-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
marshal load bypass code.__new__ audit event #85352
Comments
While Considering that importing from a pyc file also relys on unmarshalling code objects, and they have already been audited as |
I like using the existing event for unmarshalling code objects, assuming we have all the arguments available. I'm not sure whether it's worth auditing all marshal.load() calls (just as we don't audit all pickle.load() calls). But depending on the code paths we may not have a choice. Auditing the .pyc import twice (or more) is basically unavoidable, but it's not terrible anyway. When no hooks are set, it's negligible impact, and when someone adds a hook they are in control of how much work it does. Providing both events means they can choose to only handle one and still get the coverage. Marking this as easy (C), since the hardest part is just going to be finding the right place to add the PySys_Audit call. |
Actually, a quick search of codeobject.c and a look at tkmk's PR makes it seem like the audit event should be being raised from inside PyCode_NewWithPosOnlyArgs anyway (which IIRC didn't exist when I first added the event, though it was probably there before it was merged). In general, events should be raised after parameters have been validated, but before any work is done. And when all the other calls feed through a single function, just auditing that one function is enough. |
Before this, we only audit code.__new__ and code.replace, as these methods allow constructing arbitrary code objects, and we don't audit code object coming from the normal way (like compile,exec,eval). |
Ah, you're right. Thanks for double checking me :) I'll merge the PR and do the backports. Thanks! |
I'm going to revert this and replace it with a marshal.loads (and dumps) event instead. The performance impact on loading .pyc files is too great, as it triggers the hook for each function. Without severely modifying importlib we can't bypass the call that's accessible to Python code, and the important part to detect is marshal calls outside of regular imports. And wanted to mention that Yunfan Zhan suggested adding these events originally and I chose to go the other way. So my bad, and let's get it right now! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: