Limitations & Security

Because PowerShell scripts are executed in a specific context as it relates to your Agility Blue workspace, there are several restrictions and limitations placed on what your scripts can and cannot do. We want to make the scripting pipeline as accessible as possible for processing the type of scripts that make sense in a safe and secure manner. Your scripts are executed in an isolated sandboxed environment with limited rights and access, and as such, many of PowerShell’s built-in administrative functionality is removed or inaccessible.

Scripts can:

• Automate data processing within your Agility Blue workspaces.

• Perform operations on data within your Agility Blue workspaces.

• Attach and respond to events emitted from your Agility Blue workspaces.

• Interact with external APIs and services that support HTTP requests.

Scripts cannot:

• Modify the UI in any way.

• Run for longer than 60 seconds.

• Access any internal network resources on the scripting engine’s host.

• Access any operating system resources on the scripting engine’s host.

• Access any drives or mounts on the scripting engine’s host.

• Perform any administrative functionality on the scripting engine’s host.

• Download, install, or execute any applications or scripts on the scripting engine’s host.

• Persist data beyond the script’s execution context.

Notice

All script activity is logged and monitored for malicious activity or attempts to circumvent the security measures in place. If a script is detected attempting to perform any of the restricted actions, your scripting service will be immediately disabled, and you may be found to be in breach of your contract. The scripting service is provided as a tool to assist you with creating custom automations and unique workflow solutions, and it should not be abused or used for any purposes beyond this intent. We take security seriously to ensure a safe and productive environment for all users.

Available Core PowerShell Cmdlets

Below is a list of core PowerShell cmdlets categorized by functionality that you will have available for your scripts. If a cmdlet is not listed, it means that it was deemed insecure and has been removed from the scripting engine.

Script Blocks

• Begin

• Process

• End

Script Control

• Break

• Trap

• Try

• Catch

• Continue

• Do

• While

• Exit

• ForEach-Object

• ForEach

• For

• If

• Return

• Switch

Members

• Add-Member

• Get-Member

Formatting

• Format-Custom

• Format-Hex

• Format-List

• Format-Table

• Format-Wide

Measurement & Comparison

• Measure-Command

• Measure-Object

• Compare-Object

• Group-Object

• Select-Object

• Sort-Object

• Where-Object

Conversion Utilities

• ConvertFrom-CSV

• ConvertTo-CSV

• ConvertFrom-Json

• ConvertTo-Json

• ConvertTo-Html

• ConvertTo-Xml

• ConvertFrom-String

• ConvertFrom-StringData

• ConvertFrom-SecureString

• ConvertTo-SecureString

Internet

• Invoke-WebRequest

• Invoke-RestMethod

Output

• Write-Output

• Write-Error

• Out-Default

• Out-Null

• Out-String

Miscellaneous

• Get-Date

• New-Guid

• Get-Random

• Set-StrictMode

• New-Timespan

• Get-Unique

Use of .NET Functionality

In general, we’d recommend that you try to stick to native PowerShell cmdlets in your scripts, however there may be situations where the use of .NET functionality is necessary and appropriate. Scripts may use the .NET functionality that PowerShell offers to accomplish solutions where native PowerShell cmdlets are unable to, so long as the use of .NET in your scripts do not attempt to violate the security restrictions put in place as outlined above.

3rd-Party Packages/Executables

Scripts do not support installing or loading modules beyond the core PowerShell module and Agility Blue cmdlet modules that are already loaded. We don’t support the ability to expose any 3rd party applications, libraries, or installing additional NuGet packages.