bpo-37363: Add audit events to the `http.client` module (GH-21321)

author Saiyang Gou <gousaiyang@163.com>

Fri, 23 Apr 2021 10:19:08 +0000 (03:19 -0700)

committer GitHub <noreply@github.com>

Fri, 23 Apr 2021 10:19:08 +0000 (12:19 +0200)
author Saiyang Gou <gousaiyang@163.com>
Fri, 23 Apr 2021 10:19:08 +0000 (03:19 -0700)
committer GitHub <noreply@github.com>
Fri, 23 Apr 2021 10:19:08 +0000 (12:19 +0200)
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst

index 56f4c0a0d772f49904512510b674e5a856061186..e605f7b8b141721b71f17cd6cc050fe394e0e69f 100644 (file)
--- a/Doc/library/http.client.rst
+++ b/Doc/library/http.client.rst
@@ -368,6 +368,8 @@ HTTPConnection Objects
     this is called automatically when making a request if the client does not
     already have a connection.
  
+   .. audit-event:: http.client.connect self,host,port http.client.HTTPConnection.connect
+
  
  .. method:: HTTPConnection.close()
  
@@ -437,6 +439,8 @@ also send your request step by step, by using the four functions below.
     :meth:`endheaders` method has been called and before :meth:`getresponse` is
     called.
  
+   .. audit-event:: http.client.send self,data http.client.HTTPConnection.send
+
  
  .. _httpresponse-objects:
  
diff --git a/Lib/http/client.py b/Lib/http/client.py

index c526380dcabfc95bf8c6cd3f525d4c831dd6eb1f..4b1f692844474f8971da779895ccb8461fcb32b3 100644 (file)
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -74,6 +74,7 @@ import http
  import io
  import re
  import socket
+import sys
  import collections.abc
  from urllib.parse import urlsplit
  
@@ -931,6 +932,7 @@ class HTTPConnection:
  
      def connect(self):
          """Connect to the host and port specified in __init__."""
+        sys.audit("http.client.connect", self, self.host, self.port)
          self.sock = self._create_connection(
              (self.host,self.port), self.timeout, self.source_address)
          self.sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
@@ -978,8 +980,10 @@ class HTTPConnection:
                      break
                  if encode:
                      datablock = datablock.encode("iso-8859-1")
+                sys.audit("http.client.send", self, datablock)
                  self.sock.sendall(datablock)
              return
+        sys.audit("http.client.send", self, data)
          try:
              self.sock.sendall(data)
          except TypeError:
diff --git a/Lib/test/audit-tests.py b/Lib/test/audit-tests.py

index 8e66594e52429b623eb8f070f861e0b2bb5e816f..2addf9762eae49780ef0a3febb67d0465e247a84 100644 (file)
--- a/Lib/test/audit-tests.py
+++ b/Lib/test/audit-tests.py
@@ -341,6 +341,24 @@ def test_gc():
      gc.get_referents(y)
  
  
+def test_http_client():
+    import http.client
+
+    def hook(event, args):
+        if event.startswith("http.client."):
+            print(event, *args[1:])
+
+    sys.addaudithook(hook)
+
+    conn = http.client.HTTPConnection('www.python.org')
+    try:
+        conn.request('GET', '/')
+    except OSError:
+        print('http.client.send', '[cannot send]')
+    finally:
+        conn.close()
+
+
  if __name__ == "__main__":
      from test.support import suppress_msvcrt_asserts
  
diff --git a/Lib/test/test_audit.py b/Lib/test/test_audit.py

index 58180e147a49a3799593f694a86a1dbfbb7d386c..456a5daceb9f10a867fc37459f95769040002fe0 100644 (file)
--- a/Lib/test/test_audit.py
+++ b/Lib/test/test_audit.py
@@ -130,6 +130,20 @@ class AuditTest(unittest.TestCase):
              ["gc.get_objects", "gc.get_referrers", "gc.get_referents"]
          )
  
+    def test_http(self):
+        import_helper.import_module("http.client")
+        returncode, events, stderr = self.run_python("test_http_client")
+        if returncode:
+            self.fail(stderr)
+
+        if support.verbose:
+            print(*events, sep='\n')
+        self.assertEqual(events[0][0], "http.client.connect")
+        self.assertEqual(events[0][2], "www.python.org 80")
+        self.assertEqual(events[1][0], "http.client.send")
+        if events[1][2] != '[cannot send]':
+            self.assertIn('HTTP', events[1][2])
+
  
  if __name__ == "__main__":
      unittest.main()
diff --git a/Misc/NEWS.d/next/Security/2020-07-04-22-14-46.bpo-37363.NDjHNw.rst b/Misc/NEWS.d/next/Security/2020-07-04-22-14-46.bpo-37363.NDjHNw.rst

new file mode 100644 (file)

index 0000000..5390848
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-07-04-22-14-46.bpo-37363.NDjHNw.rst
@@ -0,0 +1 @@
+Add audit events to the :mod:`http.client` module.
+\ No newline at end of file
author	Saiyang Gou <gousaiyang@163.com>
	Fri, 23 Apr 2021 10:19:08 +0000 (03:19 -0700)
committer	GitHub <noreply@github.com>
	Fri, 23 Apr 2021 10:19:08 +0000 (12:19 +0200)
Doc/library/http.client.rst		patch \| blob \| blame \| history
Lib/http/client.py		patch \| blob \| blame \| history
Lib/test/audit-tests.py		patch \| blob \| blame \| history
Lib/test/test_audit.py		patch \| blob \| blame \| history
Misc/NEWS.d/next/Security/2020-07-04-22-14-46.bpo-37363.NDjHNw.rst	[new file with mode: 0644]	patch \| blob