From 6841e0ca1d916a31178ceab9bb7802f7a055bd52 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Wed, 16 Sep 2020 22:38:28 +0000 Subject: [PATCH] Switch tox to use allowlist_externals The whitelist_externals option in tox in deprecated in favor of allowlist_externals. Update this and also bump our tox minversion to the earliest version which supports this new syntax. While we're at it, update a few code comments about bandit "nosec" exceptions to refer to allowing instead of whitelisting. --- mudpy/command.py | 6 +++--- mudpy/misc.py | 4 ++-- tox.ini | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mudpy/command.py b/mudpy/command.py index ea77939..bd473e5 100644 --- a/mudpy/command.py +++ b/mudpy/command.py @@ -1,6 +1,6 @@ """User command functions for the mudpy engine.""" -# Copyright (c) 2004-2019 mudpy authors. Permission to use, copy, +# Copyright (c) 2004-2020 mudpy authors. Permission to use, copy, # modify, and distribute this software is granted under terms # provided in the LICENSE file distributed with this software. @@ -115,7 +115,7 @@ def error(actor, input_data): """Generic error for an unrecognized command word.""" # 90% of the time use a generic error - # Whitelist the random.randrange() call in bandit since it's not used for + # Allow the random.randrange() call in bandit since it's not used for # security/cryptographic purposes if random.randrange(10): # nosec message = '''I'm not sure what "''' + input_data + '''" means...''' @@ -555,7 +555,7 @@ def show(actor, parameters): try: # there is no other option than to use eval() for this, since # its purpose is to evaluate arbitrary expressions, so do what - # we can to secure it and whitelist it for bandit analysis + # we can to secure it and allow it for bandit analysis message = repr(eval( # nosec " ".join(arguments[1:]), {"mudpy": mudpy, "universe": actor.universe})) diff --git a/mudpy/misc.py b/mudpy/misc.py index ba29a90..044614f 100644 --- a/mudpy/misc.py +++ b/mudpy/misc.py @@ -1227,7 +1227,7 @@ def weighted_choice(data): expanded.append(key) # return one at random - # Whitelist the random.randrange() call in bandit since it's not used for + # Allow the random.randrange() call in bandit since it's not used for # security/cryptographic purposes return random.choice(expanded) # nosec @@ -1276,7 +1276,7 @@ def random_name(): name = "" # create a name of random length from the syllables - # Whitelist the random.randrange() call in bandit since it's not used for + # Allow the random.randrange() call in bandit since it's not used for # security/cryptographic purposes for _syllable in range(random.randrange(2, 6)): # nosec name += weighted_choice(syllables) diff --git a/tox.ini b/tox.ini index 1ede200..203bd1c 100644 --- a/tox.ini +++ b/tox.ini @@ -3,7 +3,7 @@ # provided in the LICENSE file distributed with this software. [tox] -minversion = 3.1 +minversion = 3.18 envlist = bandit, codespell, dist, docs, flake8, yamllint, selftest_config, py3 skipsdist = True ignore_basepython_conflict = True @@ -40,7 +40,7 @@ usedevelop = False commands = mudpy {posargs} [testenv:dist] -whitelist_externals = rm +allowlist_externals = rm deps = pbr twine @@ -54,7 +54,7 @@ usedevelop = False [testenv:docs] setenv = PYTHONWARNINGS=error -whitelist_externals = rm +allowlist_externals = rm deps = -r{toxinidir}/requirements.txt -r{toxinidir}/doc/requirements.txt -- 2.11.0