bpo-43762: Add audit events for loading of sqlite3 extensions (GH-25246)

2 files changed, 17 insertions, 0 deletions

diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 150291c..5f8e41b 100644
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1154,6 +1154,11 @@ pysqlite_connection_enable_load_extension_impl(pysqlite_Connection *self,
 {
     int rc;
 
+    if (PySys_Audit("sqlite3.enable_load_extension",
+                    "OO", self, onoff ? Py_True : Py_False) < 0) {
+        return NULL;
+    }
+
     if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) {
         return NULL;
     }
@@ -1185,6 +1190,10 @@ pysqlite_connection_load_extension_impl(pysqlite_Connection *self,
     int rc;
     char* errmsg;
 
+    if (PySys_Audit("sqlite3.load_extension", "Os", self, extension_name) < 0) {
+        return NULL;
+    }
+
     if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) {
         return NULL;
     }
diff --git a/Modules/_sqlite/module.c b/Modules/_sqlite/module.c
index 8dbfa7b..2f323fc 100644
--- a/Modules/_sqlite/module.c
+++ b/Modules/_sqlite/module.c
@@ -96,6 +96,14 @@ static PyObject* module_connect(PyObject* self, PyObject* args, PyObject*
     }
 
     result = PyObject_Call(factory, args, kwargs);
+    if (result == NULL) {
+        return NULL;
+    }
+
+    if (PySys_Audit("sqlite3.connect/handle", "O", self) < 0) {
+        Py_DECREF(result);
+        return NULL;
+    }
 
     return result;
 }