diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index cc44f62b5..08e12fa76 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -169,6 +169,12 @@ SPIFFWORKFLOW_BACKEND_ENGINE_STEP_DEFAULT_STRATEGY_WEB = environ.get( # this is only used in CI. use SPIFFWORKFLOW_BACKEND_DATABASE_URI instead for real configuration SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None) +# we load the CustomBpmnScriptEngine at import time, where we do not have access to current_app, +# so instead of using config, we use os.environ directly here. +# SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE = ( +# environ.get("SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE", default="true") == "true" +# ) + SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED = ( environ.get("SPIFFWORKFLOW_BACKEND_FEATURE_ELEMENT_UNITS_ENABLED", default="false") == "true" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py index f2ab970c9..00a1e46aa 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py @@ -279,9 +279,15 @@ class CustomBpmnScriptEngine(PythonScriptEngine): # type: ignore "timedelta": timedelta, } - # This will overwrite the standard builtins - default_globals.update(safe_globals) - default_globals["__builtins__"]["__import__"] = _import + use_restricted_script_engine = True + if os.environ.get("SPIFFWORKFLOW_BACKEND_USE_RESTRICTED_SCRIPT_ENGINE") == "false": + use_restricted_script_engine = False + + if use_restricted_script_engine: + # This will overwrite the standard builtins + default_globals.update(safe_globals) + default_globals["__builtins__"]["__import__"] = _import + environment = CustomScriptEngineEnvironment(default_globals) super().__init__(environment=environment)