For general information about RCE's Tool Integration concepts and configuration, please refer to the RCE User Guide (available here for the latest 10.x release).

From a security perspective, the service-providing side of Tool Integration consists of a dedicated user (typically an administrator or engineer familiar with the tool) defining a static script that controls the tool's invocation. Typical tasks in this script are custom input pre-processing or conversion, invoking one or more command-line tools, and assembling the final (external) data output.

All inputs and outputs of the service representing the tool is explicitly defined as part of the Tool Integration setup. Inputs and outputs are standardized to data types like Integer, Float, String, File, Directory, Vector, Matrix, or Table.

Beyond input data and (optionally) tool properties, the caller of the tool has no means of influencing the tool's execution.

The tool script is executed by passing it to bash on Linux or cmd on Windows. (To reiterate: This script is static, and always defined by a dedicated user on the providing side, never by the caller.) However, RCE has no general control over the operations that the administrator/tool integrator performs within that script. Safely handling the data that is received via configured properties or the tool's input data channels lies in the responsibility of the script author.

As part of the tool script editor, RCE offers some support for preventing typical pitfalls in this area. For example, property strings are automatically double-quoted when they are inserted into the editor. Also, certain known-unsafe string contents are disallowed to be inserted into script code; when these are received by the tool, the tool execution is aborted with an error message.

The only data that is implicitly published from a tool's execution is the standard and error output of the executing tools, as well as execution time data. If this is undesired, standard shell/batch features can typically be used to suppress this output.