Open
Description
Description
I am using the cve-bin-tool as lib and not as cli. I have recognized that cve-bin-tool adds a logging handler (RichHandler) to the root logger. Is there any special reason for that?
cve-bin-tool/cve_bin_tool/log.py
Lines 34 to 46 in dd07835
It would be kind to add the handler just to the __package__ logger as quick fix:
LOGGER.addHandler(RichHandler())Better set a NullHandler in the __init__.py and add the formatter and RichHandler in cli.main like the loglevel.
I think this is a leftover:
# Add the handlers to the root logger
root_logger = logging.getLogger()The handler gets added during setting up the basicConfig.
I am fixing this right now like this:
from .db import MyCVEDatabase
from .scan import MyCVEScanner
from logging import getLogger
root_logger = getLogger()
root_logger.handlers = []Why?
Hijacking the root logger causes some trouble during logging for others who use cve_bin_tool as lib.
Environment context (optional)
- I am using cve-bin-tool version 3.4 from pypi with python3.11 on linux
- I am using the cvedb and cvescan with custom sources and with a modified scanner which adds the results automatically to the input sbom (cyclonedx) with some extra information.