bpo-42800: add audit hooks for f_code and tb_frame #24182
Conversation
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). CLA MissingOur records indicate the following people have not signed the CLA: For legal reasons we need all the people listed to sign the CLA before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. If you have recently signed the CLA, please wait at least one business day You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
|
I've amended this PR to also cover the code attributes of generator objects (generator, coroutine, and async generator). I'll comment on this in the BPO. |
* Accessing the following attributes will now fire PEP 578 style
audit hooks as ("object.__getattr__", obj, name):
* PyTracebackObject: tb_frame
* PyFrameObject: f_code
* PyGenObject: gi_code, gi_frame
* PyCoroObject: cr_code, cr_frame
* PyAsyncGenObject: ag_code, ag_frame
* Document audit hooks for tb_frame, f_code, and __code__
* Add an AUDIT_READ attribute flag aliased to READ_RESTRICTED.
* Update obsolete RESTRICTED flag documentation.
|
This PR is stale because it has been open for 30 days with no activity. |
| @@ -5206,6 +5206,9 @@ environment. Code objects are returned by the built-in :func:`compile` function | |||
| and can be extracted from function objects through their :attr:`__code__` | |||
| attribute. See also the :mod:`code` module. | |||
|
|
|||
| Accessing ``__code__`` raises an :ref:`auditing event <auditing>` | |||
There was a problem hiding this comment.
You should be able to add a regular ..audit_event item (or whatever the name is) and override the text by putting an indented paragraph below it. That will make sure the entry gets into the auto-generated table. Otherwise, it all looks good
There was a problem hiding this comment.
I tried that, and IMO it makes the audit event table look worse due to the way it only references these docs via unlabeled footnotes in the object.__getattr__ section, and it scrambles the order of the footnotes so the first object.__getattr__ footnote no longer points at object, it points at one of the specific attributes.
My longer reasoning is here: https://bugs.python.org/msg384749
I think a better answer would be for someone who understands the sphinx table generator to add a directive that inserts labeled cross-references for each attribute below the object.__getattr__ row.
Right now when you add cross-references for all of the attributes the table row looks something like this:
object.__getattr__ | description | [1] [2] [3] [4] [5]
But would be actually useful with a structure like this that actually labels the references:
| event | description | references |
|---|---|---|
object.__getattr__ |
description | [1] |
attr traceback.tb_frame |
description | [1] |
attr code.f_code |
description | [1] |
|
This should be backported to 3.8 and 3.9, but it'll have to be modified slightly to leave the documentation in for the removed constants. |
|
Note that even though the RESTRICTED constants appeared on a couple of attributes up to 3.8, nothing seems to actually use them (as of 3.0 when restricted mode was removed?) until they were used for read audit in 3.8, so the documentation (which said, e.g. "Not readable in restricted mode") was already incorrect. |
Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name): * PyTracebackObject: tb_frame * PyFrameObject: f_code * PyGenObject: gi_code, gi_frame * PyCoroObject: cr_code, cr_frame * PyAsyncGenObject: ag_code, ag_frame
Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name): * PyTracebackObject: tb_frame * PyFrameObject: f_code * PyGenObject: gi_code, gi_frame * PyCoroObject: cr_code, cr_frame * PyAsyncGenObject: ag_code, ag_frame (cherry picked from commit bb2f3ff) Co-authored-by: Steve Dower <steve.dower@python.org>
Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name): * PyTracebackObject: tb_frame * PyFrameObject: f_code * PyGenObject: gi_code, gi_frame * PyCoroObject: cr_code, cr_frame * PyAsyncGenObject: ag_code, ag_frame (cherry picked from commit bb2f3ff) Co-authored-by: Steve Dower <steve.dower@python.org>
Accessing the following attributes will now fire PEP 578 style
audit hooks as
("object.__getattr__", obj, name):PyTracebackObject: tb_framePyFrameObject: f_codePyGenObject: gi_code, gi_framePyCoroObject: cr_code, cr_framePyAsyncGenObject: ag_code, ag_frameDocument audit hooks for
tb_frame,f_code, and__code__Add an
AUDIT_READattribute flag aliased toREAD_RESTRICTED.Update obsolete
RESTRICTEDflag documentation.https://bugs.python.org/issue42800