Whitelist uses of stdlib random module for bandit

[mudpy.git] / mudpy / misc.py

diff --git a/mudpy/misc.py b/mudpy/misc.py
index 2cd7992..5beb3b6 100644 (file)
--- a/mudpy/misc.py
+++ b/mudpy/misc.py
@@ -1218,7 +1218,9 @@ def weighted_choice(data):
             expanded.append(key)
 
     # return one at random
-    return random.choice(expanded)
+    # Whitelist the random.randrange() call in bandit since it's not used for
+    # security/cryptographic purposes
+    return random.choice(expanded)  # nosec
 
 
 def random_name():
@@ -1265,7 +1267,9 @@ def random_name():
     name = ""
 
     # create a name of random length from the syllables
-    for _syllable in range(random.randrange(2, 6)):
+    # Whitelist the random.randrange() call in bandit since it's not used for
+    # security/cryptographic purposes
+    for _syllable in range(random.randrange(2, 6)):  # nosec
         name += weighted_choice(syllables)
 
     # strip any leading quotemark, capitalize and return the name
@@ -1680,13 +1684,6 @@ def get_choice_action(user):
 def call_hook_function(fname, arglist):
     """Safely execute named function with supplied arguments, return result."""
 
-    # strip any explicit leader or parameter
-    # TODO(fungi) remove this once the menu functions transition is complete
-    if fname.startswith("mudpy."):
-        fname = fname[6:]
-    if fname.endswith("(user)"):
-        fname = fname[:-6]
-
     # all functions relative to mudpy package
     function = mudpy