Skip to content

gh-135543: emit sys.remote_exec audit event when sys.remote_exec has been called #135544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

gh-135543: emit sys.remote_exec audit event when sys.remote_exec has been called #135544

wants to merge 4 commits into from
+18 −0

Conversation

Zheaoli
Copy link
Contributor

@Zheaoli Zheaoli commented Jun 15, 2025
edited by github-actions bot
Loading

Zheaoli added 2 commits June 16, 2025 02:31
@Zheaoli
pythongh-135543: emit sys.remote_exec audit event when sys.remote_exe…
b125c78 
…c has been called

Signed-off-by: Manjusaka <me@manjusaka.me>
@Zheaoli
add news
afab662 
Signed-off-by: Manjusaka <me@manjusaka.me>
@bedevere-app bedevere-app bot mentioned this pull request Jun 15, 2025
Open
@Zheaoli Zheaoli mentioned this pull request Jun 15, 2025
Merged
pablogsal
pablogsal reviewed Jun 15, 2025
View reviewed changes
Lib/test/test_sys.py Outdated
@@ -2118,6 +2118,7 @@ def audit_hook(event, arg):
self.assertEqual(returncode, 0)
self.assertIn(b"Remote script executed successfully!", stdout)
self.assertIn(b"Audit event: remote_debugger_script, arg: ", stdout)
self.assertIn(b"Audit event: remote_exec, arg: ", stdout)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is wrong this string will not appear in the remote it will appear in the process that executed remote_exec

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad,fixed

Zheaoli added 2 commits June 16, 2025 03:09
@Zheaoli
fix code
31c6575 
Signed-off-by: Manjusaka <me@manjusaka.me>
@Zheaoli
Merge main
22207f1 
Signed-off-by: Manjusaka <me@manjusaka.me>
sobolevn
sobolevn reviewed Jun 15, 2025
View reviewed changes
Lib/test/test_sys.py
def audit_hook(event, arg):
if event == "remote_exec":
nonlocal remote_exec_event_triggered
remote_exec_event_triggered = True
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to save arg, not just True. And compare arg with the expected value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

vstinner
vstinner reviewed Jun 16, 2025
View reviewed changes
Lib/test/test_sys.py
if event == "remote_exec":
nonlocal remote_exec_event_triggered
remote_exec_event_triggered = True
sys.addaudithook(audit_hook)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not possible to clear audit hooks, so move this test to test_audit which is designed for that: see Lib/test/audit-tests.py.

Doc/library/sys.rst
@@ -1933,6 +1933,11 @@ always available. Unless explicitly noted otherwise, all variables are read-only
interpreter is pre-release (alpha, beta, or release candidate) then the
local and remote interpreters must be the same exact version.

.. audit-event:: remove_exec pid script_path
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.. audit-event:: remove_exec pid script_path
.. audit-event:: remote_exec pid script_path

Doc/library/sys.rst
.. audit-event:: remove_exec pid script_path

When the code is executed in the remote process, an :ref:`auditing event <auditing>`
``remove_exec`` is raised with the *pid* and the path to the script file.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
``remove_exec`` is raised with the *pid* and the path to the script file.
``remote_exec`` is raised with the *pid* and the path to the script file.

Misc/NEWS.d/next/Core_and_Builtins/2025-06-16-02-31-42.gh-issue-135543.6b0HOF.rst
Comment on lines +1 to +2
emit ``sys.remote_exec`` audit event when ``sys.remote_exec`` has been
called
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
emit ``sys.remote_exec`` audit event when ``sys.remote_exec`` has been
called
Emit ``remote_exec`` audit event when :func:`sys.remote_exec` is called.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner left review comments

@sobolevn sobolevn sobolevn left review comments

@pablogsal pablogsal pablogsal left review comments

@ericsnowcurrently ericsnowcurrently Awaiting requested review from ericsnowcurrently ericsnowcurrently is a code owner

Assignees
No one assigned
Labels
awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add new audit event for sys.remote_exec()
4 participants
@Zheaoli @vstinner @sobolevn @pablogsal