New submission from A.M. Kuchling <a...@amk.ca>:
During the 3.10 development process, a call to `sys.audit()` got accidentally
removed from the glob module. No tests caught it.
This is clearly bad. sys.audit() is intended for security-related purposes and
can result in operations being cancelled, so someone may be relying on a
particular event being triggered to catch a risky situation. If we then
accidentally remove the audit event, that's a security hole.
The test suite should be verifying that audit events get triggered when we
expect. Presumably we'll need some kind of context manager or assertion that
will do something like:
with self.assertAuditEventTriggered('glob.glob', 'path'):
glob.glob('path')
----------
components: Tests
messages: 379154
nosy: akuchling
priority: normal
severity: normal
status: open
title: Test suite should verify auditing events get triggered
versions: Python 3.10
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue42098>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
