Message 379154 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	akuchling
Recipients	akuchling
Date	2020-10-20.19:17:14
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1603221434.24.0.924056156868.issue42098@roundup.psfhosted.org>
In-reply-to

Content
During the 3.10 development process, a call to `sys.audit()` got accidentally removed from the glob module. No tests caught it. This is clearly bad. sys.audit() is intended for security-related purposes and can result in operations being cancelled, so someone may be relying on a particular event being triggered to catch a risky situation. If we then accidentally remove the audit event, that's a security hole. The test suite should be verifying that audit events get triggered when we expect. Presumably we'll need some kind of context manager or assertion that will do something like: with self.assertAuditEventTriggered('glob.glob', 'path'): glob.glob('path')

During the 3.10 development process, a call to `sys.audit()` got accidentally removed from the glob module. No tests caught it.

This is clearly bad. sys.audit() is intended for security-related purposes and can result in operations being cancelled, so someone may be relying on a particular event being triggered to catch a risky situation. If we then accidentally remove the audit event, that's a security hole.

The test suite should be verifying that audit events get triggered when we expect.  Presumably we'll need some kind of context manager or assertion that will do something like: 

  with self.assertAuditEventTriggered('glob.glob', 'path'):    
    glob.glob('path')

History
Date	User	Action	Args
2020-10-20 19:17:14	akuchling	set	recipients: + akuchling
2020-10-20 19:17:14	akuchling	set	messageid: <1603221434.24.0.924056156868.issue42098@roundup.psfhosted.org>
2020-10-20 19:17:14	akuchling	link	issue42098 messages
2020-10-20 19:17:14	akuchling	create