Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: (logging) Why do you add the RichHandler to the root logger? #4559

Open
jloehel opened this issue Nov 7, 2024 · 1 comment
Open

feat: (logging) Why do you add the RichHandler to the root logger? #4559

jloehel opened this issue Nov 7, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@jloehel
Copy link

jloehel commented Nov 7, 2024
edited
Loading

Description

I am using the cve-bin-tool as lib and not as cli. I have recognized that cve-bin-tool adds a logging handler (RichHandler) to the root logger. Is there any special reason for that?

cve-bin-tool/cve_bin_tool/log.py

Lines 34 to 46 in dd07835

# Rich Handler by default Initalize a Console with stderr stream for logs
logging.basicConfig(
level="INFO",
format="%(name)s - %(message)s",
datefmt="[%X]",
handlers=[RichHandler()],
)
# Add the handlers to the root logger
root_logger = logging.getLogger()
LOGGER = logging.getLogger(__package__)
LOGGER.setLevel(logging.INFO)

It would be kind to add the handler just to the __package__ logger as quick fix:

LOGGER.addHandler(RichHandler())

Better set a NullHandler in the __init__.py and add the formatter and RichHandler in cli.main like the loglevel.

I think this is a leftover:

# Add the handlers to the root logger
root_logger = logging.getLogger()

The handler gets added during setting up the basicConfig.

I am fixing this right now like this:

from .db import MyCVEDatabase                                                                
from .scan import MyCVEScanner                                                         
from logging import getLogger                                                              
                                                                                                                                                                       
root_logger = getLogger()                                                                   
root_logger.handlers = []

Why?

Hijacking the root logger causes some trouble during logging for others who use cve_bin_tool as lib.

Environment context (optional)

  • I am using cve-bin-tool version 3.4 from pypi with python3.11 on linux
  • I am using the cvedb and cvescan with custom sources and with a modified scanner which adds the results automatically to the input sbom (cyclonedx) with some extra information.
@jloehel jloehel added the enhancement New feature or request label Nov 7, 2024
@terriko
Copy link
Contributor

terriko commented Nov 12, 2024

It's been a while since we added Rich, but I think it was mostly that we didn't know of anyone using cve-bin-tool as a lib rather than a command line tool. I'm happy to have a fix if it'll make your life easier!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terriko @jloehel