If you are using UDFs in Rule definitions, then it is important to verify whether you are using any of the blocked modules and methods. The introduction of blocking is a security best practice that restricts UDF code instructions to use safe modules and methods.
After installing the DSG, ensure that you note the following points:
- Verify if any of the following blocked modules and methods are defined in the Source Code option in the UDF rules:
- blocked_modules: pip , install, commands, subprocess, popen2, sys, os, platform, signal, asyncio
- blocked_methods: eval, exec, dir, import, memoryview
- If any of the blocked modules or methods are defined in the Source Code option in the UDF rules, then use either of the following options:
Option 1: Remove the module/method from the gateway.json file.
Note: By removing blocked modules and methods, you risk introducing security risks to the DSG system should any UDF code misuse these otherwise blocked module/method.
Option 2: Edit the UDF rule to override the blocked module using the override_blocked_modules parameter.
Note: By overriding blocked modules, you risk introducing security risks to the DSG system should any UDF code misuse these otherwise blocked module.