审计事件表

此表包含 CPython 运行时和标准库中所有由 sys.audit()PySys_Audit() 调用引发的事件。这些调用在 3.8 或更高版本中添加(参见 PEP 578)。

有关处理这些事件的信息,请参见 sys.addaudithook()PySys_AddAuditHook()

CPython 实现细节:此表从 CPython 文档生成,可能无法表示其他实现引发的事件。有关实际引发的事件,请参见运行时特定文档。

审计事件

参数

参考

_thread.start_new_thread

function, args, kwargs

[1]

array.__new__

typecode, initializer

[1]

builtins.breakpoint

breakpointhook

[1]

builtins.id

id

[1]

builtins.input

prompt

[1]

builtins.input/result

result

[1]

code.__new__

code, filename, name, argcount, posonlyargcount, kwonlyargcount, nlocals, stacksize, flags

[1]

compile

source, filename

[1]

cpython.PyInterpreterState_Clear

[1]

cpython.PyInterpreterState_New

[1]

cpython._PySys_ClearAuditHooks

[1]

cpython.run_command

command

[1]

cpython.run_file

filename

[1]

cpython.run_interactivehook

hook

[1]

cpython.run_module

module-name

[1]

cpython.run_startup

filename

[1]

cpython.run_stdin

[1]

ctypes.addressof

obj

[1]

ctypes.call_function

func_pointer, arguments

[1]

ctypes.cdata

address

[1]

ctypes.cdata/buffer

pointer, size, offset

[1][2]

ctypes.create_string_buffer

init, size

[1]

ctypes.create_unicode_buffer

init, size

[1]

ctypes.dlopen

name

[1]

ctypes.dlsym

library, name

[1]

ctypes.dlsym/handle

handle, name

[1]

ctypes.get_errno

[1]

ctypes.get_last_error

[1]

ctypes.set_errno

errno

[1]

ctypes.set_exception

code

[1]

ctypes.set_last_error

error

[1]

ctypes.string_at

ptr, size

[1]

ctypes.wstring_at

ptr, size

[1]

ensurepip.bootstrap

root

[1]

exec

code_object

[1][2]

fcntl.fcntl

fd, cmd, arg

[1]

fcntl.flock

fd, operation

[1]

fcntl.ioctl

fd, request, arg

[1]

fcntl.lockf

fd, cmd, len, start, whence

[1]

ftplib.connect

self, host, port

[1]

ftplib.sendcmd

self, cmd

[1][2]

function.__new__

code

[1]

gc.get_objects

generation

[1]

gc.get_referents

objs

[1]

gc.get_referrers

objs

[1]

glob.glob

pathname, recursive

[1][2]

glob.glob/2

pathname, recursive, root_dir, dir_fd

[1][2]

http.client.connect

self, host, port

[1]

http.client.send

self, data

[1]

imaplib.open

self, host, port

[1]

imaplib.send

self, data

[1]

import

module, filename, sys.path, sys.meta_path, sys.path_hooks

[1]

marshal.dumps

value, version

[1]

marshal.load

[1]

marshal.loads

bytes

[1]

mmap.__new__

fileno, length, access, offset

[1]

msvcrt.get_osfhandle

fd

[1]

msvcrt.locking

fd, mode, nbytes

[1]

msvcrt.open_osfhandle

handle, flags

[1]

nntplib.connect

self, host, port

[1][2]

nntplib.putline

self, line

[1][2]

object.__delattr__

obj, name

[1]

object.__getattr__

obj, name

[1]

object.__setattr__

obj, name, value

[1]

open

path, mode, flags

[1][2][3]

os.add_dll_directory

path

[1]

os.chdir

path

[1][2]

os.chflags

path, flags

[1][2]

os.chmod

path, mode, dir_fd

[1][2][3]

os.chown

path, uid, gid, dir_fd

[1][2][3]

os.exec

path, args, env

[1]

os.fork

[1]

os.forkpty

[1]

os.fwalk

top, topdown, onerror, follow_symlinks, dir_fd

[1]

os.getxattr

path, attribute

[1]

os.kill

pid, sig

[1]

os.killpg

pgid, sig

[1]

os.link

src, dst, src_dir_fd, dst_dir_fd

[1]

os.listdir

path

[1]

os.listdrives

[1]

os.listmounts

[1]

os.listvolumes

[1]

os.listxattr

path

[1]

os.lockf

fd, cmd, len

[1]

os.mkdir

path, mode, dir_fd

[1][2]

os.posix_spawn

path, argv, env

[1][2]

os.putenv

key, value

[1]

os.remove

path, dir_fd

[1][2][3]

os.removexattr

path, attribute

[1]

os.rename

src, dst, src_dir_fd, dst_dir_fd

[1][2][3]

os.rmdir

path, dir_fd

[1]

os.scandir

path

[1]

os.setxattr

path, attribute, value, flags

[1]

os.spawn

mode, path, args, env

[1]

os.startfile

path, operation

[1]

os.startfile/2

path, operation, arguments, cwd, show_cmd

[1]

os.symlink

src, dst, dir_fd

[1]

os.system

command

[1]

os.truncate

fd, length

[1][2]

os.unsetenv

key

[1]

os.utime

path, times, ns, dir_fd

[1]

os.walk

top, topdown, onerror, followlinks

[1]

pathlib.Path.glob

self, pattern

[1]

pathlib.Path.rglob

self, pattern

[1]

pdb.Pdb

[1]

pickle.find_class

模块, 名称

[1]

poplib.connect

self, host, port

[1][2]

poplib.putline

self, line

[1][2]

pty.spawn

argv

[1]

resource.prlimit

pid, 资源, 限制

[1]

resource.setrlimit

资源, 限制

[1]

setopencodehook

[1]

shutil.chown

路径, 用户,

[1]

shutil.copyfile

src, dst

[1][2][3]

shutil.copymode

src, dst

[1][2]

shutil.copystat

src, dst

[1][2]

shutil.copytree

src, dst

[1]

shutil.make_archive

基本名称, 格式, 根目录, 基本目录

[1]

shutil.move

src, dst

[1]

shutil.rmtree

path, dir_fd

[1]

shutil.unpack_archive

文件名, 解压目录, 格式

[1]

signal.pthread_kill

线程 ID, 信号号

[1]

smtplib.connect

self, host, port

[1]

smtplib.send

self, data

[1]

socket.__new__

self, 系列, 类型, 协议

[1]

socket.bind

self, 地址

[1]

socket.connect

self, 地址

[1][2]

socket.getaddrinfo

主机, 端口, 系列, 类型, 协议

[1]

socket.gethostbyaddr

ip_address

[1]

socket.gethostbyname

hostname

[1][2]

socket.gethostname

[1]

socket.getnameinfo

sockaddr

[1]

socket.getservbyname

服务名称, 协议名称

[1]

socket.getservbyport

端口, 协议名称

[1]

socket.sendmsg

self, 地址

[1]

socket.sendto

self, 地址

[1]

socket.sethostname

name

[1]

sqlite3.connect

database

[1]

sqlite3.connect/handle

connection_handle

[1]

sqlite3.enable_load_extension

连接, 启用

[1]

sqlite3.load_extension

连接, 路径

[1]

subprocess.Popen

可执行文件参数当前工作目录环境

[1]

sys._current_exceptions

[1]

sys._current_frames

[1]

sys._getframe

frame

[1]

sys._getframemodulename

depth

[1]

sys.addaudithook

[1][2]

sys.excepthook

hook类型回溯

[1]

sys.set_asyncgen_hooks_finalizer

[1]

sys.set_asyncgen_hooks_firstiter

[1]

sys.setprofile

[1]

sys.settrace

[1]

sys.unraisablehook

hook不可引发

[1]

syslog.closelog

[1]

syslog.openlog

标识日志选项设施

[1]

syslog.setlogmask

maskpri

[1]

syslog.syslog

优先级消息

[1]

telnetlib.Telnet.open

self, host, port

[1]

telnetlib.Telnet.write

self缓冲区

[1]

tempfile.mkdtemp

fullpath

[1][2]

tempfile.mkstemp

fullpath

[1][2][3]

urllib.Request

完整 URL数据标头方法

[1]

webbrowser.open

url

[1]

winreg.ConnectRegistry

计算机名称

[1]

winreg.CreateKey

子键访问权限

[1][2]

winreg.DeleteKey

子键访问权限

[1][2]

winreg.DeleteValue

key, value

[1]

winreg.DisableReflectionKey

key

[1]

winreg.EnableReflectionKey

key

[1]

winreg.EnumKey

索引

[1]

winreg.EnumValue

索引

[1]

winreg.ExpandEnvironmentStrings

str

[1]

winreg.LoadKey

子键文件名

[1]

winreg.OpenKey

子键访问权限

[1]

winreg.OpenKey/result

key

[1][2][3]

winreg.PyHKEY.Detach

key

[1]

winreg.QueryInfoKey

key

[1]

winreg.QueryReflectionKey

key

[1]

winreg.QueryValue

子键值名称

[1][2]

winreg.SaveKey

文件名

[1]

winreg.SetValue

子键类型

[1][2]

以下事件在内部引发,不对应于 CPython 的任何公共 API

审计事件

参数

_winapi.CreateFile

文件名, 所需访问权限, 共享模式, 创建配置, 标志和属性

_winapi.CreateJunction

源路径, 目标路径

_winapi.CreateNamedPipe

名称, 打开模式, 管道模式

_winapi.CreatePipe

_winapi.CreateProcess

应用程序名称, 命令行, 当前目录

_winapi.OpenProcess

进程 ID, 所需访问权限

_winapi.TerminateProcess

句柄, 退出代码

ctypes.PyObj_FromPtr

obj