Restrict scripting for cloud sessions

To ensure certain restrictions when accessing local resources of the Cloud Server Hosts via the cloud clients, there is the Restricted Scripting option to restrict scripting, preventing file access and importing non-Vertec modules.

In the Cloud Suite, this option is always activated and cannot be turned off.

• No VB scripts are running. If a VB script is executed, an error is thrown.
• a sandbox has been introduced for Python. Essentially, only modules that are on the whitelist can be imported.

This setting only applies to cloud sessions (Cloud Server). The Desktop App is not affected.

As of Vertec 6.7.0.7 the risky modules ctypes, win32* (all modules starting with win32), win2kras, winsound and winxpgui are in the subfolder PythonUnsafe in the Vertec installation directory. This folder can be deleted if the modules are not in use to better protect the Desktop App.

Importing in Restricted Mode is done as follows:

• It is checked whether an import access affects a registered script from the Vertec-DB

• If not, only the following modules:
  • All Modules supplied by Vertec
  • datetime, requests, string, re, json, urlparse, emailemail smtplib, base64, ziputils, difflib, StringIO, textwrap, unicodedata, stringprep, calendar, collections, heapq, bisect, array, decimal, fractions, random, itertools, functools, operator, hashlib, hmac, time, HTMLParser, locale, traceback, zeep, and the Python package email with all its sub-modules.

The final list of built-in globally available symbols (features and constants) in Restricted Mode is limited to:

['False’, 'None’, 'True’, 'abs’, 'basestring’, 'bool’, 'callable’, 'chr’, 'cmp’, 'complex’, 'divmod’, 'float’, 'hash’, 'hex’, 'Id’, 'int’, 'isinstance’, 'issubclass’, 'len’, 'long’, 'oct’, 'ord’, 'pow’, 'range’, 'repr’, 'round’, 'str’, 'tuple’, 'unichr’, 'unicode’, 'xrange’, 'zip’, 'apply’, 'dict', 'enumerate', 'filter', 'getattr', 'hasattr', 'iter', 'list', 'HR', 'max', 'min', 'sum', 'all', 'any', 'ArithmeticError’, 'AssertionError’, 'AttributeError’, 'BaseException’, 'BufferError’, 'BytesWarning’, 'DeprecationWarning’, 'EOFError’, 'Ellipsis’, 'EnvironmentError’, 'Exception’, 'FloatingPointError’, 'FutureWarning’, 'GeneratorExit’, 'IOError’, 'ImportError’, 'ImportError’, 'ImportWarning’, 'IndentationError’, 'IndexError’, 'KeyError’, 'KeyboardInterrupt’, 'LookupError’, 'MemoryError’, 'NameError’, 'NotImplemented’, 'NotImplementedError’, 'OSError’, 'OverflowError’, 'PendingDeprecationWarning’, 'ReferenceError’, 'RuntimeError’, 'RuntimeWarning’, 'StandardError’, 'StopIteration’, 'SyntaxError’, 'SyntaxWarning’, 'SystemError’, 'SystemExit’, 'TabError’, 'TypeError’, 'UnboundLocalError’, 'UnicodeDecodeError’, 'UnicodeEncodeError’, 'UnicodeError’, 'UnicodeError’, 'UnicodeTranslateError’, 'UnicodeWarning’, 'UserWarning’, 'ValueError’, 'Warning’, 'WindowsError’, 'ZeroDivisionError’, 'bin’, 'buffer’, 'bytearray’, 'bytes’, 'classmethod’, 'coerce’, 'delattr’, 'dir’, 'exec', 'format’, 'frozenset’, 'help', 'locals’, 'next’, 'object’, 'property’, 'reduce’, 'reload’, 'reversed’, 'set’, 'setattr’, 'slice’, 'sorted’, 'staticmethod’, 'super’, 'type’]