Motivation for a Python 3.8 floor in Pants is the ...
# developmente
enough-analyst-54434
03/21/2020, 3:24 PMMotivation for a Python 3.8 floor in Pants is the new audit API in 3.8 - looks like we could use this to harden what python stdlib APIs rules can access: https://www.python.org/dev/peps/pep-0578/
👍 4
enough-analyst-54434
03/21/2020, 3:36 PM Copy code
Python 3.8.2 (default, Feb 26 2020, 22:21:03)
[GCC 9.2.1 20200130] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pathlib import Path
>>> Path('/etc/hosts').read_text()
'#\n# /etc/hosts: static lookup table for host names\n#\n\n#<ip-address>\t<<http://hostname.domain.org|hostname.domain.org>>\t<hostname>\n127.0.0.1\tlocalhost.localdomain\tlocalhost\tgill\n::1\t\tlocalhost.localdomain\tlocalhost\tgill\n# End of file\n\n# Toolchain\n127.0.0.1 jsirois.jsirois.svc.cluster.local\n\n# Aurora\n192.168.33.7 aurora.local\n'
>>> def deny(event, args):
... if event == 'open':
... file, *_ = args
... raise RuntimeError(f'Not allowed to open({file!r})')
...
>>> import sys
>>> sys.addaudithook(deny)
>>> Path('/etc/hosts').read_text()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.8/pathlib.py", line 1227, in read_text
File "/usr/lib/python3.8/pathlib.py", line 1213, in open
File "<stdin>", line 4, in deny
RuntimeError: Not allowed to open('/etc/hosts')💯 1