From e226e83d36dfc7220d836fb7a249ce18e70cb4a6 Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Mon, 1 Jul 2019 16:03:53 -0700 Subject: [PATCH] bpo-37363: Add audit events on startup for the run commands (GH-14524) --- Doc/library/sys.rst | 6 ++ Doc/tools/extensions/pyspecific.py | 22 ++-- Doc/using/cmdline.rst | 12 ++- Lib/test/test_embed.py | 40 ++++++- .../2019-07-01-10-31-14.bpo-37363.fSjatj.rst | 2 + Modules/main.c | 21 ++++ Programs/_testembed.c | 100 ++++++++++++++++++ 7 files changed, 190 insertions(+), 13 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2019-07-01-10-31-14.bpo-37363.fSjatj.rst diff --git a/Doc/library/sys.rst b/Doc/library/sys.rst index 131aea0def..acd54421a3 100644 --- a/Doc/library/sys.rst +++ b/Doc/library/sys.rst @@ -905,6 +905,12 @@ always available. read, so that you can set this hook there. The :mod:`site` module :ref:`sets this `. + .. audit-event:: cpython.run_interactivehook hook sys.__interactivehook__ + + Raises an :ref:`auditing event ` + ``cpython.run_interactivehook`` with the hook object as the argument when + the hook is called on startup. + .. versionadded:: 3.4 diff --git a/Doc/tools/extensions/pyspecific.py b/Doc/tools/extensions/pyspecific.py index a6f39b02b5..8839033b98 100644 --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py @@ -199,13 +199,18 @@ class AuditEvent(Directive): .format(name, info['args'], new_info['args']) ) - if len(self.arguments) >= 3 and self.arguments[2]: - target = self.arguments[2] - ids = [] - else: - target = "audit_event_{}_{}".format(name, len(info['source'])) - target = re.sub(r'\W', '_', label) - ids = [target] + ids = [] + try: + target = self.arguments[2].strip("\"'") + except (IndexError, TypeError): + target = None + if not target: + target = "audit_event_{}_{}".format( + re.sub(r'\W', '_', name), + len(info['source']), + ) + ids.append(target) + info['source'].append((env.docname, target)) pnode = nodes.paragraph(text, classes=["audit-hook"], ids=ids) @@ -560,7 +565,8 @@ def process_audit_events(app, doctree, fromdocname): row += nodes.entry('', node) node = nodes.paragraph() - for i, (doc, label) in enumerate(audit_event['source'], start=1): + backlinks = enumerate(sorted(set(audit_event['source'])), start=1) + for i, (doc, label) in backlinks: if isinstance(label, str): ref = nodes.reference("", nodes.Text("[{}]".format(i)), internal=True) ref['refuri'] = "{}#{}".format( diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index e11fe31c2f..22f42d966a 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -70,6 +70,7 @@ source. :data:`sys.path` (allowing modules in that directory to be imported as top level modules). + .. audit-event:: cpython.run_command command cmdoption-c .. cmdoption:: -m @@ -106,13 +107,14 @@ source. python -mtimeit -s 'setup here' 'benchmarked code here' python -mtimeit -h # for details + .. audit-event:: cpython.run_module module-name cmdoption-m + .. seealso:: :func:`runpy.run_module` Equivalent functionality directly available to Python code :pep:`338` -- Executing modules as scripts - .. versionchanged:: 3.1 Supply the package name to run a ``__main__`` submodule. @@ -129,6 +131,7 @@ source. ``"-"`` and the current directory will be added to the start of :data:`sys.path`. + .. audit-event:: cpython.run_stdin "" "" .. describe::