ansys · Samuelopez-ansys · Apr 1, 2025 · Mar 10, 2025 · Mar 10, 2025 · Mar 11, 2025
@@ -0,0 +1 @@
+Improve API and security in Desktop
@@ -81,6 +81,13 @@ For end-to-end examples, see `Examples <https://examples.aedt.docs.pyansys.com>`
 
             How to create and analyze EMIT designs.
 
+   .. grid-item-card:: Security considerations
+            :link: security_consideration
+            :link-type: doc
+            :margin: 2 2 0 0
+
+            Information on security considerations.
+
 .. toctree::
    :hidden:
    :maxdepth: 2
@@ -95,3 +102,4 @@ For end-to-end examples, see `Examples <https://examples.aedt.docs.pyansys.com>`
    files
    postprocessing
    emit_modeler
+   security_consideration
@@ -0,0 +1,38 @@
+Security considerations
+=======================
+
+This section provides information on security considerations for the use
+of PyAEDT. It is important to understand the capabilities which PyAEDT
+provides, especially when using it to build applications or scripts that
+accept untrusted input.
+
+.. _security_launch_aedt:
+
+Launching AEDT
+--------------
+
+The :py:func:`.launch_aedt` and :py:func:`.launch_aedt_in_lsf` functions can be used
+to launch AEDT. The executable which is launched is configured with the function
+parameters, environment variables and the
+`settings <https://aedt.docs.pyansys.com/version/stable/User_guide/settings.html>`_.
+This may allow an attacker to launch arbitrary executables on the system. When
+exposing the launch function to untrusted users, it is important to validate that
+the executable path, environment variables (for example ``"ANSYSEM_ROOT"``,
+``ANSYSEM_PY_CLIENT_ROOT`` and ``ANSYSEMSV_ROOT``) and PyAEDT settings are safe.
+Otherwise, hard-code them in the application.
+
+.. _security_ansys_cloud:
+
+Retrieving Ansys Cloud information
+----------------------------------
+
+The :py:func:`.get_cloud_job_info` and :py:func:`.get_available_cloud_config`
+functions can be used to retrieve information related to Ansys Cloud.
+The executable which is launched is configured with the function
+parameters and the AEDT installation that is detected. Since finding the AEDT
+installation path is based of environment variables, this may allow an attacker
+to launch arbitrary executables on the system. When exposing the launch function
+to untrusted users, it is important to validate that environment variables like
+``"ANSYSEM_ROOT"``, ``ANSYSEM_PY_CLIENT_ROOT`` and ``ANSYSEMSV_ROOT`` are safe.
+Otherwise, hard-code them in the application.
+
@@ -14,6 +14,7 @@ busbars
 Bz
 CHECKIN
 [Cc]ircuit
+[Cc]loud
 codecov
 (?i)Com
 COM interface
@@ -97,6 +98,7 @@ subcircuit
 [Tt]oolkit [Mm]anager
 Twin Builder
 Uncomment
+untrusted
 utils
 vias
 manual_settings

@@ -60,7 +60,7 @@
 from ansys.aedt.core.application.design_solutions import solutions_defaults
 from ansys.aedt.core.application.variables import DataSet
 from ansys.aedt.core.application.variables import VariableManager
-from ansys.aedt.core.desktop import _init_desktop_from_design
+from ansys.aedt.core.desktop import Desktop
 from ansys.aedt.core.desktop import exception_to_desktop
 from ansys.aedt.core.generic.constants import AEDT_UNITS
 from ansys.aedt.core.generic.constants import unit_system
@@ -196,7 +196,7 @@ def __init__(
         self._design_datasets: List = []
         self.close_on_exit: bool = close_on_exit
         self._desktop_class = None
-        self._desktop_class = _init_desktop_from_design(
+        self._desktop_class = self.__init_desktop_from_design(
             version,
             non_graphical,
             new_desktop,
@@ -4233,6 +4233,12 @@ def edit_notes(self, text):
         self.odesign.EditNotes(text)
         return True
 
+    @classmethod
+    def __init_desktop_from_design(cls, *args, **kwargs):
+        """Internal instantiation of the ``Desktop`` class."""
+        Desktop._invoked_from_design = True
+        return Desktop(*args, **kwargs)
+
 
 class DesignSettings:
     """Get design settings for the current AEDT app.
@@ -4246,20 +4252,6 @@ def __init__(self, app):
         self._app: Any = app
         self.manipulate_inputs: Optional[DesignSettingsManipulation] = None
 
-    @property
-    def design_settings(self) -> Optional[Any]:
-        """Design settings."""
-        try:
-            return self._app.odesign.GetChildObject("Design Settings")
-        except GrpcApiError:  # pragma: no cover
-            self._app.logger.error("Failed to retrieve design settings.")
-            return None
-
-    @property
-    def available_properties(self) -> List[str]:
-        """Available properties names for the current design."""
-        return [prop for prop in self.design_settings.GetPropNames() if not prop.endswith("/Choices")]
-
     def __repr__(self) -> str:
         lines = ["{"]
         for prop in self.available_properties:
@@ -4294,6 +4286,20 @@ def __getitem__(self, key: str) -> Optional[Any]:
     def __contains__(self, item: str) -> bool:
         return item in self.available_properties
 
+    @property
+    def design_settings(self) -> Optional[Any]:
+        """Design settings."""
+        try:
+            return self._app.odesign.GetChildObject("Design Settings")
+        except GrpcApiError:  # pragma: no cover
+            self._app.logger.error("Failed to retrieve design settings.")
+            return None
+
+    @property
+    def available_properties(self) -> List[str]:
+        """Available properties names for the current design."""
+        return [prop for prop in self.design_settings.GetPropNames() if not prop.endswith("/Choices")]
+
 
 class DesignSettingsManipulation:
     @abstractmethod