Secure Python Execution in Script Snap: Import Restrictions and Configuration Steps

In this article

Added a secure Python execution to the Script Snap that restricts importing potentially critical elements by overriding the _import_ function. This mode is disabled by default and can be enabled by using the system property.

Key features:

• The restricted mode for Python Script Snap is controlled by the system property: com.snaplogic.snaps.script.CommonExecute.SECURE_PYTHON: "True"

• Only affects Python scripts executed using the Script Snap that import restricted modules, and fail when secure mode is enabled.

Steps to execute Python script with import restrictions

1. Navigate to the target folder and click the Snaplex tab in the Assets toolbar menu to display all the Snaplex instances in the Project.

2. Select a Snaplex, and open the Update Snaplex dialog. Navigate to the Node Properties tab to update the Global Properties.

3. Add a key jcc.jvm_options and the value -Dscripting.python.security.enabled=true to enable secure Script Snap.

4. Click Update and allow a few minutes for the Snaplex to restart.

Default behavior: The Python modules blocked when the scripting.python.security.enabled is set to True are as follows:

 To override the default list in case of any issues with the listed modules, update the list by adding the following to the Global properties:

 To disable secure Python execution, remove the system property from jcc.jv_options.