allow turning off restricted python

This commit is contained in:
burnettk 2023-06-01 17:52:01 -04:00
parent cfd95a22f2
commit 64f9ef2705
2 changed files with 15 additions and 3 deletions

View File

@ -169,6 +169,12 @@ SPIFFWORKFLOW_BACKEND_ENGINE_STEP_DEFAULT_STRATEGY_WEB = environ.get(
# this is only used in CI. use SPIFFWORKFLOW_BACKEND_DATABASE_URI instead for real configuration # this is only used in CI. use SPIFFWORKFLOW_BACKEND_DATABASE_URI instead for real configuration
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None) SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None)
# we load the CustomBpmnScriptEngine at import time, where we do not have access to current_app,
# so instead of using config, we use os.environ directly here.
# SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE = (
# environ.get("SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE", default="true") == "true"
# )
SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED = ( SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED = (
environ.get("SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED", default="false") == "true" environ.get("SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED", default="false") == "true"
) )

View File

@ -278,9 +278,15 @@ class CustomBpmnScriptEngine(PythonScriptEngine): # type: ignore
"set": set, "set": set,
} }
use_restricted_script_engine = True
if os.environ.get("SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE") == "false":
use_restricted_script_engine = False
if use_restricted_script_engine:
# This will overwrite the standard builtins # This will overwrite the standard builtins
default_globals.update(safe_globals) default_globals.update(safe_globals)
default_globals["__builtins__"]["__import__"] = _import default_globals["__builtins__"]["__import__"] = _import
environment = CustomScriptEngineEnvironment(default_globals) environment = CustomScriptEngineEnvironment(default_globals)
super().__init__(environment=environment) super().__init__(environment=environment)