Set content management policies
Content management policies
See Policy Management for content management and system configuration descriptions.
Content management policies control how the Glasswall engine handles different types of content within files, such as macros, embedded images and metadata. They are expressed as XML and applied before file processing begins.
The Python wrapper provides two ways to work with Editor policies, each suited to a different purpose:
| Mechanism | Purpose |
|---|---|
glasswall.content_management.policies.Editor | Pass to processing functions such as protect_directory to apply a policy when processing files. Accepts default and config arguments to control how content switches are applied. |
editor.create_config() | Preview or save the full policy XML without processing any files. Returns a printable object showing all switches and their values. |
Editor policies
Passing a policy to a processing function
Pass an Editor object to any processing function using the content_management_policy argument. The default parameter sets the value applied to all content switches, and config allows individual switches to be overridden on top of that default.
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
editor.protect_directory(
input_directory=r"C:\gwpw\input",
output_directory=r"C:\input_sanitised",
content_management_policy=glasswall.content_management.policies.Editor(default="sanitise")
)
If content_management_policy is omitted, the engine's own defaults are used:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
editor.protect_directory(
input_directory=r"C:\gwpw\input",
output_directory=r"C:\input_sanitised",
)
A path to an existing XML policy file can also be supplied:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
editor.protect_directory(
input_directory=r"C:\gwpw\input",
output_directory=r"C:\input_sanitised",
content_management_policy=r"C:\gwpw\configs\config.xml"
)
Previewing the full policy XML with create_config
create_config returns the complete policy XML as a printable object. Use it to inspect exactly what policy will be applied, save a policy to file or verify the effect of your overrides before processing any files.
Note:
Editorobjects cannot be printed directly to inspect the policy XML. Usecreate_configfor that purpose.
Engine defaults
Calling create_config() with no arguments returns the engine's default policy:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
print(editor.create_config())
<?xml version="1.0" encoding="utf-8"?>
<config>
<gifConfig>
<metadata>sanitise</metadata>
</gifConfig>
<jpegConfig>
<jfif>sanitise</jfif>
</jpegConfig>
<pdfConfig>
<acroform>sanitise</acroform>
<actions_all>sanitise</actions_all>
<digital_signatures>sanitise</digital_signatures>
<embedded_files>sanitise</embedded_files>
<embedded_images>sanitise</embedded_images>
<external_hyperlinks>sanitise</external_hyperlinks>
<internal_hyperlinks>sanitise</internal_hyperlinks>
<javascript>sanitise</javascript>
<metadata>sanitise</metadata>
<retain_exported_streams>sanitise</retain_exported_streams>
<value_outside_reasonable_limits>sanitise</value_outside_reasonable_limits>
</pdfConfig>
<pptConfig>
<digital_signatures>sanitise</digital_signatures>
<embedded_files>sanitise</embedded_files>
<embedded_fonts>sanitise</embedded_fonts>
<embedded_images>sanitise</embedded_images>
<external_hyperlinks>sanitise</external_hyperlinks>
<hidden_data>sanitise</hidden_data>
<internal_hyperlinks>sanitise</internal_hyperlinks>
<macros>sanitise</macros>
<metadata>sanitise</metadata>
<review_comments>sanitise</review_comments>
<slide_notes>sanitise</slide_notes>
<write_reservation>sanitise</write_reservation>
</pptConfig>
<svgConfig>
<foreign_objects>sanitise</foreign_objects>
<hyperlinks>sanitise</hyperlinks>
<scripts>sanitise</scripts>
</svgConfig>
<sysConfig>
<enable_export_xml_headers>true</enable_export_xml_headers>
<enable_hash_sha256>true</enable_hash_sha256>
<export_embedded_images>true</export_embedded_images>
<interchange_best_compression>false</interchange_best_compression>
<interchange_pretty>false</interchange_pretty>
<interchange_type>sisl</interchange_type>
</sysConfig>
<tiffConfig>
<geotiff>sanitise</geotiff>
<undefined_type>sanitise</undefined_type>
</tiffConfig>
<webpConfig>
<metadata>sanitise</metadata>
</webpConfig>
<wordConfig>
<connections>sanitise</connections>
<digital_signatures>sanitise</digital_signatures>
<doc_variables>sanitise</doc_variables>
<dynamic_data_exchange>sanitise</dynamic_data_exchange>
<embedded_files>sanitise</embedded_files>
<embedded_fonts>sanitise</embedded_fonts>
<embedded_images>sanitise</embedded_images>
<external_hyperlinks>sanitise</external_hyperlinks>
<field_codes>sanitise</field_codes>
<footnotes_endnotes>sanitise</footnotes_endnotes>
<headers_footers>sanitise</headers_footers>
<hidden_data>sanitise</hidden_data>
<in_text_comments>sanitise</in_text_comments>
<internal_hyperlinks>sanitise</internal_hyperlinks>
<macros>sanitise</macros>
<metadata>sanitise</metadata>
<review_comments>sanitise</review_comments>
<tracked_changes>sanitise</tracked_changes>
<web_video_extension>sanitise</web_video_extension>
<write_reservation>sanitise</write_reservation>
</wordConfig>
<xlsConfig>
<connections>sanitise</connections>
<digital_signatures>sanitise</digital_signatures>
<dynamic_data_exchange>sanitise</dynamic_data_exchange>
<embedded_files>sanitise</embedded_files>
<embedded_images>sanitise</embedded_images>
<external_hyperlinks>sanitise</external_hyperlinks>
<headers_footers>sanitise</headers_footers>
<hidden_data>sanitise</hidden_data>
<internal_hyperlinks>sanitise</internal_hyperlinks>
<macros>sanitise</macros>
<metadata>sanitise</metadata>
<review_comments>sanitise</review_comments>
<scenarios>sanitise</scenarios>
<tracked_changes>sanitise</tracked_changes>
<write_reservation>sanitise</write_reservation>
</xlsConfig>
</config>
Note: The switches shown above reflect the engine defaults at the time of writing. As the engine is updated, new switches may appear automatically in the output.
Sanitise all content switches
Passing default="sanitise" explicitly sets every content switch to sanitise, overriding the engine defaults for any switch that may not already be sanitise:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
print(editor.create_config(default="sanitise"))
Custom policy: allow all with targeted overrides
The config parameter overrides individual switches on top of the default. In the example below, all content is allowed except macros in Word documents and embedded content in Excel spreadsheets:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
print(editor.create_config(
default="allow",
config={
"wordConfig": {
"macros": "sanitise",
},
"xlsConfig": {
"embedded_files": "sanitise",
"embedded_images": "sanitise",
},
}
))
<?xml version="1.0" encoding="utf-8"?>
<config>
<gifConfig>
<metadata>allow</metadata>
</gifConfig>
<jpegConfig>
<jfif>allow</jfif>
</jpegConfig>
<pdfConfig>
<acroform>allow</acroform>
<actions_all>allow</actions_all>
<digital_signatures>allow</digital_signatures>
<embedded_files>allow</embedded_files>
<embedded_images>allow</embedded_images>
<external_hyperlinks>allow</external_hyperlinks>
<internal_hyperlinks>allow</internal_hyperlinks>
<javascript>allow</javascript>
<metadata>allow</metadata>
<retain_exported_streams>allow</retain_exported_streams>
<value_outside_reasonable_limits>allow</value_outside_reasonable_limits>
</pdfConfig>
<pptConfig>
<digital_signatures>allow</digital_signatures>
<embedded_files>allow</embedded_files>
<embedded_fonts>allow</embedded_fonts>
<embedded_images>allow</embedded_images>
<external_hyperlinks>allow</external_hyperlinks>
<hidden_data>allow</hidden_data>
<internal_hyperlinks>allow</internal_hyperlinks>
<macros>allow</macros>
<metadata>allow</metadata>
<review_comments>allow</review_comments>
<slide_notes>allow</slide_notes>
<write_reservation>allow</write_reservation>
</pptConfig>
<svgConfig>
<foreign_objects>allow</foreign_objects>
<hyperlinks>allow</hyperlinks>
<scripts>allow</scripts>
</svgConfig>
<sysConfig>
<enable_export_xml_headers>true</enable_export_xml_headers>
<enable_hash_sha256>true</enable_hash_sha256>
<export_embedded_images>true</export_embedded_images>
<interchange_best_compression>false</interchange_best_compression>
<interchange_pretty>false</interchange_pretty>
<interchange_type>sisl</interchange_type>
</sysConfig>
<tiffConfig>
<geotiff>allow</geotiff>
<undefined_type>allow</undefined_type>
</tiffConfig>
<webpConfig>
<metadata>allow</metadata>
</webpConfig>
<wordConfig>
<connections>allow</connections>
<digital_signatures>allow</digital_signatures>
<doc_variables>allow</doc_variables>
<dynamic_data_exchange>allow</dynamic_data_exchange>
<embedded_files>allow</embedded_files>
<embedded_fonts>allow</embedded_fonts>
<embedded_images>allow</embedded_images>
<external_hyperlinks>allow</external_hyperlinks>
<field_codes>allow</field_codes>
<footnotes_endnotes>allow</footnotes_endnotes>
<headers_footers>allow</headers_footers>
<hidden_data>allow</hidden_data>
<in_text_comments>allow</in_text_comments>
<internal_hyperlinks>allow</internal_hyperlinks>
<macros>sanitise</macros>
<metadata>allow</metadata>
<review_comments>allow</review_comments>
<tracked_changes>allow</tracked_changes>
<web_video_extension>allow</web_video_extension>
<write_reservation>allow</write_reservation>
</wordConfig>
<xlsConfig>
<connections>allow</connections>
<digital_signatures>allow</digital_signatures>
<dynamic_data_exchange>allow</dynamic_data_exchange>
<embedded_files>sanitise</embedded_files>
<embedded_images>sanitise</embedded_images>
<external_hyperlinks>allow</external_hyperlinks>
<headers_footers>allow</headers_footers>
<hidden_data>allow</hidden_data>
<internal_hyperlinks>allow</internal_hyperlinks>
<macros>allow</macros>
<metadata>allow</metadata>
<review_comments>allow</review_comments>
<scenarios>allow</scenarios>
<tracked_changes>allow</tracked_changes>
<write_reservation>allow</write_reservation>
</xlsConfig>
</config>
Using a previewed policy for processing
The object returned by create_config can be passed directly to any processing function. This is useful when you want to confirm the policy XML before applying it:
import glasswall
editor = glasswall.Editor(r"C:\gwpw\libraries\10.0")
policy = editor.create_config(
default="allow",
config={
"wordConfig": {"macros": "sanitise"},
}
)
# Inspect the policy before applying it
print(policy)
# Apply the policy
editor.protect_directory(
input_directory=r"C:\gwpw\input",
output_directory=r"C:\input_sanitised",
content_management_policy=policy,
)
WordSearch policies
WordSearch policies configure text redaction. They can be printed directly or passed to processing functions without needing a loaded library.
Elements within a content management policy may have attributes. Attributes can be set by prefixing a key with the @ character.
Setting a WordSearch policy
import glasswall
# Redact instances of the string "lorem" by replacing each character
# with an asterisk, and redact instances of "ipsum" by replacing each
# character with the letter "X".
print(glasswall.content_management.policies.WordSearch(
default="allow",
config={
"textSearchConfig": {
"textList": [
{"name": "textItem", "switches": [
{"name": "text", "value": "lorem"},
{"name": "textSetting", "@replacementChar": "*", "value": "redact"},
]},
{"name": "textItem", "switches": [
{"name": "text", "value": "ipsum"},
{"name": "textSetting", "@replacementChar": "X", "value": "redact"},
]},
]
}
}
))
<?xml version="1.0" encoding="utf-8"?>
<config>
<sysConfig>
<interchange_type>xml</interchange_type>
</sysConfig>
<textSearchConfig libVersion="core2">
<textList>
<textItem>
<text>lorem</text>
<textSetting replacementChar="*">redact</textSetting>
</textItem>
<textItem>
<text>ipsum</text>
<textSetting replacementChar="X">redact</textSetting>
</textItem>
</textList>
</textSearchConfig>
</config>