gh-121957: Emit audit events for `python -i` and `python -m asyncio` (GH-121958)

Relatedly, emit the `cpython.run_startup` event from the Python version of
`PYTHONSTARTUP` handling.
This commit is contained in:
Łukasz Langa 2024-07-22 13:04:08 +02:00 committed by GitHub
parent cad11a2bdc
commit dc93d1125f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 36 additions and 2 deletions

View File

@ -56,9 +56,13 @@ Additionally, there are **low-level** APIs for
* :ref:`bridge <asyncio-futures>` callback-based libraries and code * :ref:`bridge <asyncio-futures>` callback-based libraries and code
with async/await syntax. with async/await syntax.
.. include:: ../includes/wasm-notavail.rst
.. _asyncio-cli: .. _asyncio-cli:
You can experiment with an ``asyncio`` concurrent context in the REPL: .. rubric:: asyncio REPL
You can experiment with an ``asyncio`` concurrent context in the :term:`REPL`:
.. code-block:: pycon .. code-block:: pycon
@ -70,7 +74,14 @@ You can experiment with an ``asyncio`` concurrent context in the REPL:
>>> await asyncio.sleep(10, result='hello') >>> await asyncio.sleep(10, result='hello')
'hello' 'hello'
.. include:: ../includes/wasm-notavail.rst .. audit-event:: cpython.run_stdin "" ""
.. versionchanged:: 3.12.5 (also 3.11.10, 3.10.15, 3.9.20, and 3.8.20)
Emits audit events.
.. versionchanged:: 3.13
Uses PyREPL if possible, in which case :envvar:`PYTHONSTARTUP` is
also executed. Emits audit events.
.. We use the "rubric" directive here to avoid creating .. We use the "rubric" directive here to avoid creating
the "Reference" subsection in the TOC. the "Reference" subsection in the TOC.

View File

@ -793,6 +793,15 @@ conflict.
This variable can also be modified by Python code using :data:`os.environ` This variable can also be modified by Python code using :data:`os.environ`
to force inspect mode on program termination. to force inspect mode on program termination.
.. audit-event:: cpython.run_stdin "" ""
.. versionchanged:: 3.12.5 (also 3.11.10, 3.10.15, 3.9.20, and 3.8.20)
Emits audit events.
.. versionchanged:: 3.13
Uses PyREPL if possible, in which case :envvar:`PYTHONSTARTUP` is
also executed. Emits audit events.
.. envvar:: PYTHONUNBUFFERED .. envvar:: PYTHONUNBUFFERED

View File

@ -39,6 +39,8 @@ def interactive_console(mainmodule=None, quiet=False, pythonstartup=False):
# sys._baserepl() above does this internally, we do it here # sys._baserepl() above does this internally, we do it here
startup_path = os.getenv("PYTHONSTARTUP") startup_path = os.getenv("PYTHONSTARTUP")
if pythonstartup and startup_path: if pythonstartup and startup_path:
sys.audit("cpython.run_startup", startup_path)
import tokenize import tokenize
with tokenize.open(startup_path) as f: with tokenize.open(startup_path) as f:
startup_code = compile(f.read(), startup_path, "exec") startup_code = compile(f.read(), startup_path, "exec")

View File

@ -91,6 +91,8 @@ class REPLThread(threading.Thread):
console.write(banner) console.write(banner)
if startup_path := os.getenv("PYTHONSTARTUP"): if startup_path := os.getenv("PYTHONSTARTUP"):
sys.audit("cpython.run_startup", startup_path)
import tokenize import tokenize
with tokenize.open(startup_path) as f: with tokenize.open(startup_path) as f:
startup_code = compile(f.read(), startup_path, "exec") startup_code = compile(f.read(), startup_path, "exec")
@ -127,6 +129,8 @@ class REPLThread(threading.Thread):
if __name__ == '__main__': if __name__ == '__main__':
sys.audit("cpython.run_stdin")
if os.getenv('PYTHON_BASIC_REPL'): if os.getenv('PYTHON_BASIC_REPL'):
CAN_USE_PYREPL = False CAN_USE_PYREPL = False
else: else:
@ -155,6 +159,7 @@ if __name__ == '__main__':
interactive_hook = getattr(sys, "__interactivehook__", None) interactive_hook = getattr(sys, "__interactivehook__", None)
if interactive_hook is not None: if interactive_hook is not None:
sys.audit("cpython.run_interactivehook", interactive_hook)
interactive_hook() interactive_hook()
if interactive_hook is site.register_readline: if interactive_hook is site.register_readline:

View File

@ -0,0 +1,3 @@
Fixed missing audit events around interactive use of Python, now also
properly firing for ``python -i``, as well as for ``python -m asyncio``. The
events in question are ``cpython.run_stdin`` and ``cpython.run_startup``.

View File

@ -594,6 +594,10 @@ pymain_repl(PyConfig *config, int *exitcode)
return; return;
} }
if (PySys_Audit("cpython.run_stdin", NULL) < 0) {
return;
}
if (!isatty(fileno(stdin)) if (!isatty(fileno(stdin))
|| _Py_GetEnv(config->use_environment, "PYTHON_BASIC_REPL")) { || _Py_GetEnv(config->use_environment, "PYTHON_BASIC_REPL")) {
PyCompilerFlags cf = _PyCompilerFlags_INIT; PyCompilerFlags cf = _PyCompilerFlags_INIT;