bpo-42800: add audit hooks for f_code and tb_frame (GH-24182)
Accessing the following attributes will now fire PEP 578 style audit hooks as ("object.__getattr__", obj, name):
* PyTracebackObject: tb_frame
* PyFrameObject: f_code
* PyGenObject: gi_code, gi_frame
* PyCoroObject: cr_code, cr_frame
* PyAsyncGenObject: ag_code, ag_frame
Add an AUDIT_READ attribute flag aliased to READ_RESTRICTED.
Update obsolete flag documentation.diff --git a/Doc/extending/newtypes.rst b/Doc/extending/newtypes.rst
index c078476..545390c 100644
--- a/Doc/extending/newtypes.rst
+++ b/Doc/extending/newtypes.rst
@@ -287,18 +287,23 @@
+===========================+==============================================+
| :const:`READONLY` | Never writable. |
+---------------------------+----------------------------------------------+
-| :const:`READ_RESTRICTED` | Not readable in restricted mode. |
+| :const:`AUDIT_READ` | Emit an ``object.__getattr__`` |
+| | :ref:`audit events <audit-events>` before |
+| | reading. |
+---------------------------+----------------------------------------------+
-| :const:`WRITE_RESTRICTED` | Not writable in restricted mode. |
-+---------------------------+----------------------------------------------+
-| :const:`RESTRICTED` | Not readable or writable in restricted mode. |
-+---------------------------+----------------------------------------------+
+
+.. versionchanged:: 3.10
+ :const:`RESTRICTED`, :const:`READ_RESTRICTED` and :const:`WRITE_RESTRICTED`
+ are deprecated. However, :const:`READ_RESTRICTED` is an alias for
+ :const:`AUDIT_READ`, so fields that specify either :const:`RESTRICTED` or
+ :const:`READ_RESTRICTED` will also raise an audit event.
.. index::
single: READONLY
single: READ_RESTRICTED
single: WRITE_RESTRICTED
single: RESTRICTED
+ single: AUDIT_READ
An interesting advantage of using the :c:member:`~PyTypeObject.tp_members` table to build
descriptors that are used at runtime is that any attribute defined this way can
diff --git a/Doc/library/audit_events.rst b/Doc/library/audit_events.rst
index 367d56e..8227a79 100644
--- a/Doc/library/audit_events.rst
+++ b/Doc/library/audit_events.rst
@@ -7,7 +7,7 @@
This table contains all events raised by :func:`sys.audit` or
:c:func:`PySys_Audit` calls throughout the CPython runtime and the
-standard library. These calls were added in 3.8.0 or later.
+standard library. These calls were added in 3.8.0 or later (see :pep:`578`).
See :func:`sys.addaudithook` and :c:func:`PySys_AddAuditHook` for
information on handling these events.
diff --git a/Doc/library/stdtypes.rst b/Doc/library/stdtypes.rst
index b83d0d8..c4e6b4d 100644
--- a/Doc/library/stdtypes.rst
+++ b/Doc/library/stdtypes.rst
@@ -5195,6 +5195,9 @@
and can be extracted from function objects through their :attr:`__code__`
attribute. See also the :mod:`code` module.
+Accessing ``__code__`` raises an :ref:`auditing event <auditing>`
+``object.__getattr__`` with arguments ``obj`` and ``"__code__"``.
+
.. index::
builtin: exec
builtin: eval
diff --git a/Doc/reference/datamodel.rst b/Doc/reference/datamodel.rst
index 1697330..3a812eb 100644
--- a/Doc/reference/datamodel.rst
+++ b/Doc/reference/datamodel.rst
@@ -1005,6 +1005,9 @@
:attr:`f_lasti` gives the precise instruction (this is an index into the
bytecode string of the code object).
+ Accessing ``f_code`` raises an :ref:`auditing event <auditing>`
+ ``object.__getattr__`` with arguments ``obj`` and ``"f_code"``.
+
.. index::
single: f_trace (frame attribute)
single: f_trace_lines (frame attribute)
@@ -1089,6 +1092,9 @@
:keyword:`try` statement with no matching except clause or with a
finally clause.
+ Accessing ``tb_frame`` raises an :ref:`auditing event <auditing>`
+ ``object.__getattr__`` with arguments ``obj`` and ``"tb_frame"``.
+
.. index::
single: tb_next (traceback attribute)