expanded.append(key)
# return one at random
- return random.choice(expanded)
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ return random.choice(expanded) # nosec
def random_name():
name = ""
# create a name of random length from the syllables
- for _syllable in range(random.randrange(2, 6)):
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ for _syllable in range(random.randrange(2, 6)): # nosec
name += weighted_choice(syllables)
# strip any leading quotemark, capitalize and return the name
"""Reload all relevant objects."""
universe.save()
old_userlist = universe.userlist[:]
+ old_loglines = universe.loglines[:]
for element in list(universe.contents.values()):
element.destroy()
universe.load()
+ new_loglines = universe.loglines[:]
+ universe.loglines = old_loglines + new_loglines
for user in old_userlist:
user.reload()
state = universe.groups["menu"][user.state]
create_choices = state.get("create")
if create_choices:
- choices = eval(create_choices)
+ choices = call_hook_function(create_choices, (user,))
else:
choices = {}
ignores = []
options = {}
creates = {}
for facet in state.facets():
- if facet.startswith("demand_") and not eval(
- universe.groups["menu"][user.state].get(facet)
- ):
+ if facet.startswith("demand_") and not call_hook_function(
+ universe.groups["menu"][user.state].get(facet), (user,)):
ignores.append(facet.split("_", 2)[1])
elif facet.startswith("create_"):
creates[facet] = facet.split("_", 2)[1]
options[facet] = facet.split("_", 2)[1]
for facet in creates.keys():
if not creates[facet] in ignores:
- choices[creates[facet]] = eval(state.get(facet))
+ choices[creates[facet]] = call_hook_function(
+ state.get(facet), (user,))
for facet in options.keys():
if not options[facet] in ignores:
choices[options[facet]] = state.get(facet)
return ""
+def call_hook_function(fname, arglist):
+ """Safely execute named function with supplied arguments, return result."""
+
+ # all functions relative to mudpy package
+ function = mudpy
+
+ for component in fname.split("."):
+ try:
+ function = getattr(function, component)
+ except AttributeError:
+ log('Could not find mudpy.%s() for arguments "%s"'
+ % (fname, arglist), 7)
+ function = None
+ break
+ if function:
+ try:
+ return function(*arglist)
+ except Exception:
+ log('Calling mudpy.%s(%s) raised an exception...\n%s'
+ % (fname, (*arglist,), traceback.format_exc()), 7)
+
+
def handle_user_input(user):
"""The main handler, branches to a state-specific handler."""
if not user.choice:
user.choice = get_default_menu_choice(user.state)
if user.choice in user.menu_choices:
- exec(get_choice_action(user))
+ action = get_choice_action(user)
+ if action:
+ call_hook_function(action, (user,))
new_state = get_choice_branch(user)
if new_state:
user.state = new_state
command = find_command(command_name)
# if it's allowed, do it
- ran = False
+ result = None
if actor.can_run(command):
- # dereference the relative object path for the requested function
- action = mudpy
action_fname = command.get("action", command.key)
- for component in action_fname.split("."):
- try:
- action = getattr(action, component)
- ran = True
- except AttributeError:
- log('Could not find action function "%s" for command "%s"'
- % (action_fname, command_name))
- action = None
- break
- if action:
- try:
- action(actor, parameters)
- except Exception:
- log('Command string "%s" from user %s raised an '
- 'exception...\n%s' % (
- input_data, actor.owner.account.get("name"),
- traceback.format_exc()))
- mudpy.command.error(actor, input_data)
+ if action_fname:
+ result = call_hook_function(action_fname, (actor, parameters))
# if the command was not run, give an error
- if not ran:
+ if not result:
mudpy.command.error(actor, input_data)
# if no input, just idle back with a prompt