https://github.com/python/cpython/commit/c1e834dd7856e912eb27da1d9b698c2b2710573e
commit: c1e834dd7856e912eb27da1d9b698c2b2710573e
branch: 3.12
author: Ćukasz Langa <[email protected]>
committer: ambv <[email protected]>
date: 2024-07-22T13:41:23+02:00
summary:
[3.12] gh-121957: Emit audit events for python -i and python -m asyncio
(GH-122117)
files:
A Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
M Doc/library/asyncio.rst
M Doc/using/cmdline.rst
M Lib/asyncio/__main__.py
M Modules/main.c
diff --git a/Doc/library/asyncio.rst b/Doc/library/asyncio.rst
index 184f981c1021aa..1fb575d77f3e17 100644
--- a/Doc/library/asyncio.rst
+++ b/Doc/library/asyncio.rst
@@ -56,8 +56,12 @@ Additionally, there are **low-level** APIs for
* :ref:`bridge <asyncio-futures>` callback-based libraries and code
with async/await syntax.
+.. include:: ../includes/wasm-notavail.rst
+
.. _asyncio-cli:
+.. rubric:: asyncio REPL
+
You can experiment with an ``asyncio`` concurrent context in the REPL:
.. code-block:: pycon
@@ -70,7 +74,10 @@ You can experiment with an ``asyncio`` concurrent context in
the REPL:
>>> await asyncio.sleep(10, result='hello')
'hello'
-.. include:: ../includes/wasm-notavail.rst
+.. audit-event:: cpython.run_stdin "" ""
+
+.. versionchanged:: 3.12.5 (also 3.11.10, 3.10.15, 3.9.20, and 3.8.20)
+ Emits audit events.
.. We use the "rubric" directive here to avoid creating
the "Reference" subsection in the TOC.
diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst
index 4c2798ab72b5f6..9567c72d62bd1a 100644
--- a/Doc/using/cmdline.rst
+++ b/Doc/using/cmdline.rst
@@ -720,6 +720,11 @@ conflict.
This variable can also be modified by Python code using :data:`os.environ`
to force inspect mode on program termination.
+ .. audit-event:: cpython.run_stdin "" ""
+
+ .. versionchanged:: 3.12.5 (also 3.11.10, 3.10.15, 3.9.20, and 3.8.20)
+ Emits audit events.
+
.. envvar:: PYTHONUNBUFFERED
diff --git a/Lib/asyncio/__main__.py b/Lib/asyncio/__main__.py
index c39a31d7b3df5b..046558011513cb 100644
--- a/Lib/asyncio/__main__.py
+++ b/Lib/asyncio/__main__.py
@@ -89,6 +89,8 @@ def run(self):
if __name__ == '__main__':
+ sys.audit("cpython.run_stdin")
+
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
diff --git
a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
new file mode 100644
index 00000000000000..ff4614b000caf4
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
@@ -0,0 +1,3 @@
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
diff --git a/Modules/main.c b/Modules/main.c
index 1b189b456162e6..b602272b78befd 100644
--- a/Modules/main.c
+++ b/Modules/main.c
@@ -540,6 +540,10 @@ pymain_repl(PyConfig *config, int *exitcode)
return;
}
+ if (PySys_Audit("cpython.run_stdin", NULL) < 0) {
+ return;
+ }
+
PyCompilerFlags cf = _PyCompilerFlags_INIT;
int res = PyRun_AnyFileFlags(stdin, "<stdin>", &cf);
*exitcode = (res != 0);
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
