bpo-43434: Move sqlite3.connect audit events to sqlite3.Connection.__init__ (GH-25818)

diff --git a/Lib/test/audit-tests.py b/Lib/test/audit-tests.py
index ed42451b8f08af29bc36d47e66091c72c20ff625..7a7de637c38823c086f1ad4a0c50de5752ff64bf 100644 (file)
--- a/Lib/test/audit-tests.py
+++ b/Lib/test/audit-tests.py
@@ -367,13 +367,14 @@ def test_sqlite3():
             print(event, *args)
 
     sys.addaudithook(hook)
-    cx = sqlite3.connect(":memory:")
+    cx1 = sqlite3.connect(":memory:")
+    cx2 = sqlite3.Connection(":memory:")
 
     # Configured without --enable-loadable-sqlite-extensions
     if hasattr(sqlite3.Connection, "enable_load_extension"):
-        cx.enable_load_extension(False)
+        cx1.enable_load_extension(False)
         try:
-            cx.load_extension("test")
+            cx1.load_extension("test")
         except sqlite3.OperationalError:
             pass
         else:

diff --git a/Lib/test/test_audit.py b/Lib/test/test_audit.py
index 4ba62c408526d35f2325952c8e5252ca6c8274ef..25ff34bb11298a15ac960da5cd5ca564872b6241 100644 (file)
--- a/Lib/test/test_audit.py
+++ b/Lib/test/test_audit.py
@@ -158,7 +158,7 @@ class AuditTest(unittest.TestCase):
         if support.verbose:
             print(*events, sep='\n')
         actual = [ev[0] for ev in events]
-        expected = ["sqlite3.connect", "sqlite3.connect/handle"]
+        expected = ["sqlite3.connect", "sqlite3.connect/handle"] * 2
 
         if hasattr(sqlite3.Connection, "enable_load_extension"):
             expected += [

diff --git a/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst b/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst
new file mode 100644 (file)
index 0000000..b5a3f8d
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst
@@ -0,0 +1,4 @@
+Creating :class:`sqlite3.Connection` objects now also produces
+``sqlite3.connect`` and ``sqlite3.connect/handle`` :ref:`auditing events
+<auditing>`. Previously these events were only produced by
+:func:`sqlite3.connect` calls. Patch by Erlend E. Aasland.

diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 5f8e41b6169a7651d851adca7bc48694582046ba..fb5411243c67988cd0da5e3344f91dd0b50b2753 100644 (file)
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -86,6 +86,10 @@ pysqlite_connection_init(pysqlite_Connection *self, PyObject *args,
         return -1;
     }
 
+    if (PySys_Audit("sqlite3.connect", "O", database_obj) < 0) {
+        return -1;
+    }
+
     database = PyBytes_AsString(database_obj);
 
     self->initialized = 1;
@@ -179,6 +183,10 @@ pysqlite_connection_init(pysqlite_Connection *self, PyObject *args,
     self->ProgrammingError      = pysqlite_ProgrammingError;
     self->NotSupportedError     = pysqlite_NotSupportedError;
 
+    if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
+        return -1;
+    }
+
     return 0;
 }
 

diff --git a/Modules/_sqlite/module.c b/Modules/_sqlite/module.c
index 2f323fcd00141ffec41a1431a29f1f40163939be..324994641b4a4a865be88fc8b56dcc5644ab85cd 100644 (file)
--- a/Modules/_sqlite/module.c
+++ b/Modules/_sqlite/module.c
@@ -91,20 +91,11 @@ static PyObject* module_connect(PyObject* self, PyObject* args, PyObject*
         factory = (PyObject*)pysqlite_ConnectionType;
     }
 
-    if (PySys_Audit("sqlite3.connect", "O", database) < 0) {
-        return NULL;
-    }
-
     result = PyObject_Call(factory, args, kwargs);
     if (result == NULL) {
         return NULL;
     }
 
-    if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
-        Py_DECREF(result);
-        return NULL;
-    }
-
     return result;
 }