You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the cve-bin-tool as lib and not as cli. I have recognized that cve-bin-tool adds a logging handler (RichHandler) to the root logger. Is there any special reason for that?
# Rich Handler by default Initalize a Console with stderr stream for logs
logging.basicConfig(
level="INFO",
format="%(name)s - %(message)s",
datefmt="[%X]",
handlers=[RichHandler()],
)
# Add the handlers to the root logger
root_logger=logging.getLogger()
LOGGER=logging.getLogger(__package__)
LOGGER.setLevel(logging.INFO)
It would be kind to add the handler just to the __package__ logger as quick fix:
LOGGER.addHandler(RichHandler())
Better set a NullHandler in the __init__.py and add the formatter and RichHandler in cli.main like the loglevel.
I think this is a leftover:
# Add the handlers to the root loggerroot_logger=logging.getLogger()
The handler gets added during setting up the basicConfig.
I am fixing this right now like this:
from .dbimportMyCVEDatabasefrom .scanimportMyCVEScannerfromloggingimportgetLoggerroot_logger=getLogger()
root_logger.handlers= []
Why?
Hijacking the root logger causes some trouble during logging for others who use cve_bin_tool as lib.
Environment context (optional)
I am using cve-bin-tool version 3.4 from pypi with python3.11 on linux
I am using the cvedb and cvescan with custom sources and with a modified scanner which adds the results automatically to the input sbom (cyclonedx) with some extra information.
The text was updated successfully, but these errors were encountered:
It's been a while since we added Rich, but I think it was mostly that we didn't know of anyone using cve-bin-tool as a lib rather than a command line tool. I'm happy to have a fix if it'll make your life easier!
Hi Terri, thanks for the response. It's not so easy to use it as lib. Especially because of the async part. I had to patch some things here and there. If you don't mind, I can open a PR with some changes.
Description
I am using the cve-bin-tool as lib and not as cli. I have recognized that cve-bin-tool adds a logging handler (RichHandler) to the root logger. Is there any special reason for that?
cve-bin-tool/cve_bin_tool/log.py
Lines 34 to 46 in dd07835
It would be kind to add the handler just to the
__package__
logger as quick fix:Better set a NullHandler in the
__init__.py
and add the formatter and RichHandler in cli.main like the loglevel.I think this is a leftover:
The handler gets added during setting up the basicConfig.
I am fixing this right now like this:
Why?
Hijacking the root logger causes some trouble during logging for others who use cve_bin_tool as lib.
Environment context (optional)
The text was updated successfully, but these errors were encountered: