]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54b5e9e)
[3.9] gh-121957: Emit audit events for python -i and python -m asyncio (GH-122120)
authorŁukasz Langa <lukasz@langa.pl>
Mon, 22 Jul 2024 11:49:47 +0000 (13:49 +0200)
committerGitHub <noreply@github.com>
Mon, 22 Jul 2024 11:49:47 +0000 (13:49 +0200)
Doc/library/asyncio.rst patch | blob | blame | history
Doc/using/cmdline.rst patch | blob | blame | history
Lib/asyncio/__main__.py patch | blob | blame | history
Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst [new file with mode: 0644] patch | blob
Modules/main.c patch | blob | blame | history

diff --git a/Doc/library/asyncio.rst b/Doc/library/asyncio.rst
index a6429394389b104d72669f5da0c7cbccbc5362f9..ec876f7ab537d5a36757e4f604776f02926f4d0d 100644 (file)
--- a/Doc/library/asyncio.rst
+++ b/Doc/library/asyncio.rst
@@ -56,6 +56,26 @@ Additionally, there are **low-level** APIs for
 * :ref:`bridge <asyncio-futures>` callback-based libraries and code
   with async/await syntax.
 
+.. _asyncio-cli:
+
+.. rubric:: asyncio REPL
+
+You can experiment with an ``asyncio`` concurrent context in the REPL:
+
+.. code-block:: pycon
+
+   $ python -m asyncio
+   asyncio REPL ...
+   Use "await" directly instead of "asyncio.run()".
+   Type "help", "copyright", "credits" or "license" for more information.
+   >>> import asyncio
+   >>> await asyncio.sleep(10, result='hello')
+   'hello'
+
+.. audit-event:: cpython.run_stdin "" ""
+
+.. versionchanged:: 3.9.20 (also 3.8.20)
+   Emits audit events.
 
 .. We use the "rubric" directive here to avoid creating
    the "Reference" subsection in the TOC.
diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst
index 66d8d57aadf384f4a7da577e7d4846d8dba334b4..5a62bdd950ee87b88bcfecdbba5ab8f587c8f8e3 100644 (file)
--- a/Doc/using/cmdline.rst
+++ b/Doc/using/cmdline.rst
@@ -610,6 +610,11 @@ conflict.
    This variable can also be modified by Python code using :data:`os.environ`
    to force inspect mode on program termination.
 
+   .. audit-event:: cpython.run_stdin "" ""
+
+   .. versionchanged:: 3.9.20 (also 3.8.20)
+      Emits audit events.
+
 
 .. envvar:: PYTHONUNBUFFERED
 
diff --git a/Lib/asyncio/__main__.py b/Lib/asyncio/__main__.py
index 18bb87a5bc4ffd89fb24ef193ee88af64ee5dcbc..73330f4ac3f6fded7f811c7d5143ede44a73e3df 100644 (file)
--- a/Lib/asyncio/__main__.py
+++ b/Lib/asyncio/__main__.py
@@ -90,6 +90,8 @@ class REPLThread(threading.Thread):
 
 
 if __name__ == '__main__':
+    sys.audit("cpython.run_stdin")
+
     loop = asyncio.new_event_loop()
     asyncio.set_event_loop(loop)
 
diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
new file mode 100644 (file)
index 0000000..ff4614b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
@@ -0,0 +1,3 @@
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
diff --git a/Modules/main.c b/Modules/main.c
index 2cc891f61aadd1b3ecf99efd35e8fc0979b3bd57..903de3f13f31d68adab6759e8eeb9975e057dc46 100644 (file)
--- a/Modules/main.c
+++ b/Modules/main.c
@@ -534,6 +534,10 @@ pymain_repl(PyConfig *config, PyCompilerFlags *cf, int *exitcode)
         return;
     }
 
+    if (PySys_Audit("cpython.run_stdin", NULL) < 0) {
+        return;
+    }
+
     int res = PyRun_AnyFileFlags(stdin, "<stdin>", cf);
     *exitcode = (res != 0);
 }
Mirror of https://github.com/python/cpython.git