Restrict scripting for cloud sessions

To limit access to local cloud host resources via cloud clients, the Restricted Scripting option is available to restrict scripting, preventing file access and importing non-Vertec modules.

In the cloud suite, this option is always activated and cannot be turned off.

• No VB scripts are running. If a VB script is executed, an error is thrown.
• A sandbox has been introduced for Python. Essentially, only modules that are on the whitelist can be imported.

This setting only applies to cloud sessions (cloud servers). The desktop app is not affected.

As of Vertec 6.7.0.7 the risky modules ctypes, win32* (all modules starting with win32), win2kras, winsound and winxpgui are in the subfolder PythonUnsafe in the Vertec installation directory. This folder can be deleted if the modules are not used to better protect the desktop app.

Importing in Restricted Mode is done as follows:

• It is checked whether an import access concerns a registered script from the Vertec-DB

• If not, only the following are allowed as additional importable modules:
  • vtcapp and datetime
  • from Vertec 6.2.0.8: requests
  • from Vertec 6.2.0.11: string, re, json, urlparse, email, smtplib, base64
  • from Vertec 6.3: vtcextensions
  • from Vertec 6.3.0.2: ziputils
  • from Vertec 6.3.0.16: difflib, StringIO, textwrap, unicodedata, stringprep, calendar, collections, heapq, bisect, array, decimal, fractions, random, itertools, functools, operator, hashlib, hmac, time, HTMLParser, locale, traceback and the Python package email with all its sub-modules.
  • from Vertec 6.4.0.15: zeep

The completed list of built-in, globally available symbols (features and constants) in Restricted mode is limited to:

['False’, 'None’, 'True’, 'abs’, 'basestring’, 'bool’, 'callable’, 'chr’, 'cmp’, 'complex’, 'divmod’, 'float’, 'hash’, 'hex’, 'id’, 'int’, 'isinstance’, 'issubclass’, 'len’, 'long’, 'oct’, 'ord’, 'pow’, 'range’, 'repr’, 'round’, 'str’, 'tuple’, 'unichr’, 'unicode’, 'xrange’, 'zip’, “apply,” “dict,” “enumerate,” “filter,” “getattr,” “hasattr,” “iter,” “list,” “map,” “max,” “min,” “sum,” “all,” “any”]

The following features and constants were added to this list with Vertec 6.2.0.2:

['ArithmeticError’, 'AssertionError’, 'AttributeError’, 'BaseException’, 'BufferError’, 'BytesWarning’, 'DeprecationWarning’, 'EOFError’, 'Ellipsis’, 'EnvironmentError’, 'Exception’, 'FloatingPointError’, 'FutureWarning’, 'GeneratorExit’, 'IOError’, 'ImportError’, 'ImportWarning’, 'IndentationError’, 'IndexError’, 'KeyError’, 'KeyboardInterrupt’, 'LookupError’, 'MemoryError’, 'NameError’, 'NotImplemented’, 'NotImplementedError’, 'OSError’, 'OverflowError’, 'PendingDeprecationWarning’, 'ReferenceError’, 'RuntimeError’, 'RuntimeWarning’, 'StandardError’, 'StopIteration’, 'SyntaxError’, 'SyntaxWarning’, 'SystemError’, 'SystemExit’, 'TabError’, 'TypeError’, 'UnboundLocalError’, 'UnicodeDecodeError’, 'UnicodeEncodeError’, 'UnicodeTranslateError’, 'UnicodeWarning’, 'UserWarning’, 'ValueError’, 'Warning’, 'WindowsError’, 'ZeroDivisionError’, 'bin’, 'buffer’, 'bytearray’, 'bytes’, 'classmethod’, 'coerce’, 'delattr’, 'dir’, 'format’, 'frozenset’, 'locals’, 'next’, 'object’, 'property’, 'reduce’, 'reload’, 'reversed’, 'set’, 'setattr’, 'slice’, 'sorted’, 'staticmethod’, 'super’, 'type’]

And in version 6.3.0.16 around the 'help’ feature.