From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Mon, 3 May 2021 13:24:05 +0000 (-0700) Subject: bpo-42800: Add audit events for f_code and tb_frame (GH-24182) X-Git-Tag: v3.8.11~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ab272f0f3dd7da44f8e21d2a5a39c2ab39490d6;p=thirdparty%2FPython%2Fcpython.git bpo-42800: Add audit events for f_code and tb_frame (GH-24182) Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name): * PyTracebackObject: tb_frame * PyFrameObject: f_code * PyGenObject: gi_code, gi_frame * PyCoroObject: cr_code, cr_frame * PyAsyncGenObject: ag_code, ag_frame (cherry picked from commit bb2f3ff7a8f0c3565ccc1946dba7e09a3f7dc209) Co-authored-by: Steve Dower --- diff --git a/Doc/library/audit_events.rst b/Doc/library/audit_events.rst index 367d56e4e373..8227a7955bef 100644 --- a/Doc/library/audit_events.rst +++ b/Doc/library/audit_events.rst @@ -7,7 +7,7 @@ Audit events table This table contains all events raised by :func:`sys.audit` or :c:func:`PySys_Audit` calls throughout the CPython runtime and the -standard library. These calls were added in 3.8.0 or later. +standard library. These calls were added in 3.8.0 or later (see :pep:`578`). See :func:`sys.addaudithook` and :c:func:`PySys_AddAuditHook` for information on handling these events. diff --git a/Doc/library/stdtypes.rst b/Doc/library/stdtypes.rst index fb500501c8f9..aaef42504aa2 100644 --- a/Doc/library/stdtypes.rst +++ b/Doc/library/stdtypes.rst @@ -4708,6 +4708,9 @@ environment. Code objects are returned by the built-in :func:`compile` function and can be extracted from function objects through their :attr:`__code__` attribute. See also the :mod:`code` module. +Accessing ``__code__`` raises an :ref:`auditing event ` +``object.__getattr__`` with arguments ``obj`` and ``"__code__"``. + .. index:: builtin: exec builtin: eval diff --git a/Doc/reference/datamodel.rst b/Doc/reference/datamodel.rst index f71560d640c5..bf391ef1ff2c 100644 --- a/Doc/reference/datamodel.rst +++ b/Doc/reference/datamodel.rst @@ -1000,6 +1000,9 @@ Internal types :attr:`f_lasti` gives the precise instruction (this is an index into the bytecode string of the code object). + Accessing ``f_code`` raises an :ref:`auditing event ` + ``object.__getattr__`` with arguments ``obj`` and ``"f_code"``. + .. index:: single: f_trace (frame attribute) single: f_trace_lines (frame attribute) @@ -1084,6 +1087,9 @@ Internal types :keyword:`try` statement with no matching except clause or with a finally clause. + Accessing ``tb_frame`` raises an :ref:`auditing event ` + ``object.__getattr__`` with arguments ``obj`` and ``"tb_frame"``. + .. index:: single: tb_next (traceback attribute) diff --git a/Misc/ACKS b/Misc/ACKS index 197616d7378f..a265e7e9a727 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -696,6 +696,7 @@ Kevan Heydon Wouter van Heyst Kelsey Hightower Jason Hildebrand +Ryan Hileman Aaron Hill Joel Hillacre Richie Hindle diff --git a/Misc/NEWS.d/next/Security/2021-01-09-17-07-36.bpo-42800._dtZvW.rst b/Misc/NEWS.d/next/Security/2021-01-09-17-07-36.bpo-42800._dtZvW.rst new file mode 100644 index 000000000000..d01c0c3073a5 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-01-09-17-07-36.bpo-42800._dtZvW.rst @@ -0,0 +1 @@ +Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. diff --git a/Objects/frameobject.c b/Objects/frameobject.c index a796a59eee9e..3abd8e52d859 100644 --- a/Objects/frameobject.c +++ b/Objects/frameobject.c @@ -13,7 +13,7 @@ static PyMemberDef frame_memberlist[] = { {"f_back", T_OBJECT, OFF(f_back), READONLY}, - {"f_code", T_OBJECT, OFF(f_code), READONLY}, + {"f_code", T_OBJECT, OFF(f_code), READONLY|READ_RESTRICTED}, {"f_builtins", T_OBJECT, OFF(f_builtins), READONLY}, {"f_globals", T_OBJECT, OFF(f_globals), READONLY}, {"f_lasti", T_INT, OFF(f_lasti), READONLY}, diff --git a/Objects/genobject.c b/Objects/genobject.c index ce7dd48a17cf..697947b6ff7d 100644 --- a/Objects/genobject.c +++ b/Objects/genobject.c @@ -708,9 +708,9 @@ static PyGetSetDef gen_getsetlist[] = { }; static PyMemberDef gen_memberlist[] = { - {"gi_frame", T_OBJECT, offsetof(PyGenObject, gi_frame), READONLY}, + {"gi_frame", T_OBJECT, offsetof(PyGenObject, gi_frame), READONLY|READ_RESTRICTED}, {"gi_running", T_BOOL, offsetof(PyGenObject, gi_running), READONLY}, - {"gi_code", T_OBJECT, offsetof(PyGenObject, gi_code), READONLY}, + {"gi_code", T_OBJECT, offsetof(PyGenObject, gi_code), READONLY|READ_RESTRICTED}, {NULL} /* Sentinel */ }; @@ -944,9 +944,9 @@ static PyGetSetDef coro_getsetlist[] = { }; static PyMemberDef coro_memberlist[] = { - {"cr_frame", T_OBJECT, offsetof(PyCoroObject, cr_frame), READONLY}, + {"cr_frame", T_OBJECT, offsetof(PyCoroObject, cr_frame), READONLY|READ_RESTRICTED}, {"cr_running", T_BOOL, offsetof(PyCoroObject, cr_running), READONLY}, - {"cr_code", T_OBJECT, offsetof(PyCoroObject, cr_code), READONLY}, + {"cr_code", T_OBJECT, offsetof(PyCoroObject, cr_code), READONLY|READ_RESTRICTED}, {"cr_origin", T_OBJECT, offsetof(PyCoroObject, cr_origin), READONLY}, {NULL} /* Sentinel */ }; @@ -1341,10 +1341,12 @@ static PyGetSetDef async_gen_getsetlist[] = { }; static PyMemberDef async_gen_memberlist[] = { - {"ag_frame", T_OBJECT, offsetof(PyAsyncGenObject, ag_frame), READONLY}, + {"ag_frame", T_OBJECT, offsetof(PyAsyncGenObject, ag_frame), + READONLY|READ_RESTRICTED}, {"ag_running", T_BOOL, offsetof(PyAsyncGenObject, ag_running_async), READONLY}, - {"ag_code", T_OBJECT, offsetof(PyAsyncGenObject, ag_code), READONLY}, + {"ag_code", T_OBJECT, offsetof(PyAsyncGenObject, ag_code), + READONLY|READ_RESTRICTED}, {NULL} /* Sentinel */ }; diff --git a/Python/traceback.c b/Python/traceback.c index 0aa51ad37f49..d8dd8211fb07 100644 --- a/Python/traceback.c +++ b/Python/traceback.c @@ -148,7 +148,7 @@ static PyMethodDef tb_methods[] = { }; static PyMemberDef tb_memberlist[] = { - {"tb_frame", T_OBJECT, OFF(tb_frame), READONLY}, + {"tb_frame", T_OBJECT, OFF(tb_frame), READONLY|READ_RESTRICTED}, {"tb_lasti", T_INT, OFF(tb_lasti), READONLY}, {"tb_lineno", T_INT, OFF(tb_lineno), READONLY}, {NULL} /* Sentinel */