From 18bda39195a359c581666b90ed94b08c5a24e116 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Langa?= Date: Mon, 22 Jul 2024 13:18:49 +0200 Subject: [PATCH] gh-121957: Emit audit events for python -i and python -m asyncio --- Doc/library/asyncio.rst | 20 +++++++++++++++++++ Doc/using/cmdline.rst | 5 +++++ Lib/asyncio/__main__.py | 2 ++ ...-07-22-13-14-38.gh-issue-121957.FYkcOt.rst | 3 +++ Modules/main.c | 4 ++++ 5 files changed, 34 insertions(+) create mode 100644 Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst diff --git a/Doc/library/asyncio.rst b/Doc/library/asyncio.rst index 94a853259d3483..df3cd7921e47b0 100644 --- a/Doc/library/asyncio.rst +++ b/Doc/library/asyncio.rst @@ -57,6 +57,26 @@ Additionally, there are **low-level** APIs for * :ref:`bridge ` callback-based libraries and code with async/await syntax. +.. _asyncio-cli: + +.. rubric:: asyncio REPL + +You can experiment with an ``asyncio`` concurrent context in the REPL: + +.. code-block:: pycon + + $ python -m asyncio + asyncio REPL ... + Use "await" directly instead of "asyncio.run()". + Type "help", "copyright", "credits" or "license" for more information. + >>> import asyncio + >>> await asyncio.sleep(10, result='hello') + 'hello' + +.. audit-event:: cpython.run_stdin "" "" + +.. versionchanged:: 3.9.20 (also 3.8.20) + Emits audit events. .. We use the "rubric" directive here to avoid creating the "Reference" subsection in the TOC. diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index 08401d132009f7..4a7aba44db3fa8 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -597,6 +597,11 @@ conflict. This variable can also be modified by Python code using :data:`os.environ` to force inspect mode on program termination. + .. audit-event:: cpython.run_stdin "" "" + + .. versionchanged:: 3.9.20 (also 3.8.20) + Emits audit events. + .. envvar:: PYTHONUNBUFFERED diff --git a/Lib/asyncio/__main__.py b/Lib/asyncio/__main__.py index 18bb87a5bc4ffd..73330f4ac3f6fd 100644 --- a/Lib/asyncio/__main__.py +++ b/Lib/asyncio/__main__.py @@ -90,6 +90,8 @@ def run(self): if __name__ == '__main__': + sys.audit("cpython.run_stdin") + loop = asyncio.new_event_loop() asyncio.set_event_loop(loop) diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst new file mode 100644 index 00000000000000..ff4614b000caf4 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst @@ -0,0 +1,3 @@ +Fixed missing audit events around interactive use of Python, now also +properly firing for ``python -i``, as well as for ``python -m asyncio``. The +event in question is ``cpython.run_stdin``. diff --git a/Modules/main.c b/Modules/main.c index ea6250e28c1b8b..0574c7b56be677 100644 --- a/Modules/main.c +++ b/Modules/main.c @@ -546,6 +546,10 @@ pymain_repl(PyConfig *config, PyCompilerFlags *cf, int *exitcode) return; } + if (PySys_Audit("cpython.run_stdin", NULL) < 0) { + return; + } + int res = PyRun_AnyFileFlags(stdin, "", cf); *exitcode = (res != 0); }