classification
Title: Add audit events for loading of sqlite3 extensions
Type: security Stage: patch review
Components: Library (Lib) Versions: Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, christian.heimes, erlendaasland
Priority: normal Keywords: patch

Created on 2021-04-07 10:51 by erlendaasland, last changed 2021-04-07 11:05 by erlendaasland.

Pull Requests
URL Status Linked Edit
PR 25246 open erlendaasland, 2021-04-07 11:05
Messages (1)
msg390414 - (view) Author: Erlend Egeberg Aasland (erlendaasland) * Date: 2021-04-07 10:51
If Python is configured with --enable-loadable-sqlite-extensions, it is possible to load third party SQLite extensions (shared libraries/DLL’s) via the sqlite3 extension module. When enabled, the sqlite3.Connection.enable_load_extension() class method will enable the loading of third party extensions via SQL queries, using the SQL function load_extension(). It also enables loading extension via C, using the sqlite3.Connection.load_extension() class method.

Suggesting to add the following audit event names to respectively the sqlite3.Connection.enable_load_extension() and sqlite3.Connection.load_extension() methods:
- sqlite3.enable_load_extension
- sqlite3.load_extension

Ref.
- https://discuss.python.org/t/should-we-audit-enabling-loading-of-sqlite3-extensions-shared-libraries/8124
- https://www.sqlite.org/loadext.html
- https://docs.python.org/3/library/sqlite3.html#sqlite3.Connection.enable_load_extension
History
Date User Action Args
2021-04-07 11:05:49erlendaaslandsetkeywords: + patch
stage: patch review
pull_requests: + pull_request23985
2021-04-07 10:51:19erlendaaslandcreate