X-Git-Url: https://mudpy.org/gitweb?p=mudpy.git;a=blobdiff_plain;f=mudpy%2Fmisc.py;h=ecab4718610790367ea334c5157a8b3ec8ed9c77;hp=24443dd9a82bf035ea43197112ad8da27cd66010;hb=c4245fbcb7129049f24512f21fba727e620246dc;hpb=40fb678ab8ea5e35f06826bda8f484053dd831b1

diff --git a/mudpy/misc.py b/mudpy/misc.py
index 24443dd..ecab471 100644
--- a/mudpy/misc.py
+++ b/mudpy/misc.py
@@ -488,6 +488,7 @@ class User:
         self.address = ""
         self.authenticated = False
         self.avatar = None
+        self.choice = ""
         self.columns = 79
         self.connection = None
         self.error = ""
@@ -1217,7 +1218,9 @@ def weighted_choice(data):
             expanded.append(key)
 
     # return one at random
-    return random.choice(expanded)
+    # Whitelist the random.randrange() call in bandit since it's not used for
+    # security/cryptographic purposes
+    return random.choice(expanded)  # nosec
 
 
 def random_name():
@@ -1264,7 +1267,9 @@ def random_name():
     name = ""
 
     # create a name of random length from the syllables
-    for _syllable in range(random.randrange(2, 6)):
+    # Whitelist the random.randrange() call in bandit since it's not used for
+    # security/cryptographic purposes
+    for _syllable in range(random.randrange(2, 6)):  # nosec
         name += weighted_choice(syllables)
 
     # strip any leading quotemark, capitalize and return the name
@@ -1431,9 +1436,12 @@ def reload_data():
     """Reload all relevant objects."""
     universe.save()
     old_userlist = universe.userlist[:]
+    old_loglines = universe.loglines[:]
     for element in list(universe.contents.values()):
         element.destroy()
     universe.load()
+    new_loglines = universe.loglines[:]
+    universe.loglines = old_loglines + new_loglines
     for user in old_userlist:
         user.reload()
 
@@ -1581,19 +1589,18 @@ def get_menu_prompt(state):
 
 def get_menu_choices(user):
     """Return a dict of choice:meaning."""
-    menu = universe.groups["menu"][user.state]
-    create_choices = menu.get("create")
+    state = universe.groups["menu"][user.state]
+    create_choices = state.get("create")
     if create_choices:
-        choices = eval(create_choices)
+        choices = call_hook_function(create_choices, (user,))
     else:
         choices = {}
     ignores = []
     options = {}
     creates = {}
-    for facet in menu.facets():
-        if facet.startswith("demand_") and not eval(
-           universe.groups["menu"][user.state].get(facet)
-           ):
+    for facet in state.facets():
+        if facet.startswith("demand_") and not call_hook_function(
+                universe.groups["menu"][user.state].get(facet), (user,)):
             ignores.append(facet.split("_", 2)[1])
         elif facet.startswith("create_"):
             creates[facet] = facet.split("_", 2)[1]
@@ -1601,10 +1608,11 @@ def get_menu_choices(user):
             options[facet] = facet.split("_", 2)[1]
     for facet in creates.keys():
         if not creates[facet] in ignores:
-            choices[creates[facet]] = eval(menu.get(facet))
+            choices[creates[facet]] = call_hook_function(
+                state.get(facet), (user,))
     for facet in options.keys():
         if not options[facet] in ignores:
-            choices[options[facet]] = menu.get(facet)
+            choices[options[facet]] = state.get(facet)
     return choices
 
 
@@ -1638,12 +1646,12 @@ def get_default_branch(state):
     return universe.groups["menu"][state].get("branch")
 
 
-def get_choice_branch(user, choice):
+def get_choice_branch(user):
     """Returns the new state matching the given choice."""
     branches = get_menu_branches(user.state)
-    if choice in branches.keys():
-        return branches[choice]
-    elif choice in user.menu_choices.keys():
+    if user.choice in branches.keys():
+        return branches[user.choice]
+    elif user.choice in user.menu_choices.keys():
         return get_default_branch(user.state)
     else:
         return ""
@@ -1665,17 +1673,39 @@ def get_default_action(state):
     return universe.groups["menu"][state].get("action")
 
 
-def get_choice_action(user, choice):
+def get_choice_action(user):
     """Run any indicated script for the given choice."""
     actions = get_menu_actions(user.state)
-    if choice in actions.keys():
-        return actions[choice]
-    elif choice in user.menu_choices.keys():
+    if user.choice in actions.keys():
+        return actions[user.choice]
+    elif user.choice in user.menu_choices.keys():
         return get_default_action(user.state)
     else:
         return ""
 
 
+def call_hook_function(fname, arglist):
+    """Safely execute named function with supplied arguments, return result."""
+
+    # all functions relative to mudpy package
+    function = mudpy
+
+    for component in fname.split("."):
+        try:
+            function = getattr(function, component)
+        except AttributeError:
+            log('Could not find mudpy.%s() for arguments "%s"'
+                % (fname, arglist), 7)
+            function = None
+            break
+    if function:
+        try:
+            return function(*arglist)
+        except Exception:
+            log('Calling mudpy.%s(%s) raised an exception...\n%s'
+                % (fname, (*arglist,), traceback.format_exc()), 7)
+
+
 def handle_user_input(user):
     """The main handler, branches to a state-specific handler."""
 
@@ -1702,16 +1732,18 @@ def generic_menu_handler(user):
 
     # get a lower-case representation of the next line of input
     if user.input_queue:
-        choice = user.input_queue.pop(0)
-        if choice:
-            choice = choice.lower()
+        user.choice = user.input_queue.pop(0)
+        if user.choice:
+            user.choice = user.choice.lower()
     else:
-        choice = ""
-    if not choice:
-        choice = get_default_menu_choice(user.state)
-    if choice in user.menu_choices:
-        exec(get_choice_action(user, choice))
-        new_state = get_choice_branch(user, choice)
+        user.choice = ""
+    if not user.choice:
+        user.choice = get_default_menu_choice(user.state)
+    if user.choice in user.menu_choices:
+        action = get_choice_action(user)
+        if action:
+            call_hook_function(action, (user,))
+        new_state = get_choice_branch(user)
         if new_state:
             user.state = new_state
     else:
@@ -1886,32 +1918,14 @@ def handler_active(user):
         command = find_command(command_name)
 
         # if it's allowed, do it
-        ran = False
+        result = None
         if actor.can_run(command):
-            # dereference the relative object path for the requested function
-            action = mudpy
             action_fname = command.get("action", command.key)
-            for component in action_fname.split("."):
-                try:
-                    action = getattr(action, component)
-                    ran = True
-                except AttributeError:
-                    log('Could not find action function "%s" for command "%s"'
-                        % (action_fname, command_name))
-                    action = None
-                    break
-            if action:
-                try:
-                    action(actor, parameters)
-                except Exception:
-                    log('Command string "%s" from user %s raised an '
-                        'exception...\n%s' % (
-                            input_data, actor.owner.account.get("name"),
-                            traceback.format_exc()))
-                    mudpy.command.error(actor, input_data)
+            if action_fname:
+                result = call_hook_function(action_fname, (actor, parameters))
 
         # if the command was not run, give an error
-        if not ran:
+        if not result:
             mudpy.command.error(actor, input_data)
 
     # if no input, just idle back with a prompt