Running an exported form in ConstrainedLanguage mode causes massive errors

Support for all customers who have purchased a SAPIEN PowerShell Studio product license. This forum does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
FrankAndrew
Posts: 124
Joined: Thu Oct 26, 2006 7:00 pm

Running an exported form in ConstrainedLanguage mode causes massive errors

Post by FrankAndrew » Thu Jul 11, 2019 4:52 am

Product, version and build: PowerShell Studio 2019, 5.6.165
32 or 64 bit version of product: 64bit
Operating system: Windows 10 Enterprise (1809)
32 or 64 bit OS: 64bit

I have tried to run an exported form at a location in our network where ONLY the "ConstrainedLanguage" mode is allowed and it throws massive numbers of errors before finally running aground, which is totally understandable, due to the fact that Reflection is NOT allowed in the "ConstrainedLanguage" mode.

Now that you guys have gotten to know the "ConstrainedLanguage" mode I have a small request.

Please add the following code, or something else to this effect, to the top of each generated *.Export.ps1" file right after the param() section, if one exists, so that these scripts CAN error out gracefully and the user will have some sense as to why it will NOT work.

Code: Select all

$languageMode = $ExecutionContext.SessionState.LanguageMode.ToString().ToUpper()
If ($languageMode.Equals("CONSTRAINEDLANGUAGE")) {
   Write-Error -Message "`nRunning in the `"ConstrainedLanguage`" mode!`nPowerShell Forms will NOT work in this mode!`n`nContact your system administrator!"
   Exit
}
If you implement this, or something similar, I am sure you will prevent the creation of unnecessary problem tickets. :D

User avatar
Alexander Riedel
Posts: 6973
Joined: Tue May 29, 2007 4:43 pm

Re: Running an exported form in ConstrainedLanguage mode causes massive errors

Post by Alexander Riedel » Thu Jul 11, 2019 5:01 am

We sent a request regarding this constrained mode around. Since we have no encountered this before we suspected it is not in very wide use.
Below is the reply from Lee Holmes at Microsoft on this subject:

It might be a good time to talk to your customer 😊 Anything but NoLanguage mode in an endpoint is a security vulnerability.
99% of the security boundary in JEA comes from the commands you are allowed to call. Callers are allowed to invoke any ‘Public’ commands, and (of course), those public commands can call any commands at all.
The security issue is that ConstrainedLanguage lets you define functions. So the functions you define can call literally any command, thereby destroying the security boundary (of which commands people are allowed to call).

https://youtu.be/M5bkHUQy-JA?t=5172

Lee


If I understand that correctly, ConstrainedLanguage mode will not provide you with any added security anyway.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
FrankAndrew
Posts: 124
Joined: Thu Oct 26, 2006 7:00 pm

Re: Running an exported form in ConstrainedLanguage mode causes massive errors

Post by FrankAndrew » Thu Jul 11, 2019 5:13 am

Hi Alex,

Thanks for the FAST responce, you are FAST as always.

I will pass this information back to our Client Admin guys.

But I think those five lines of code would be helpful, I don't think they will hurt anybody.

Gruß,
Drew