https://github.com/python/cpython/commit/9e9c71d09e68b42fd1b251af6e4bfde697fe9b57
commit: 9e9c71d09e68b42fd1b251af6e4bfde697fe9b57
branch: 3.9
author: Ćukasz Langa <[email protected]>
committer: ambv <[email protected]>
date: 2024-07-22T13:49:47+02:00
summary:
[3.9] gh-121957: Emit audit events for python -i and python -m asyncio
(GH-122120)
files:
A Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
M Doc/library/asyncio.rst
M Doc/using/cmdline.rst
M Lib/asyncio/__main__.py
M Modules/main.c
diff --git a/Doc/library/asyncio.rst b/Doc/library/asyncio.rst
index a6429394389b10..ec876f7ab537d5 100644
--- a/Doc/library/asyncio.rst
+++ b/Doc/library/asyncio.rst
@@ -56,6 +56,26 @@ Additionally, there are **low-level** APIs for
* :ref:`bridge <asyncio-futures>` callback-based libraries and code
with async/await syntax.
+.. _asyncio-cli:
+
+.. rubric:: asyncio REPL
+
+You can experiment with an ``asyncio`` concurrent context in the REPL:
+
+.. code-block:: pycon
+
+ $ python -m asyncio
+ asyncio REPL ...
+ Use "await" directly instead of "asyncio.run()".
+ Type "help", "copyright", "credits" or "license" for more information.
+ >>> import asyncio
+ >>> await asyncio.sleep(10, result='hello')
+ 'hello'
+
+.. audit-event:: cpython.run_stdin "" ""
+
+.. versionchanged:: 3.9.20 (also 3.8.20)
+ Emits audit events.
.. We use the "rubric" directive here to avoid creating
the "Reference" subsection in the TOC.
diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst
index 66d8d57aadf384..5a62bdd950ee87 100644
--- a/Doc/using/cmdline.rst
+++ b/Doc/using/cmdline.rst
@@ -610,6 +610,11 @@ conflict.
This variable can also be modified by Python code using :data:`os.environ`
to force inspect mode on program termination.
+ .. audit-event:: cpython.run_stdin "" ""
+
+ .. versionchanged:: 3.9.20 (also 3.8.20)
+ Emits audit events.
+
.. envvar:: PYTHONUNBUFFERED
diff --git a/Lib/asyncio/__main__.py b/Lib/asyncio/__main__.py
index 18bb87a5bc4ffd..73330f4ac3f6fd 100644
--- a/Lib/asyncio/__main__.py
+++ b/Lib/asyncio/__main__.py
@@ -90,6 +90,8 @@ def run(self):
if __name__ == '__main__':
+ sys.audit("cpython.run_stdin")
+
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
diff --git
a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
new file mode 100644
index 00000000000000..ff4614b000caf4
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
@@ -0,0 +1,3 @@
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
diff --git a/Modules/main.c b/Modules/main.c
index 2cc891f61aadd1..903de3f13f31d6 100644
--- a/Modules/main.c
+++ b/Modules/main.c
@@ -534,6 +534,10 @@ pymain_repl(PyConfig *config, PyCompilerFlags *cf, int
*exitcode)
return;
}
+ if (PySys_Audit("cpython.run_stdin", NULL) < 0) {
+ return;
+ }
+
int res = PyRun_AnyFileFlags(stdin, "<stdin>", cf);
*exitcode = (res != 0);
}
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
