commit 7244c0060dc3ef909f34b0791c3e7490b0340d5e
author Erlend Egeberg Aasland <erlend.aasland@innova.no> Tue Apr 27 01:16:46 2021 +0200
committer GitHub <noreply@github.com> Tue Apr 27 00:16:46 2021 +0100
tree 33af92f2923bc24556a6b2c8897442d2a8764a78
parent 52cd6d5e1b2bece0d8efb58b1af41071c914ebe6

bpo-43762: Add audit events for loading of sqlite3 extensions (GH-25246)

Modules/_sqlite/connection.c

diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 150291c..5f8e41b 100644
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1154,6 +1154,11 @@ pysqlite_connection_enable_load_extension_impl(pysqlite_Connection *self,
 {
     int rc;
 
+    if (PySys_Audit("sqlite3.enable_load_extension",
+                    "OO", self, onoff ? Py_True : Py_False) < 0) {
+        return NULL;
+    }
+
     if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) {
         return NULL;
     }
@@ -1185,6 +1190,10 @@ pysqlite_connection_load_extension_impl(pysqlite_Connection *self,
     int rc;
     char* errmsg;
 
+    if (PySys_Audit("sqlite3.load_extension", "Os", self, extension_name) < 0) {
+        return NULL;
+    }
+
     if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) {
         return NULL;
     }

Modules/_sqlite/module.c

diff --git a/Modules/_sqlite/module.c b/Modules/_sqlite/module.c
index 8dbfa7b..2f323fc 100644
--- a/Modules/_sqlite/module.c
+++ b/Modules/_sqlite/module.c
@@ -96,6 +96,14 @@ static PyObject* module_connect(PyObject* self, PyObject* args, PyObject*
     }
 
     result = PyObject_Call(factory, args, kwargs);
+    if (result == NULL) {
+        return NULL;
+    }
+
+    if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
+        Py_DECREF(result);
+        return NULL;
+    }
 
     return result;
 }