gh-149473: Emit audit event on calling os.environ.clear()#149768
gh-149473: Emit audit event on calling os.environ.clear()#149768vstinner wants to merge 1 commit into
Conversation
vstinner
added
the
needs backport to 3.15
|
cc @picnixz |
Documentation build overview
|
| @@ -0,0 +1,2 @@ | |||
| Calling ``os.environ.clear()`` now emits ``os._clearenv`` auditing event. | |||
There was a problem hiding this comment.
The event is only emitted if we use the C implementation right? Otherwise os.environ.clear() is implemented in pure Python. I don't know if you want to update the Python implementation as well though.
There was a problem hiding this comment.
If os._clearenv() is not available, os.environ.clear() emits one audit event os.unsetenv per removed variable. Example:
import os, sys
os.environ.clear()
os.environ['key1'] = 'value1'
os.environ['key2'] = 'value2'
def hook(*args):
print("audit:", args)
sys.addaudithook(hook)
os.environ.clear()Output with os._clearenv() and this change:
audit: ('os._clearenv', ())
Output without os._clearenv():
audit: ('os.unsetenv', (b'key1',))
audit: ('os.unsetenv', (b'key2',))
There was a problem hiding this comment.
I think this should be explicitly documented actually. With the new docs, I think people could expect os.environ.clear() to emit _clearenv unconditionally. I also see that we say that unsetenv is called whenever we call os.environ.clear() but that's not entirely accurate either.
2 participants
Uh oh!
There was an error while loading. Please reload this page.