Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ee17e37

Browse files
zoobazooba
authored
bpo-39007: Add auditing events to functions in winreg (GH-17541)
Also allows winreg.CloseKey() to accept same types as other functions.
1 parent b8cbe74 commit ee17e37

File tree

5 files changed

+218
-27
lines changed

5 files changed

+218
-27
lines changed

Doc/library/winreg.rst

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ This module offers the following functions:
5353
The return value is the handle of the opened key. If the function fails, an
5454
:exc:`OSError` exception is raised.
5555

56+
.. audit-event:: winreg.ConnectRegistry computer_name,key winreg.ConnectRegistry
57+
5658
.. versionchanged:: 3.3
5759
See :ref:`above <exception-changed>`.
5860

@@ -75,6 +77,10 @@ This module offers the following functions:
7577
The return value is the handle of the opened key. If the function fails, an
7678
:exc:`OSError` exception is raised.
7779

80+
.. audit-event:: winreg.CreateKey key,sub_key,access winreg.CreateKey
81+
82+
.. audit-event:: winreg.OpenKey/result key winreg.CreateKey
83+
7884
.. versionchanged:: 3.3
7985
See :ref:`above <exception-changed>`.
8086

@@ -103,6 +109,10 @@ This module offers the following functions:
103109
The return value is the handle of the opened key. If the function fails, an
104110
:exc:`OSError` exception is raised.
105111

112+
.. audit-event:: winreg.CreateKey key,sub_key,access winreg.CreateKeyEx
113+
114+
.. audit-event:: winreg.OpenKey/result key winreg.CreateKeyEx
115+
106116
.. versionadded:: 3.2
107117

108118
.. versionchanged:: 3.3
@@ -124,6 +134,8 @@ This module offers the following functions:
124134
If the method succeeds, the entire key, including all of its values, is removed.
125135
If the method fails, an :exc:`OSError` exception is raised.
126136

137+
.. audit-event:: winreg.DeleteKey key,sub_key,access winreg.DeleteKey
138+
127139
.. versionchanged:: 3.3
128140
See :ref:`above <exception-changed>`.
129141

@@ -158,6 +170,8 @@ This module offers the following functions:
158170

159171
On unsupported Windows versions, :exc:`NotImplementedError` is raised.
160172

173+
.. audit-event:: winreg.DeleteKey key,sub_key,access winreg.DeleteKeyEx
174+
161175
.. versionadded:: 3.2
162176

163177
.. versionchanged:: 3.3
@@ -173,6 +187,8 @@ This module offers the following functions:
173187

174188
*value* is a string that identifies the value to remove.
175189

190+
.. audit-event:: winreg.DeleteValue key,value winreg.DeleteValue
191+
176192

177193
.. function:: EnumKey(key, index)
178194

@@ -187,6 +203,8 @@ This module offers the following functions:
187203
typically called repeatedly until an :exc:`OSError` exception is
188204
raised, indicating, no more values are available.
189205

206+
.. audit-event:: winreg.EnumKey key,index winreg.EnumKey
207+
190208
.. versionchanged:: 3.3
191209
See :ref:`above <exception-changed>`.
192210

@@ -220,6 +238,8 @@ This module offers the following functions:
220238
| | :meth:`SetValueEx`) |
221239
+-------+--------------------------------------------+
222240

241+
.. audit-event:: winreg.EnumValue key,index winreg.EnumValue
242+
223243
.. versionchanged:: 3.3
224244
See :ref:`above <exception-changed>`.
225245

@@ -235,6 +255,8 @@ This module offers the following functions:
235255
>>> ExpandEnvironmentStrings('%windir%')
236256
'C:\\Windows'
237257

258+
.. audit-event:: winreg.ExpandEnvironmentStrings str winreg.ExpandEnvironmentStrings
259+
238260

239261
.. function:: FlushKey(key)
240262

@@ -279,6 +301,8 @@ This module offers the following functions:
279301
If *key* is a handle returned by :func:`ConnectRegistry`, then the path
280302
specified in *file_name* is relative to the remote computer.
281303

304+
.. audit-event:: winreg.LoadKey key,sub_key,file_name winreg.LoadKey
305+
282306

283307
.. function:: OpenKey(key, sub_key, reserved=0, access=KEY_READ)
284308
OpenKeyEx(key, sub_key, reserved=0, access=KEY_READ)
@@ -300,6 +324,10 @@ This module offers the following functions:
300324

301325
If the function fails, :exc:`OSError` is raised.
302326

327+
.. audit-event:: winreg.OpenKey key,sub_key,access winreg.OpenKey
328+
329+
.. audit-event:: winreg.OpenKey/result key winreg.OpenKey
330+
303331
.. versionchanged:: 3.2
304332
Allow the use of named arguments.
305333

@@ -330,6 +358,8 @@ This module offers the following functions:
330358
| | nanoseconds since Jan 1, 1601. |
331359
+-------+---------------------------------------------+
332360

361+
.. audit-event:: winreg.QueryInfoKey key winreg.QueryInfoKey
362+
333363

334364
.. function:: QueryValue(key, sub_key)
335365

@@ -347,6 +377,8 @@ This module offers the following functions:
347377
underlying API call doesn't return the type, so always use
348378
:func:`QueryValueEx` if possible.
349379

380+
.. audit-event:: winreg.QueryValue key,sub_key,value_name winreg.QueryValue
381+
350382

351383
.. function:: QueryValueEx(key, value_name)
352384

@@ -370,6 +402,8 @@ This module offers the following functions:
370402
| | :meth:`SetValueEx`) |
371403
+-------+-----------------------------------------+
372404

405+
.. audit-event:: winreg.QueryValue key,sub_key,value_name winreg.QueryValueEx
406+
373407

374408
.. function:: SaveKey(key, file_name)
375409

@@ -393,6 +427,8 @@ This module offers the following functions:
393427

394428
This function passes ``NULL`` for *security_attributes* to the API.
395429

430+
.. audit-event:: winreg.SaveKey key,file_name winreg.SaveKey
431+
396432

397433
.. function:: SetValue(key, sub_key, type, value)
398434

@@ -419,6 +455,8 @@ This module offers the following functions:
419455
The key identified by the *key* parameter must have been opened with
420456
:const:`KEY_SET_VALUE` access.
421457

458+
.. audit-event:: winreg.SetValue key,sub_key,type,value winreg.SetValue
459+
422460

423461
.. function:: SetValueEx(key, value_name, reserved, type, value)
424462

@@ -447,6 +485,8 @@ This module offers the following functions:
447485
bytes) should be stored as files with the filenames stored in the configuration
448486
registry. This helps the registry perform efficiently.
449487

488+
.. audit-event:: winreg.SetValue key,sub_key,type,value winreg.SetValueEx
489+
450490

451491
.. function:: DisableReflectionKey(key)
452492

@@ -463,6 +503,8 @@ This module offers the following functions:
463503
effect. Disabling reflection for a key does not affect reflection of any
464504
subkeys.
465505

506+
.. audit-event:: winreg.DisableReflectionKey key winreg.DisableReflectionKey
507+
466508

467509
.. function:: EnableReflectionKey(key)
468510

@@ -476,6 +518,8 @@ This module offers the following functions:
476518

477519
Restoring reflection for a key does not affect reflection of any subkeys.
478520

521+
.. audit-event:: winreg.EnableReflectionKey key winreg.EnableReflectionKey
522+
479523

480524
.. function:: QueryReflectionKey(key)
481525

@@ -489,6 +533,8 @@ This module offers the following functions:
489533
Will generally raise :exc:`NotImplementedError` if executed on a 32-bit
490534
operating system.
491535

536+
.. audit-event:: winreg.QueryReflectionKey key winreg.QueryReflectionKey
537+
492538

493539
.. _constants:
494540

@@ -741,6 +787,9 @@ integer handle, and also disconnect the Windows handle from the handle object.
741787
handle is not closed. You would call this function when you need the
742788
underlying Win32 handle to exist beyond the lifetime of the handle object.
743789

790+
.. audit-event:: winreg.PyHKEY.Detach key winreg.PyHKEY.Detach
791+
792+
744793
.. method:: PyHKEY.__enter__()
745794
PyHKEY.__exit__(\*exc_info)
746795

Lib/test/audit-tests.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,29 @@ def hook(event, args):
304304
write_unraisable_exc(RuntimeError("nonfatal-error"), "for audit hook test", None)
305305

306306

307+
def test_winreg():
308+
from winreg import OpenKey, EnumKey, CloseKey, HKEY_LOCAL_MACHINE
309+
310+
def hook(event, args):
311+
if not event.startswith("winreg."):
312+
return
313+
print(event, *args)
314+
315+
sys.addaudithook(hook)
316+
317+
k = OpenKey(HKEY_LOCAL_MACHINE, "Software")
318+
EnumKey(k, 0)
319+
try:
320+
EnumKey(k, 10000)
321+
except OSError:
322+
pass
323+
else:
324+
raise RuntimeError("Expected EnumKey(HKLM, 10000) to fail")
325+
326+
kv = k.Detach()
327+
CloseKey(kv)
328+
329+
307330
if __name__ == "__main__":
308331
from test.libregrtest.setup import suppress_msvcrt_asserts
309332

Lib/test/test_audit.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,20 @@ def test_unraisablehook(self):
104104
"RuntimeError('nonfatal-error') Exception ignored for audit hook test",
105105
)
106106

107+
def test_winreg(self):
108+
support.import_module("winreg")
109+
returncode, events, stderr = self.run_python("test_winreg")
110+
if returncode:
111+
self.fail(stderr)
112+
113+
self.assertEqual(events[0][0], "winreg.OpenKey")
114+
self.assertEqual(events[1][0], "winreg.OpenKey/result")
115+
expected = events[1][2]
116+
self.assertTrue(expected)
117+
self.assertSequenceEqual(["winreg.EnumKey", " ", f"{expected} 0"], events[2])
118+
self.assertSequenceEqual(["winreg.EnumKey", " ", f"{expected} 10000"], events[3])
119+
self.assertSequenceEqual(["winreg.PyHKEY.Detach", " ", expected], events[4])
120+
107121

108122
if __name__ == "__main__":
109123
unittest.main()

Misc/NEWS.d/next/Windows/2019-12-09-10-40-34.bpo-39007.vtarxo.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Add auditing events to functions in :mod:`winreg`.

0 commit comments

Comments
 (0)