Title: Additional PEP578 hooks
Type: enhancement Stage: patch review
Components: Versions: Python 3.9, Python 3.8
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, gousaiyang, matrixise, miss-islington, steve.dower
Priority: normal Keywords: patch

Created on 2019-06-21 15:42 by steve.dower, last changed 2020-07-06 08:00 by matrixise.

Pull Requests
URL Status Linked Edit
PR 14301 merged steve.dower, 2019-06-21 23:13
PR 14345 merged miss-islington, 2019-06-24 15:43
PR 14524 merged steve.dower, 2019-07-01 17:34
PR 14536 merged miss-islington, 2019-07-01 23:04
PR 14663 merged christian.heimes, 2019-07-09 10:32
PR 16046 merged miss-islington, 2019-09-12 13:13
PR 21321 open gousaiyang, 2020-07-04 22:13
Messages (13)
msg346229 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-06-21 15:42
We should also (see whether we should) add audit hooks for the following modules:
* configparser
* crypt
* ensurepip
* ftplib
* glob
* http
* imaplib
* nntplib
* pdb
* poplib
* runpy
* shutil
* smtpd
* smtplib
* socketserver
* sqlite3
* telnetlib
* webbrowser
* xmlrpc

All of these seem likely to have interesting events (specifically, they can all be misused in scenarios where the impact would not be obvious without extra information).
msg346301 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-06-22 21:35
PR 14301 has at least a few hooks for most of the modules above.

I think xmlrpc deserves some, but it is not as immediately obvious where to put them as for the other modules. smtpd also still needs looking at.
msg346367 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-06-24 10:47
I'll add hooks to ssl module for wrap_socket and wrap_bio.
msg346416 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-06-24 15:42
New changeset 60419a7e96577cf783b3b45bf3984f9fb0d7ddff by Steve Dower in branch 'master':
bpo-37363: Add audit events for a range of modules (GH-14301)
msg346418 - (view) Author: miss-islington (miss-islington) Date: 2019-06-24 16:09
New changeset 8763d43a9558b345af6a3a298afa18e7d3b42fd0 by Miss Islington (bot) in branch '3.8':
bpo-37363: Add audit events for a range of modules (GH-14301)
msg346419 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-06-24 16:27
FWIW, I tried looking into how we can prevent or detect monkeypatching of "sys.audit", and the answer seems to be that we need to define a custom type for the sys module and for sys.__dict__.

I'm not prepared to do that yet, and IMHO there are enough way to detect someone patching it to nothing (all your logs disappear) or patching it more cleverly (someone ran some pretty complex code to redefine it) and events from native code can't be suppressed either, so I think it's fine. 

But I won't refuse a contribution if someone thinks this is a critical scenario (though I will push hard to make sure the implementation is solid, as I think this is pretty hard to get right).
msg347085 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-07-01 23:03
New changeset e226e83d36dfc7220d836fb7a249ce18e70cb4a6 by Steve Dower in branch 'master':
bpo-37363: Add audit events on startup for the run commands (GH-14524)
msg347088 - (view) Author: miss-islington (miss-islington) Date: 2019-07-01 23:22
New changeset 746992c1ae4c632220563d3fe54123498f93db1d by Miss Islington (bot) in branch '3.8':
bpo-37363: Add audit events on startup for the run commands (GH-14524)
msg347093 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-07-01 23:43
All that's left here right now is some xmlrpc events, unless we can think of any more stdlib modules that should have them?
msg352154 - (view) Author: miss-islington (miss-islington) Date: 2019-09-12 13:13
New changeset ed4b3216e59df4806e5ef63b3357fc577a9443d7 by Miss Islington (bot) (Christian Heimes) in branch 'master':
bpo-37363: Document internal audit events (GH-14663)
msg352156 - (view) Author: miss-islington (miss-islington) Date: 2019-09-12 13:20
New changeset 2f01cf61874aa42eeb9999e49d51d4881792d9c4 by Miss Islington (bot) in branch '3.8':
bpo-37363: Document internal audit events (GH-14663)
msg352157 - (view) Author: St├ęphane Wirtel (matrixise) * (Python committer) Date: 2019-09-12 13:21
@Christian, I have merged your PR for the audit events, but I have not closed this issue, I suppose there will be other PRs for this issue.
msg373074 - (view) Author: St├ęphane Wirtel (matrixise) * (Python committer) Date: 2020-07-06 08:00
Hi @Christian,

When you have time for my last question.

Thank you,
Date User Action Args
2020-07-06 08:00:42matrixisesetmessages: + msg373074
2020-07-04 22:13:10gousaiyangsetnosy: + gousaiyang
pull_requests: + pull_request20472
2019-09-12 13:21:38matrixisesetnosy: + matrixise
messages: + msg352157
2019-09-12 13:20:28miss-islingtonsetmessages: + msg352156
2019-09-12 13:13:16miss-islingtonsetpull_requests: + pull_request15668
2019-09-12 13:13:04miss-islingtonsetmessages: + msg352154
2019-07-09 10:32:43christian.heimessetpull_requests: + pull_request14471
2019-07-01 23:43:03steve.dowersetmessages: + msg347093
2019-07-01 23:22:32miss-islingtonsetmessages: + msg347088
2019-07-01 23:04:05miss-islingtonsetpull_requests: + pull_request14349
2019-07-01 23:03:58steve.dowersetmessages: + msg347085
2019-07-01 17:34:51steve.dowersetpull_requests: + pull_request14337
2019-06-24 16:27:43steve.dowersetmessages: + msg346419
2019-06-24 16:09:53miss-islingtonsetnosy: + miss-islington
messages: + msg346418
2019-06-24 15:43:08miss-islingtonsetpull_requests: + pull_request14165
2019-06-24 15:42:59steve.dowersetmessages: + msg346416
2019-06-24 10:47:34christian.heimessetmessages: + msg346367
2019-06-22 21:35:27steve.dowersetmessages: + msg346301
2019-06-21 23:13:06steve.dowersetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request14125
2019-06-21 15:42:29steve.dowercreate