From 06d1068372f462904a718ffbbe38d9603e71873a Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 31 Jul 2017 15:14:08 +0000 Subject: [PATCH] Error if set command is used on read-only element It is possible for an admin to accidentally attempt to set a facet on an element from a read-only file. If this happens, trap the PermissionError exception and return a clear error message to the user instead of crashing the service. Also add a regression test to make sure this continues to work as intended, since preventing alteration of read-only elements is a critical security measure we need to make certain we preserve going forward. --- mudpy/misc.py | 5 +++++ mudpy/tests/selftest.py | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/mudpy/misc.py b/mudpy/misc.py index 157096c..b0b7290 100644 --- a/mudpy/misc.py +++ b/mudpy/misc.py @@ -2294,6 +2294,11 @@ def command_set(actor, parameters): else: try: universe.contents[element].set(facet, value) + except PermissionError: + message = ('The "%s" element is kept in read-only file ' + '"%s" and cannot be altered.' % + (element, universe.contents[ + element].origin.filename)) except ValueError: message = ('Value "%s" of type "%s" cannot be coerced ' 'to the correct datatype for facet "%s".' % diff --git a/mudpy/tests/selftest.py b/mudpy/tests/selftest.py index 002853a..5da058c 100644 --- a/mudpy/tests/selftest.py +++ b/mudpy/tests/selftest.py @@ -165,10 +165,15 @@ test_set_facet = ( (2, r'You have successfully \(re\)set the "gender" facet of element', ""), ) +test_set_refused = ( + (2, "> ", "set mudpy.limit password_tries 10"), + (2, r'The "mudpy\.limit" element is kept in read-only file', ""), +) + test_show_element = ( (2, "> ", "show element mudpy.limit"), (2, r'These are the properties of the "mudpy\.limit" element.*' - r' \x1b\[32mpassword_tries: \x1b\[31m[0-9]+.*> ', + r' \x1b\[32mpassword_tries: \x1b\[31m3.*> ', "show element actor:avatar:admin:0"), (2, r'These are the properties of the "actor:avatar:admin:0" element.*' r' \x1b\[32mgender: \x1b\[31mfemale.*> ', ""), @@ -214,6 +219,7 @@ dialogue = ( (test_admin_help, "admin help"), (test_reload, "reload"), (test_set_facet, "set facet"), + (test_set_refused, "refuse altering read-only element"), (test_show_element, "show element"), (test_show_log, "show log"), (test_custom_loglevel, "custom loglevel"), -- 2.11.0