Security considerations#
This section provides information on security considerations for the use of PyAEDT. It is important to understand the capabilities which PyAEDT provides, especially when using it to build applications or scripts that accept untrusted input.
Launching AEDT#
The launch_aedt() and launch_aedt_in_lsf() functions can be used
to launch AEDT. The executable which is launched is configured with the function
parameters, environment variables and the
settings.
This may allow an attacker to launch arbitrary executables on the system. When
exposing the launch function to untrusted users, it is important to validate that
the executable path, environment variables (for example "ANSYSEM_ROOT",
ANSYSEM_PY_CLIENT_ROOT and ANSYSEMSV_ROOT) and PyAEDT settings are safe.
Otherwise, hard-code them in the application.
Retrieving Ansys Cloud information#
The get_cloud_job_info() and get_available_cloud_config()
functions can be used to retrieve information related to Ansys Cloud.
The executable which is launched is configured with the function
parameters and the AEDT installation that is detected. Since finding the AEDT
installation path is based of environment variables, this may allow an attacker
to launch arbitrary executables on the system. When exposing the launch function
to untrusted users, it is important to validate that environment variables like
"ANSYSEM_ROOT", ANSYSEM_PY_CLIENT_ROOT and ANSYSEMSV_ROOT are safe.
Otherwise, hard-code them in the application.