Hello,
My two cents for this thread: I absolutely understand your concern regarding limiting access to the local filesystem and networking capabilities but not having access even to libraries like datetime is really inconvenient.
I have myself described this issue in a one of your Customer Success Forums (the name might be wrong, sorry). I provided a real-life example where as part of the pre-process script of a function we need to perform some date manipulation operations like getting the current time and subtract a fix period of time. Even though this was possible using the only Java class that you can import, it was really cumbersome and not convenient at all.
My understanding is that the pre and post processing scripts are meant to be some kind of "glue" between the external Python code and the Resilient Workflows and help with code re-usability. However, by not allowing to import virtually any library, this task becomes really tricky.
If you could provide an explanation as of why libraries like datetime are also not allowed, it would be really appreciated.
Thanks in advance for your reply.
Regards,
------------------------------
Carlos Ortigoza
------------------------------
Original Message:
Sent: Mon August 19, 2019 07:21 AM
From: Sean OGorman
Subject: Default python libraries...
Hello Nathan,
It's definitely prudent to assess the considered limitations of our Web UI scripting facility, thanks for initiating a discussion about the capabilities available. I hope I can address some of your concerns.
From the Playbook Designers Guide document:The scripting feature supports Python 2.7 only, and has the following language feature and security limitations in place to prevent unwanted actions:
• You can import the java.util.Date Java language class.
• You can import the re (regular expressions) module using the command:
import re
• You cannot import python libraries, including os, subprocess, sys, and threading.
• Network access is not allowed in order to prevent unwanted or unauthorized access to the network.
• Access to the underlying file system is not allowed to prevent unwanted or unauthorized access to the file system.
Accessing a variety of incident data, you use scripts to add objects, such as tasks notes, and a row in a data table. A script only modifies or acts on the object that triggered the rule or its parent object. For the email message object, it also can modify its associated incident (if there is one).
We realise that this limits what is achievable in a UI python script but reducing the security risk which managing functionality is of paramount importance to us. Thanks again for your interest.
------------------------------
Sean OGorman
Original Message:
Sent: Mon June 10, 2019 11:28 AM
From: Nathan Getty
Subject: Default python libraries...
Hello.
This isn't a support question, more of a enhancement / question why certain items aren't included within the web UI python implementation.
Currently, the only two modules that can be leveraged are the Java Data and RE modules, which is really limiting. Within the email parser or scripts, it would be much more useful if we could leverage libraries like JSON or time/datetime. Is there any plans for the future to embed more default libraries within the web UI python?
Thanks :)
------------------------------
Nathan Getty
------------------------------