mirror of
https://github.com/python/cpython.git
synced 2024-11-25 01:20:47 +01:00
bpo-37363: Add audit events for a range of modules (GH-14301)
This commit is contained in:
parent
9bbf4d7083
commit
60419a7e96
@ -2046,7 +2046,7 @@ Data types
|
||||
.. audit-event:: ctypes.cdata address
|
||||
|
||||
This method, and others that indirectly call this method, raises an
|
||||
:func:`auditing event <sys.audit>` ``ctypes.cdata`` with argument
|
||||
:ref:`auditing event <auditing>` ``ctypes.cdata`` with argument
|
||||
``address``.
|
||||
|
||||
.. method:: from_param(obj)
|
||||
|
@ -119,6 +119,8 @@ Module API
|
||||
*verbosity* controls the level of output to :data:`sys.stdout` from the
|
||||
bootstrapping operation.
|
||||
|
||||
.. audit-event:: ensurepip.bootstrap root
|
||||
|
||||
.. note::
|
||||
|
||||
The bootstrapping process has side effects on both ``sys.path`` and
|
||||
|
@ -190,6 +190,8 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
|
||||
*source_address* is a 2-tuple ``(host, port)`` for the socket to bind to as
|
||||
its source address before connecting.
|
||||
|
||||
.. audit-event:: ftplib.FTP.connect "self host port"
|
||||
|
||||
.. versionchanged:: 3.3
|
||||
*source_address* parameter was added.
|
||||
|
||||
@ -223,6 +225,8 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
|
||||
|
||||
Send a simple command string to the server and return the response string.
|
||||
|
||||
.. audit-event:: ftplib.FTP.sendcmd "self cmd"
|
||||
|
||||
|
||||
.. method:: FTP.voidcmd(cmd)
|
||||
|
||||
@ -230,6 +234,8 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
|
||||
nothing if a response code corresponding to success (codes in the range
|
||||
200--299) is received. Raise :exc:`error_reply` otherwise.
|
||||
|
||||
.. audit-event:: ftplib.FTP.sendcmd "self cmd"
|
||||
|
||||
|
||||
.. method:: FTP.retrbinary(cmd, callback, blocksize=8192, rest=None)
|
||||
|
||||
|
@ -128,6 +128,8 @@ are always available. They are listed here in alphabetical order.
|
||||
:func:`breakpoint` will automatically call that, allowing you to drop into
|
||||
the debugger of choice.
|
||||
|
||||
.. audit-event:: builtins.breakpoint "sys.breakpointhook"
|
||||
|
||||
.. versionadded:: 3.7
|
||||
|
||||
.. _func-bytearray:
|
||||
@ -277,7 +279,7 @@ are always available. They are listed here in alphabetical order.
|
||||
|
||||
.. audit-event:: compile "source filename"
|
||||
|
||||
Raises an :func:`auditing event <sys.audit>` ``compile`` with arguments
|
||||
Raises an :ref:`auditing event <auditing>` ``compile`` with arguments
|
||||
``source`` and ``filename``. This event may also be raised by implicit
|
||||
compilation.
|
||||
|
||||
@ -490,8 +492,8 @@ are always available. They are listed here in alphabetical order.
|
||||
|
||||
.. audit-event:: exec code_object
|
||||
|
||||
Raises an :func:`auditing event <sys.audit>` ``exec`` with the code object as
|
||||
the argument. Code compilation events may also be raised.
|
||||
Raises an :ref:`auditing event <auditing>` ``exec`` with the code object
|
||||
as the argument. Code compilation events may also be raised.
|
||||
|
||||
.. index:: builtin: exec
|
||||
|
||||
@ -525,8 +527,8 @@ are always available. They are listed here in alphabetical order.
|
||||
|
||||
.. audit-event:: exec code_object
|
||||
|
||||
Raises an :func:`auditing event <sys.audit>` ``exec`` with the code object as
|
||||
the argument. Code compilation events may also be raised.
|
||||
Raises an :ref:`auditing event <auditing>` ``exec`` with the code object
|
||||
as the argument. Code compilation events may also be raised.
|
||||
|
||||
.. note::
|
||||
|
||||
@ -779,7 +781,7 @@ are always available. They are listed here in alphabetical order.
|
||||
|
||||
.. audit-event:: builtins.input prompt
|
||||
|
||||
Raises an :func:`auditing event <sys.audit>` ``builtins.input`` with
|
||||
Raises an :ref:`auditing event <auditing>` ``builtins.input`` with
|
||||
argument ``prompt`` before reading input
|
||||
|
||||
.. audit-event:: builtins.input/result result
|
||||
|
@ -52,6 +52,8 @@ For example, ``'[?]'`` matches the character ``'?'``.
|
||||
more directories and subdirectories. If the pattern is followed by an
|
||||
``os.sep``, only directories and subdirectories match.
|
||||
|
||||
.. audit-event:: glob.glob "pathname recursive"
|
||||
|
||||
.. note::
|
||||
Using the "``**``" pattern in large directory trees may consume
|
||||
an inordinate amount of time.
|
||||
@ -65,6 +67,8 @@ For example, ``'[?]'`` matches the character ``'?'``.
|
||||
Return an :term:`iterator` which yields the same values as :func:`glob`
|
||||
without actually storing them all simultaneously.
|
||||
|
||||
.. audit-event:: glob.glob "pathname recursive"
|
||||
|
||||
|
||||
.. function:: escape(pathname)
|
||||
|
||||
|
@ -361,6 +361,8 @@ An :class:`IMAP4` instance has the following methods:
|
||||
:meth:`IMAP4.send`, and :meth:`IMAP4.shutdown` methods. You may override
|
||||
this method.
|
||||
|
||||
.. audit-event:: imaplib.IMAP4.open "self host port"
|
||||
|
||||
|
||||
.. method:: IMAP4.partial(message_num, message_part, start, length)
|
||||
|
||||
@ -430,6 +432,8 @@ An :class:`IMAP4` instance has the following methods:
|
||||
|
||||
Sends ``data`` to the remote server. You may override this method.
|
||||
|
||||
.. audit-event:: imaplib.IMAP4.send "self data"
|
||||
|
||||
|
||||
.. method:: IMAP4.setacl(mailbox, who, what)
|
||||
|
||||
|
@ -122,7 +122,7 @@ High-level Module Interface
|
||||
|
||||
.. audit-event:: open "path mode flags"
|
||||
|
||||
This function raises an :func:`auditing event <sys.audit>` ``open`` with
|
||||
This function raises an :ref:`auditing event <auditing>` ``open`` with
|
||||
arguments ``path``, ``mode`` and ``flags``. The ``mode`` and ``flags``
|
||||
arguments may have been modified or inferred from the original call.
|
||||
|
||||
|
@ -79,6 +79,11 @@ The module itself defines the following classes:
|
||||
('211 1755 1 1755 gmane.comp.python.committers', 1755, 1, 1755, 'gmane.comp.python.committers')
|
||||
>>>
|
||||
|
||||
.. audit-event:: nntplib.NNTP "self host port"
|
||||
|
||||
All commands will raise an :ref:`auditing event <auditing>`
|
||||
``nntplib.NNTP.putline`` with arguments ``self`` and ``line``,
|
||||
where ``line`` is the bytes about to be sent to the remote host.
|
||||
|
||||
.. versionchanged:: 3.2
|
||||
*usenetrc* is now ``False`` by default.
|
||||
@ -100,6 +105,12 @@ The module itself defines the following classes:
|
||||
STARTTLS as described below. However, some servers only support the
|
||||
former.
|
||||
|
||||
.. audit-event:: nntplib.NNTP "self host port"
|
||||
|
||||
All commands will raise an :ref:`auditing event <auditing>`
|
||||
``nntplib.NNTP.putline`` with arguments ``self`` and ``line``,
|
||||
where ``line`` is the bytes about to be sent to the remote host.
|
||||
|
||||
.. versionadded:: 3.2
|
||||
|
||||
.. versionchanged:: 3.4
|
||||
|
@ -1801,6 +1801,8 @@ features:
|
||||
This function can also support :ref:`specifying a file descriptor
|
||||
<path_fd>`; the file descriptor must refer to a directory.
|
||||
|
||||
.. audit-event:: os.listdir path
|
||||
|
||||
.. note::
|
||||
To encode ``str`` filenames to ``bytes``, use :func:`~os.fsencode`.
|
||||
|
||||
@ -2178,6 +2180,8 @@ features:
|
||||
This function can also support :ref:`specifying a file descriptor
|
||||
<path_fd>`; the file descriptor must refer to a directory.
|
||||
|
||||
.. audit-event:: os.scandir path
|
||||
|
||||
The :func:`scandir` iterator supports the :term:`context manager` protocol
|
||||
and has the following method:
|
||||
|
||||
|
@ -181,6 +181,8 @@ access further features, you have to do this yourself:
|
||||
|
||||
import pdb; pdb.Pdb(skip=['django.*']).set_trace()
|
||||
|
||||
.. audit-event:: pdb.Pdb
|
||||
|
||||
.. versionadded:: 3.1
|
||||
The *skip* argument.
|
||||
|
||||
|
@ -39,6 +39,12 @@ The :mod:`poplib` module provides two classes:
|
||||
connection attempt (if not specified, the global default timeout setting will
|
||||
be used).
|
||||
|
||||
.. audit-event:: poplib.POP3 "self host port"
|
||||
|
||||
All commands will raise an :ref:`auditing event <auditing>`
|
||||
``poplib.POP3.putline`` with arguments ``self`` and ``line``,
|
||||
where ``line`` is the bytes about to be sent to the remote host.
|
||||
|
||||
|
||||
.. class:: POP3_SSL(host, port=POP3_SSL_PORT, keyfile=None, certfile=None, timeout=None, context=None)
|
||||
|
||||
@ -54,6 +60,12 @@ The :mod:`poplib` module provides two classes:
|
||||
point to PEM-formatted private key and certificate chain files,
|
||||
respectively, for the SSL connection.
|
||||
|
||||
.. audit-event:: poplib.POP3 "self host port"
|
||||
|
||||
All commands will raise an :ref:`auditing event <auditing>`
|
||||
``poplib.POP3.putline`` with arguments ``self`` and ``line``,
|
||||
where ``line`` is the bytes about to be sent to the remote host.
|
||||
|
||||
.. versionchanged:: 3.2
|
||||
*context* parameter added.
|
||||
|
||||
|
@ -249,6 +249,8 @@ Directory and files operations
|
||||
as arguments. By default, :func:`~shutil.copy2` is used, but any function
|
||||
that supports the same signature (like :func:`~shutil.copy`) can be used.
|
||||
|
||||
.. audit-event:: shutil.copytree "src dst"
|
||||
|
||||
.. versionchanged:: 3.3
|
||||
Copy metadata when *symlinks* is false.
|
||||
Now returns *dst*.
|
||||
@ -296,6 +298,8 @@ Directory and files operations
|
||||
*excinfo*, will be the exception information returned by
|
||||
:func:`sys.exc_info`. Exceptions raised by *onerror* will not be caught.
|
||||
|
||||
.. audit-event:: shutil.rmtree path
|
||||
|
||||
.. versionchanged:: 3.3
|
||||
Added a symlink attack resistant version that is used automatically
|
||||
if platform supports fd-based functions.
|
||||
@ -558,6 +562,8 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
|
||||
|
||||
The *verbose* argument is unused and deprecated.
|
||||
|
||||
.. audit-event:: shutil.make_archive "base_name format root_dir base_dir"
|
||||
|
||||
.. versionchanged:: 3.8
|
||||
The modern pax (POSIX.1-2001) format is now used instead of
|
||||
the legacy GNU format for archives created with ``format="tar"``.
|
||||
|
@ -55,6 +55,10 @@ Protocol) and :rfc:`1869` (SMTP Service Extensions).
|
||||
(250, b'Ok')
|
||||
>>>
|
||||
|
||||
All commands will raise an :ref:`auditing event <auditing>`
|
||||
``smtplib.SMTP.send`` with arguments ``self`` and ``data``,
|
||||
where ``data`` is the bytes about to be sent to the remote host.
|
||||
|
||||
.. versionchanged:: 3.3
|
||||
Support for the :keyword:`with` statement was added.
|
||||
|
||||
@ -242,6 +246,8 @@ An :class:`SMTP` instance has the following methods:
|
||||
2-tuple of the response code and message sent by the server in its
|
||||
connection response.
|
||||
|
||||
.. audit-event:: smtplib.SMTP.connect "self host port"
|
||||
|
||||
|
||||
.. method:: SMTP.helo(name='')
|
||||
|
||||
|
@ -224,6 +224,8 @@ Module functions and constants
|
||||
More information about this feature, including a list of recognized options, can
|
||||
be found in the `SQLite URI documentation <https://www.sqlite.org/uri.html>`_.
|
||||
|
||||
.. audit-event:: sqlite3.connect "database"
|
||||
|
||||
.. versionchanged:: 3.4
|
||||
Added the *uri* parameter.
|
||||
|
||||
|
@ -585,6 +585,13 @@ functions.
|
||||
with Popen(["ifconfig"], stdout=PIPE) as proc:
|
||||
log.write(proc.stdout.read())
|
||||
|
||||
.. audit-event:: subprocess.Popen "executable args cwd env"
|
||||
|
||||
Popen and the other functions in this module that use it raise an
|
||||
:ref:`auditing event <auditing>` ``subprocess.Popen`` with arguments
|
||||
``executable``, ``args``, ``cwd``, ``env``. The value for ``args``
|
||||
may be a single string or a list of strings, depending on platform.
|
||||
|
||||
.. versionchanged:: 3.2
|
||||
Added context manager support.
|
||||
|
||||
|
@ -141,6 +141,8 @@ Telnet Objects
|
||||
|
||||
Do not try to reopen an already connected instance.
|
||||
|
||||
.. audit-event:: telnetlib.Telnet.open "self host port"
|
||||
|
||||
|
||||
.. method:: Telnet.msg(msg, *args)
|
||||
|
||||
@ -176,6 +178,8 @@ Telnet Objects
|
||||
block if the connection is blocked. May raise :exc:`OSError` if the
|
||||
connection is closed.
|
||||
|
||||
.. audit-event:: telnetlib.Telnet.write "self buffer"
|
||||
|
||||
.. versionchanged:: 3.3
|
||||
This method used to raise :exc:`socket.error`, which is now an alias
|
||||
of :exc:`OSError`.
|
||||
|
@ -62,6 +62,8 @@ The module defines the following user-callable items:
|
||||
The :py:data:`os.O_TMPFILE` flag is used if it is available and works
|
||||
(Linux-specific, requires Linux kernel 3.11 or later).
|
||||
|
||||
.. audit-event:: tempfile.mkstemp "full-path"
|
||||
|
||||
.. versionchanged:: 3.5
|
||||
|
||||
The :py:data:`os.O_TMPFILE` flag is now used if available.
|
||||
@ -85,6 +87,8 @@ The module defines the following user-callable items:
|
||||
attribute is the underlying true file object. This file-like object can
|
||||
be used in a :keyword:`with` statement, just like a normal file.
|
||||
|
||||
.. audit-event:: tempfile.mkstemp "full-path"
|
||||
|
||||
.. versionchanged:: 3.8
|
||||
Added *errors* parameter.
|
||||
|
||||
@ -130,6 +134,8 @@ The module defines the following user-callable items:
|
||||
The directory can be explicitly cleaned up by calling the
|
||||
:func:`cleanup` method.
|
||||
|
||||
.. audit-event:: tempfile.mkdtemp "full-path"
|
||||
|
||||
.. versionadded:: 3.2
|
||||
|
||||
|
||||
@ -177,6 +183,8 @@ The module defines the following user-callable items:
|
||||
file (as would be returned by :func:`os.open`) and the absolute pathname
|
||||
of that file, in that order.
|
||||
|
||||
.. audit-event:: tempfile.mkstemp "full-path"
|
||||
|
||||
.. versionchanged:: 3.5
|
||||
*suffix*, *prefix*, and *dir* may now be supplied in bytes in order to
|
||||
obtain a bytes return value. Prior to this, only str was allowed.
|
||||
@ -198,6 +206,8 @@ The module defines the following user-callable items:
|
||||
|
||||
:func:`mkdtemp` returns the absolute pathname of the new directory.
|
||||
|
||||
.. audit-event:: tempfile.mkdtemp "full-path"
|
||||
|
||||
.. versionchanged:: 3.5
|
||||
*suffix*, *prefix*, and *dir* may now be supplied in bytes in order to
|
||||
obtain a bytes return value. Prior to this, only str was allowed.
|
||||
|
@ -97,7 +97,7 @@ The :mod:`urllib.request` module defines the following functions:
|
||||
|
||||
.. audit-event:: urllib.Request "fullurl data headers method"
|
||||
|
||||
The default opener raises an :func:`auditing event <sys.audit>`
|
||||
The default opener raises an :ref:`auditing event <auditing>`
|
||||
``urllib.Request`` with arguments ``fullurl``, ``data``, ``headers``,
|
||||
``method`` taken from the request object.
|
||||
|
||||
|
@ -64,6 +64,8 @@ The following functions are defined:
|
||||
may work and start the operating system's associated program. However, this
|
||||
is neither supported nor portable.
|
||||
|
||||
.. audit-event:: webbrowser.open "url"
|
||||
|
||||
|
||||
.. function:: open_new(url)
|
||||
|
||||
|
@ -115,8 +115,8 @@ class CheckSuspiciousMarkupBuilder(Builder):
|
||||
def finish(self):
|
||||
unused_rules = [rule for rule in self.rules if not rule.used]
|
||||
if unused_rules:
|
||||
self.warn('Found %s/%s unused rules:' %
|
||||
(len(unused_rules), len(self.rules)))
|
||||
self.logger.warn('Found %s/%s unused rules:' %
|
||||
(len(unused_rules), len(self.rules)))
|
||||
for rule in unused_rules:
|
||||
self.logger.info(repr(rule))
|
||||
return
|
||||
@ -151,10 +151,10 @@ class CheckSuspiciousMarkupBuilder(Builder):
|
||||
self.any_issue = True
|
||||
self.write_log_entry(lineno, issue, text)
|
||||
if py3:
|
||||
self.warn('[%s:%d] "%s" found in "%-.120s"' %
|
||||
(self.docname, lineno, issue, text))
|
||||
self.logger.warn('[%s:%d] "%s" found in "%-.120s"' %
|
||||
(self.docname, lineno, issue, text))
|
||||
else:
|
||||
self.warn('[%s:%d] "%s" found in "%-.120s"' % (
|
||||
self.logger.warn('[%s:%d] "%s" found in "%-.120s"' % (
|
||||
self.docname.encode(sys.getdefaultencoding(),'replace'),
|
||||
lineno,
|
||||
issue.encode(sys.getdefaultencoding(),'replace'),
|
||||
|
@ -73,6 +73,8 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
|
||||
if altinstall and default_pip:
|
||||
raise ValueError("Cannot use altinstall and default_pip together")
|
||||
|
||||
sys.audit("ensurepip.bootstrap", root)
|
||||
|
||||
_disable_pip_configuration_settings()
|
||||
|
||||
# By default, installing pip and setuptools installs all of the
|
||||
|
@ -148,6 +148,7 @@ class FTP:
|
||||
self.timeout = timeout
|
||||
if source_address is not None:
|
||||
self.source_address = source_address
|
||||
sys.audit("ftplib.FTP.connect", self, self.host, self.port)
|
||||
self.sock = socket.create_connection((self.host, self.port), self.timeout,
|
||||
source_address=self.source_address)
|
||||
self.af = self.sock.family
|
||||
@ -188,6 +189,7 @@ class FTP:
|
||||
def putline(self, line):
|
||||
if '\r' in line or '\n' in line:
|
||||
raise ValueError('an illegal newline character should not be contained')
|
||||
sys.audit("ftplib.FTP.sendcmd", self, line)
|
||||
line = line + CRLF
|
||||
if self.debugging > 1:
|
||||
print('*put*', self.sanitize(line))
|
||||
|
@ -3,6 +3,7 @@
|
||||
import os
|
||||
import re
|
||||
import fnmatch
|
||||
import sys
|
||||
|
||||
__all__ = ["glob", "iglob", "escape"]
|
||||
|
||||
@ -37,6 +38,7 @@ def iglob(pathname, *, recursive=False):
|
||||
return it
|
||||
|
||||
def _iglob(pathname, recursive, dironly):
|
||||
sys.audit("glob.glob", pathname, recursive)
|
||||
dirname, basename = os.path.split(pathname)
|
||||
if not has_magic(pathname):
|
||||
assert not dironly
|
||||
|
@ -289,6 +289,7 @@ class IMAP4:
|
||||
# (which is used by socket.create_connection()) expects None
|
||||
# as a default value for host.
|
||||
host = None if not self.host else self.host
|
||||
sys.audit("imaplib.IMAP4.open", self, self.host, self.port)
|
||||
return socket.create_connection((host, self.port))
|
||||
|
||||
def open(self, host = '', port = IMAP4_PORT):
|
||||
@ -318,6 +319,7 @@ class IMAP4:
|
||||
|
||||
def send(self, data):
|
||||
"""Send data to remote."""
|
||||
sys.audit("imaplib.IMAP4.send", self, data)
|
||||
self.sock.sendall(data)
|
||||
|
||||
|
||||
|
@ -68,6 +68,7 @@ import socket
|
||||
import collections
|
||||
import datetime
|
||||
import warnings
|
||||
import sys
|
||||
|
||||
try:
|
||||
import ssl
|
||||
@ -413,6 +414,7 @@ class _NNTPBase:
|
||||
def _putline(self, line):
|
||||
"""Internal: send one line to the server, appending CRLF.
|
||||
The `line` must be a bytes-like object."""
|
||||
sys.audit("nntplib.NNTP.putline", self, line)
|
||||
line = line + _CRLF
|
||||
if self.debugging > 1: print('*put*', repr(line))
|
||||
self.file.write(line)
|
||||
@ -1040,6 +1042,7 @@ class NNTP(_NNTPBase):
|
||||
"""
|
||||
self.host = host
|
||||
self.port = port
|
||||
sys.audit("nntplib.NNTP", self, host, port)
|
||||
self.sock = socket.create_connection((host, port), timeout)
|
||||
file = None
|
||||
try:
|
||||
@ -1071,6 +1074,7 @@ if _have_ssl:
|
||||
"""This works identically to NNTP.__init__, except for the change
|
||||
in default port and the `ssl_context` argument for SSL connections.
|
||||
"""
|
||||
sys.audit("nntplib.NNTP", self, host, port)
|
||||
self.sock = socket.create_connection((host, port), timeout)
|
||||
file = None
|
||||
try:
|
||||
|
@ -141,6 +141,7 @@ class Pdb(bdb.Bdb, cmd.Cmd):
|
||||
nosigint=False, readrc=True):
|
||||
bdb.Bdb.__init__(self, skip=skip)
|
||||
cmd.Cmd.__init__(self, completekey, stdin, stdout)
|
||||
sys.audit("pdb.Pdb")
|
||||
if stdout:
|
||||
self.use_rawinput = 0
|
||||
self.prompt = '(Pdb) '
|
||||
|
@ -16,6 +16,7 @@ Based on the J. Myers POP3 draft, Jan. 96
|
||||
import errno
|
||||
import re
|
||||
import socket
|
||||
import sys
|
||||
|
||||
try:
|
||||
import ssl
|
||||
@ -99,6 +100,7 @@ class POP3:
|
||||
self.host = host
|
||||
self.port = port
|
||||
self._tls_established = False
|
||||
sys.audit("poplib.POP3", self, host, port)
|
||||
self.sock = self._create_socket(timeout)
|
||||
self.file = self.sock.makefile('rb')
|
||||
self._debugging = 0
|
||||
@ -109,6 +111,7 @@ class POP3:
|
||||
|
||||
def _putline(self, line):
|
||||
if self._debugging > 1: print('*put*', repr(line))
|
||||
sys.audit("poplib.POP3.putline", self, line)
|
||||
self.sock.sendall(line + CRLF)
|
||||
|
||||
|
||||
|
@ -530,6 +530,7 @@ def copytree(src, dst, symlinks=False, ignore=None, copy_function=copy2,
|
||||
function that supports the same signature (like copy()) can be used.
|
||||
|
||||
"""
|
||||
sys.audit("shutil.copytree", src, dst)
|
||||
with os.scandir(src) as entries:
|
||||
return _copytree(entries=entries, src=src, dst=dst, symlinks=symlinks,
|
||||
ignore=ignore, copy_function=copy_function,
|
||||
@ -640,6 +641,7 @@ def rmtree(path, ignore_errors=False, onerror=None):
|
||||
is false and onerror is None, an exception is raised.
|
||||
|
||||
"""
|
||||
sys.audit("shutil.rmtree", path)
|
||||
if ignore_errors:
|
||||
def onerror(*args):
|
||||
pass
|
||||
@ -965,6 +967,7 @@ def make_archive(base_name, format, root_dir=None, base_dir=None, verbose=0,
|
||||
'owner' and 'group' are used when creating a tar archive. By default,
|
||||
uses the current owner and group.
|
||||
"""
|
||||
sys.audit("shutil.make_archive", base_name, format, root_dir, base_dir)
|
||||
save_cwd = os.getcwd()
|
||||
if root_dir is not None:
|
||||
if logger is not None:
|
||||
|
@ -335,6 +335,7 @@ class SMTP:
|
||||
port = self.default_port
|
||||
if self.debuglevel > 0:
|
||||
self._print_debug('connect:', (host, port))
|
||||
sys.audit("smtplib.SMTP.connect", self, host, port)
|
||||
self.sock = self._get_socket(host, port, self.timeout)
|
||||
self.file = None
|
||||
(code, msg) = self.getreply()
|
||||
@ -352,6 +353,7 @@ class SMTP:
|
||||
# should not be used, but 'data' needs to convert the string to
|
||||
# binary itself anyway, so that's not a problem.
|
||||
s = s.encode(self.command_encoding)
|
||||
sys.audit("smtplib.SMTP.send", self, s)
|
||||
try:
|
||||
self.sock.sendall(s)
|
||||
except OSError:
|
||||
|
@ -1268,6 +1268,11 @@ class Popen(object):
|
||||
comspec = os.environ.get("COMSPEC", "cmd.exe")
|
||||
args = '{} /c "{}"'.format (comspec, args)
|
||||
|
||||
if cwd is not None:
|
||||
cwd = os.fsdecode(cwd)
|
||||
|
||||
sys.audit("subprocess.Popen", executable, args, cwd, env)
|
||||
|
||||
# Start the process
|
||||
try:
|
||||
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
|
||||
@ -1276,7 +1281,7 @@ class Popen(object):
|
||||
int(not close_fds),
|
||||
creationflags,
|
||||
env,
|
||||
os.fsdecode(cwd) if cwd is not None else None,
|
||||
cwd,
|
||||
startupinfo)
|
||||
finally:
|
||||
# Child is launched. Close the parent's copy of those pipe
|
||||
@ -1543,6 +1548,8 @@ class Popen(object):
|
||||
if executable is None:
|
||||
executable = args[0]
|
||||
|
||||
sys.audit("subprocess.Popen", executable, args, cwd, env)
|
||||
|
||||
if (_USE_POSIX_SPAWN
|
||||
and os.path.dirname(executable)
|
||||
and preexec_fn is None
|
||||
|
@ -231,6 +231,7 @@ class Telnet:
|
||||
self.host = host
|
||||
self.port = port
|
||||
self.timeout = timeout
|
||||
sys.audit("telnetlib.Telnet.open", self, host, port)
|
||||
self.sock = socket.create_connection((host, port), timeout)
|
||||
|
||||
def __del__(self):
|
||||
@ -286,6 +287,7 @@ class Telnet:
|
||||
"""
|
||||
if IAC in buffer:
|
||||
buffer = buffer.replace(IAC, IAC+IAC)
|
||||
sys.audit("telnetlib.Telnet.write", self, buffer)
|
||||
self.msg("send %r", buffer)
|
||||
self.sock.sendall(buffer)
|
||||
|
||||
|
@ -43,6 +43,7 @@ import os as _os
|
||||
import shutil as _shutil
|
||||
import errno as _errno
|
||||
from random import Random as _Random
|
||||
import sys as _sys
|
||||
import weakref as _weakref
|
||||
import _thread
|
||||
_allocate_lock = _thread.allocate_lock
|
||||
@ -244,6 +245,7 @@ def _mkstemp_inner(dir, pre, suf, flags, output_type):
|
||||
for seq in range(TMP_MAX):
|
||||
name = next(names)
|
||||
file = _os.path.join(dir, pre + name + suf)
|
||||
_sys.audit("tempfile.mkstemp", file)
|
||||
try:
|
||||
fd = _os.open(file, flags, 0o600)
|
||||
except FileExistsError:
|
||||
@ -352,6 +354,7 @@ def mkdtemp(suffix=None, prefix=None, dir=None):
|
||||
for seq in range(TMP_MAX):
|
||||
name = next(names)
|
||||
file = _os.path.join(dir, prefix + name + suffix)
|
||||
_sys.audit("tempfile.mkdtemp", file)
|
||||
try:
|
||||
_os.mkdir(file, 0o700)
|
||||
except FileExistsError:
|
||||
@ -546,7 +549,7 @@ def NamedTemporaryFile(mode='w+b', buffering=-1, encoding=None,
|
||||
_os.close(fd)
|
||||
raise
|
||||
|
||||
if _os.name != 'posix' or _os.sys.platform == 'cygwin':
|
||||
if _os.name != 'posix' or _sys.platform == 'cygwin':
|
||||
# On non-POSIX and Cygwin systems, assume that we cannot unlink a file
|
||||
# while it is open.
|
||||
TemporaryFile = NamedTemporaryFile
|
||||
|
@ -154,6 +154,7 @@ class GenericBrowser(BaseBrowser):
|
||||
self.basename = os.path.basename(self.name)
|
||||
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
cmdline = [self.name] + [arg.replace("%s", url)
|
||||
for arg in self.args]
|
||||
try:
|
||||
@ -173,6 +174,7 @@ class BackgroundBrowser(GenericBrowser):
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
cmdline = [self.name] + [arg.replace("%s", url)
|
||||
for arg in self.args]
|
||||
sys.audit("webbrowser.open", url)
|
||||
try:
|
||||
if sys.platform[:3] == 'win':
|
||||
p = subprocess.Popen(cmdline)
|
||||
@ -201,7 +203,7 @@ class UnixBrowser(BaseBrowser):
|
||||
remote_action_newwin = None
|
||||
remote_action_newtab = None
|
||||
|
||||
def _invoke(self, args, remote, autoraise):
|
||||
def _invoke(self, args, remote, autoraise, url=None):
|
||||
raise_opt = []
|
||||
if remote and self.raise_opts:
|
||||
# use autoraise argument only for remote invocation
|
||||
@ -237,6 +239,7 @@ class UnixBrowser(BaseBrowser):
|
||||
return not p.wait()
|
||||
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
if new == 0:
|
||||
action = self.remote_action
|
||||
elif new == 1:
|
||||
@ -253,7 +256,7 @@ class UnixBrowser(BaseBrowser):
|
||||
args = [arg.replace("%s", url).replace("%action", action)
|
||||
for arg in self.remote_args]
|
||||
args = [arg for arg in args if arg]
|
||||
success = self._invoke(args, True, autoraise)
|
||||
success = self._invoke(args, True, autoraise, url)
|
||||
if not success:
|
||||
# remote invocation failed, try straight way
|
||||
args = [arg.replace("%s", url) for arg in self.args]
|
||||
@ -337,6 +340,7 @@ class Konqueror(BaseBrowser):
|
||||
"""
|
||||
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
# XXX Currently I know no way to prevent KFM from opening a new win.
|
||||
if new == 2:
|
||||
action = "newTab"
|
||||
@ -420,6 +424,7 @@ class Grail(BaseBrowser):
|
||||
return 1
|
||||
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
if new:
|
||||
ok = self._remote("LOADNEW " + url)
|
||||
else:
|
||||
@ -577,6 +582,7 @@ def register_standard_browsers():
|
||||
if sys.platform[:3] == "win":
|
||||
class WindowsDefault(BaseBrowser):
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
try:
|
||||
os.startfile(url)
|
||||
except OSError:
|
||||
@ -606,6 +612,7 @@ if sys.platform == 'darwin':
|
||||
self.name = name
|
||||
|
||||
def open(self, url, new=0, autoraise=True):
|
||||
sys.audit("webbrowser.open", url)
|
||||
assert "'" not in url
|
||||
# hack for local urls
|
||||
if not ':' in url:
|
||||
|
@ -0,0 +1,5 @@
|
||||
Adds audit events for :mod:`ensurepip`, :mod:`ftplib`, :mod:`glob`,
|
||||
:mod:`imaplib`, :mod:`nntplib`, :mod:`pdb`, :mod:`poplib`, :mod:`shutil`,
|
||||
:mod:`smtplib`, :mod:`sqlite3`, :mod:`subprocess`, :mod:`telnetlib`,
|
||||
:mod:`tempfile` and :mod:`webbrowser`, as well as :func:`os.listdir`,
|
||||
:func:`os.scandir` and :func:`breakpoint`.
|
@ -85,6 +85,10 @@ static PyObject* module_connect(PyObject* self, PyObject* args, PyObject*
|
||||
factory = (PyObject*)&pysqlite_ConnectionType;
|
||||
}
|
||||
|
||||
if (PySys_Audit("sqlite3.connect", "O", database) < 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
result = PyObject_Call(factory, args, kwargs);
|
||||
|
||||
return result;
|
||||
|
@ -3759,6 +3759,10 @@ static PyObject *
|
||||
os_listdir_impl(PyObject *module, path_t *path)
|
||||
/*[clinic end generated code: output=293045673fcd1a75 input=e3f58030f538295d]*/
|
||||
{
|
||||
if (PySys_Audit("os.listdir", "O",
|
||||
path->object ? path->object : Py_None) < 0) {
|
||||
return NULL;
|
||||
}
|
||||
#if defined(MS_WINDOWS) && !defined(HAVE_OPENDIR)
|
||||
return _listdir_windows_no_opendir(path, NULL);
|
||||
#else
|
||||
@ -13164,6 +13168,11 @@ os_scandir_impl(PyObject *module, path_t *path)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (PySys_Audit("os.scandir", "O",
|
||||
path->object ? path->object : Py_None) < 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
iterator = PyObject_New(ScandirIterator, &ScandirIteratorType);
|
||||
if (!iterator)
|
||||
return NULL;
|
||||
|
@ -482,6 +482,11 @@ builtin_breakpoint(PyObject *self, PyObject *const *args, Py_ssize_t nargs, PyOb
|
||||
PyErr_SetString(PyExc_RuntimeError, "lost sys.breakpointhook");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (PySys_Audit("builtins.breakpoint", "O", hook) < 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
Py_INCREF(hook);
|
||||
PyObject *retval = _PyObject_Vectorcall(hook, args, nargs, keywords);
|
||||
Py_DECREF(hook);
|
||||
|
Loading…
Reference in New Issue
Block a user