[Python-checkins] bpo-43434: Move sqlite3.connect audit events to sqlite3.Connection.__init__ (GH-25818)
zooba
webhook-mailer at python.org
Sun May 2 17:25:26 EDT 2021
https://github.com/python/cpython/commit/c96cc089f60d2bf7e003c27413c3239ee9de2990
commit: c96cc089f60d2bf7e003c27413c3239ee9de2990
branch: master
author: Erlend Egeberg Aasland <erlend.aasland at innova.no>
committer: zooba <steve.dower at microsoft.com>
date: 2021-05-02T22:25:17+01:00
summary:
bpo-43434: Move sqlite3.connect audit events to sqlite3.Connection.__init__ (GH-25818)
files:
A Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst
M Lib/test/audit-tests.py
M Lib/test/test_audit.py
M Modules/_sqlite/connection.c
M Modules/_sqlite/module.c
diff --git a/Lib/test/audit-tests.py b/Lib/test/audit-tests.py
index ed42451b8f08af..7a7de637c38823 100644
--- a/Lib/test/audit-tests.py
+++ b/Lib/test/audit-tests.py
@@ -367,13 +367,14 @@ def hook(event, *args):
print(event, *args)
sys.addaudithook(hook)
- cx = sqlite3.connect(":memory:")
+ cx1 = sqlite3.connect(":memory:")
+ cx2 = sqlite3.Connection(":memory:")
# Configured without --enable-loadable-sqlite-extensions
if hasattr(sqlite3.Connection, "enable_load_extension"):
- cx.enable_load_extension(False)
+ cx1.enable_load_extension(False)
try:
- cx.load_extension("test")
+ cx1.load_extension("test")
except sqlite3.OperationalError:
pass
else:
diff --git a/Lib/test/test_audit.py b/Lib/test/test_audit.py
index 4ba62c408526d3..25ff34bb11298a 100644
--- a/Lib/test/test_audit.py
+++ b/Lib/test/test_audit.py
@@ -158,7 +158,7 @@ def test_sqlite3(self):
if support.verbose:
print(*events, sep='\n')
actual = [ev[0] for ev in events]
- expected = ["sqlite3.connect", "sqlite3.connect/handle"]
+ expected = ["sqlite3.connect", "sqlite3.connect/handle"] * 2
if hasattr(sqlite3.Connection, "enable_load_extension"):
expected += [
diff --git a/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst b/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst
new file mode 100644
index 00000000000000..b5a3f8d7587498
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-05-02-17-50-23.bpo-43434.cy7xz6.rst
@@ -0,0 +1,4 @@
+Creating :class:`sqlite3.Connection` objects now also produces
+``sqlite3.connect`` and ``sqlite3.connect/handle`` :ref:`auditing events
+<auditing>`. Previously these events were only produced by
+:func:`sqlite3.connect` calls. Patch by Erlend E. Aasland.
diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 5f8e41b6169a76..fb5411243c6798 100644
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -86,6 +86,10 @@ pysqlite_connection_init(pysqlite_Connection *self, PyObject *args,
return -1;
}
+ if (PySys_Audit("sqlite3.connect", "O", database_obj) < 0) {
+ return -1;
+ }
+
database = PyBytes_AsString(database_obj);
self->initialized = 1;
@@ -179,6 +183,10 @@ pysqlite_connection_init(pysqlite_Connection *self, PyObject *args,
self->ProgrammingError = pysqlite_ProgrammingError;
self->NotSupportedError = pysqlite_NotSupportedError;
+ if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
+ return -1;
+ }
+
return 0;
}
diff --git a/Modules/_sqlite/module.c b/Modules/_sqlite/module.c
index 2f323fcd00141f..324994641b4a4a 100644
--- a/Modules/_sqlite/module.c
+++ b/Modules/_sqlite/module.c
@@ -91,20 +91,11 @@ static PyObject* module_connect(PyObject* self, PyObject* args, PyObject*
factory = (PyObject*)pysqlite_ConnectionType;
}
- if (PySys_Audit("sqlite3.connect", "O", database) < 0) {
- return NULL;
- }
-
result = PyObject_Call(factory, args, kwargs);
if (result == NULL) {
return NULL;
}
- if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
- Py_DECREF(result);
- return NULL;
- }
-
return result;
}
More information about the Python-checkins
mailing list