Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: (logging) Why do you add the RichHandler to the root logger? #4559

Open
jloehel opened this issue Nov 7, 2024 · 2 comments
Open

feat: (logging) Why do you add the RichHandler to the root logger? #4559

jloehel opened this issue Nov 7, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@jloehel
Copy link

jloehel commented Nov 7, 2024

Description

I am using the cve-bin-tool as lib and not as cli. I have recognized that cve-bin-tool adds a logging handler (RichHandler) to the root logger. Is there any special reason for that?

# Rich Handler by default Initalize a Console with stderr stream for logs
logging.basicConfig(
level="INFO",
format="%(name)s - %(message)s",
datefmt="[%X]",
handlers=[RichHandler()],
)
# Add the handlers to the root logger
root_logger = logging.getLogger()
LOGGER = logging.getLogger(__package__)
LOGGER.setLevel(logging.INFO)

It would be kind to add the handler just to the __package__ logger as quick fix:

LOGGER.addHandler(RichHandler())

Better set a NullHandler in the __init__.py and add the formatter and RichHandler in cli.main like the loglevel.

I think this is a leftover:

# Add the handlers to the root logger
root_logger = logging.getLogger()

The handler gets added during setting up the basicConfig.

I am fixing this right now like this:

from .db import MyCVEDatabase                                                                
from .scan import MyCVEScanner                                                         
from logging import getLogger                                                              
                                                                                                                                                                       
root_logger = getLogger()                                                                   
root_logger.handlers = []

Why?

Hijacking the root logger causes some trouble during logging for others who use cve_bin_tool as lib.

Environment context (optional)

  • I am using cve-bin-tool version 3.4 from pypi with python3.11 on linux
  • I am using the cvedb and cvescan with custom sources and with a modified scanner which adds the results automatically to the input sbom (cyclonedx) with some extra information.
@jloehel jloehel added the enhancement New feature or request label Nov 7, 2024
@terriko
Copy link
Contributor

terriko commented Nov 12, 2024

It's been a while since we added Rich, but I think it was mostly that we didn't know of anyone using cve-bin-tool as a lib rather than a command line tool. I'm happy to have a fix if it'll make your life easier!

@jloehel
Copy link
Author

jloehel commented Nov 14, 2024

Hi Terri, thanks for the response. It's not so easy to use it as lib. Especially because of the async part. I had to patch some things here and there. If you don't mind, I can open a PR with some changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants