This repository contains sample implementations of CPython entry points using the hooks added in PEP 578.
Python 3.8 is required for these samples, or you can build Python yourself from the 3.8 or master branch.
The implementation in LogToStderr is nearly the simplest
possible code. It takes every event and prints its arguments to standard
error.
Two points are worth calling out:
- during initialisation, it does not render arguments, but this is only
because
PyObject_Reprdoes not always work correctly compileis handled specially to avoid printing the full code of every module
Also see LogToStderrMinimal, which is actually
the simplest possible code to displays a message for each event.
The implementation in NetworkPrompt is a hook that
prompts the user on every socket.* event. If the user types n, the
process is aborted.
The network_prompt.py module uses a Python hook to implement the same
prompt.
The implementation in StartupControl limits how
Python may be launched and requires that a startup file is specified.
This prevents the use of the -c and -m options, as well as
interactive mode.
The implementation in WindowsCatFile
uses a signed python_lib.cat file to verify all imported modules.
This sample only works on Windows.
The implementation in WindowsEventLog
writes a selection of events to a section of the Windows event log.
This sample only works on Windows.
The implementation in syslog writes a selection of events
to the current syslog listener.
This sample requires a syslog implementation.
The implementation in linux_xattr is a proof of
concept for Linux. It verifies all imported modules by hashing their
content with OpenSSL and comparing the hashes against stored hashes in
extended file attributes.
See the readme in that directory for more information.
This sample only works on Linux and requires OpenSSL and libseccomp.