / mudpy.git / blobdiff