Title: Test suite should verify auditing events get triggered
Type: Stage:
Components: Tests Versions: Python 3.10
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: akuchling
Priority: normal Keywords:

Created on 2020-10-20 19:17 by akuchling, last changed 2020-10-20 19:17 by akuchling.

Messages (1)
msg379154 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2020-10-20 19:17
During the 3.10 development process, a call to `sys.audit()` got accidentally removed from the glob module. No tests caught it.

This is clearly bad. sys.audit() is intended for security-related purposes and can result in operations being cancelled, so someone may be relying on a particular event being triggered to catch a risky situation. If we then accidentally remove the audit event, that's a security hole.

The test suite should be verifying that audit events get triggered when we expect.  Presumably we'll need some kind of context manager or assertion that will do something like: 

  with self.assertAuditEventTriggered('glob.glob', 'path'):    
Date User Action Args
2020-10-20 19:17:14akuchlingcreate