Victor Stinner
Victor Stinner
> I think we should explore the option of a merge strategy that doesn't require manual backports, This issue is open for 2 years. I did many tests with Git....
I tried to group de 299 attributes of the _testcapi extension module. I'm not sure about each attribute, I only looked quickly at the name, sometimes at the implementation. But...
It might be interesting to split the large _testcapi **module** into **multiple modules**. But I like the idea of starting by splitting the long C file into multiple C files.
In moved PyFrameObject C API tests from the big test_capi to the end of test_frame. But since test_capi.py became a package, maybe it would make sense to move back these...
They are tons of test files which use _testcapi: ``` $ (cd Lib/test/; grep -l _testcapi *.py) audit-tests.py datetimetester.py pythoninfo.py string_tests.py test_array.py test_buffer.py test_bytes.py test_call.py test_class.py test_cmath.py test_cmd_line.py test_codecs.py test_code.py...
> splitting up _testcapimodule.c is a step in the right direction. Oh sure, I totally agree on that! Thanks for working on it.
cc @ethanfurman @warsaw
Recently, the PEP-578 audit hooks was used to build a Capture The Flag (CTF) security challenge, AntCTF x D^3CTF: https://d3ctf.io/ Multiple issues have been reported to the Python Security Response...
See also bpo-43439: [security] Add audit events on GC functions giving access to all Python objects.
Another example of recent Capture The Flag challenge which used audit hooks: https://bugs.python.org/issue42800#msg384143