flake8-logging-format


Nameflake8-logging-format JSON
Version 2024.24.12 PyPI version JSON
download
home_pagehttps://github.com/globality-corp/flake8-logging-format
SummaryNone
upload_time2024-06-11 16:31:32
maintainerNone
docs_urlNone
authorGlobality Engineering
requires_pythonNone
licenseApache License 2.0
keywords microcosm
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # flake8-logging-format

Flake8 extension to validate (lack of) logging format strings


## What's This?

Python [logging](https://docs.python.org/3/library/logging.html#logging.Logger.debug) supports a special `extra` keyword
for passing a dictionary of user-defined attributes to include in a logging event. One way to ensure consistency and
rigor in logging is to **always** use `extra` to pass non-constant data and, therefore, to **never** use format strings,
concatenation, or other similar techniques to construct a log string.

In other words, do this:

```python
logger.info(
    "Hello {world}",
    extra=dict(
        world="Earth"
    )
)
```

Instead of:

```python
logger.info(
    "Hello {world}".format(world=Earth)
)
```

## Extra Whitelist

As a further level of rigor, we can enforce that `extra` dictionaries only use keys from a well-known whitelist.

Usage:

```bash
flake8 --enable-extra-whitelist
```

The built-in `Whitelist` supports plugins using `entry_points` with a key of `"logging.extra.whitelist"`. Each
registered entry point must be a callable that returns an iterable of string.

In some cases you may want to log sensitive data only in debugging scenarios.  This is supported in 2 ways:
1. We do not check the logging.extra.whitelist for lines logged at the `debug` level
2. You may also prefix a keyword with 'debug\_' and log it at another level.  You can safely assume these will be
   filtered out of shipped logs.

## Violations Detected

 -  `G001` Logging statements should not use `string.format()` for their first argument
 -  `G002` Logging statements should not use `%` formatting for their first argument
 -  `G003` Logging statements should not use `+` concatenation for their first argument
 -  `G004` Logging statements should not use `f"..."` for their first argument (only in Python 3.6+)
 -  `G010` Logging statements should not use `warn` (use `warning` instead)
 -  `G100` Logging statements should not use `extra` arguments unless whitelisted
 -  `G101` Logging statement should not use `extra` arguments that clash with LogRecord fields
 -  `G200` Logging statements should not include the exception in logged string (use `exception` or `exc_info=True`)
 -  `G201` Logging statements should not use `error(..., exc_info=True)` (use `exception(...)` instead)
 -  `G202` Logging statements should not use redundant `exc_info=True` in `exception`

These violations are disabled by default. To enable them for your project, specify the code(s) in your `setup.cfg`:

```ini
[flake8]
enable-extensions=G
```

## Motivation

Our motivation has to do with balancing the needs of our team and those of our customers.
On the one hand, developers and front-line support should be able to look at application logs. On the other hand, our customers don't want their data shared with anyone, including internal employees.

The implementation approaches this in two ways:

1. By trying to prevent the use of string concatenation in logs (vs explicit variable passing in the standard logging `extra` dictionary)

2. By providing an (optional) mechanism for whitelisting which field names may appear in the `extra` dictionary

Naturally, this _does not_ prevent developers from doing something like:

```python
extra=dict(
    user_id=user.name,
)
```

but then avoiding a case like this falls back to other processes around pull-requests, code review and internal policy.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/globality-corp/flake8-logging-format",
    "name": "flake8-logging-format",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "microcosm",
    "author": "Globality Engineering",
    "author_email": "engineering@globality.com",
    "download_url": null,
    "platform": null,
    "description": "# flake8-logging-format\n\nFlake8 extension to validate (lack of) logging format strings\n\n\n## What's This?\n\nPython [logging](https://docs.python.org/3/library/logging.html#logging.Logger.debug) supports a special `extra` keyword\nfor passing a dictionary of user-defined attributes to include in a logging event. One way to ensure consistency and\nrigor in logging is to **always** use `extra` to pass non-constant data and, therefore, to **never** use format strings,\nconcatenation, or other similar techniques to construct a log string.\n\nIn other words, do this:\n\n```python\nlogger.info(\n    \"Hello {world}\",\n    extra=dict(\n        world=\"Earth\"\n    )\n)\n```\n\nInstead of:\n\n```python\nlogger.info(\n    \"Hello {world}\".format(world=Earth)\n)\n```\n\n## Extra Whitelist\n\nAs a further level of rigor, we can enforce that `extra` dictionaries only use keys from a well-known whitelist.\n\nUsage:\n\n```bash\nflake8 --enable-extra-whitelist\n```\n\nThe built-in `Whitelist` supports plugins using `entry_points` with a key of `\"logging.extra.whitelist\"`. Each\nregistered entry point must be a callable that returns an iterable of string.\n\nIn some cases you may want to log sensitive data only in debugging scenarios.  This is supported in 2 ways:\n1. We do not check the logging.extra.whitelist for lines logged at the `debug` level\n2. You may also prefix a keyword with 'debug\\_' and log it at another level.  You can safely assume these will be\n   filtered out of shipped logs.\n\n## Violations Detected\n\n -  `G001` Logging statements should not use `string.format()` for their first argument\n -  `G002` Logging statements should not use `%` formatting for their first argument\n -  `G003` Logging statements should not use `+` concatenation for their first argument\n -  `G004` Logging statements should not use `f\"...\"` for their first argument (only in Python 3.6+)\n -  `G010` Logging statements should not use `warn` (use `warning` instead)\n -  `G100` Logging statements should not use `extra` arguments unless whitelisted\n -  `G101` Logging statement should not use `extra` arguments that clash with LogRecord fields\n -  `G200` Logging statements should not include the exception in logged string (use `exception` or `exc_info=True`)\n -  `G201` Logging statements should not use `error(..., exc_info=True)` (use `exception(...)` instead)\n -  `G202` Logging statements should not use redundant `exc_info=True` in `exception`\n\nThese violations are disabled by default. To enable them for your project, specify the code(s) in your `setup.cfg`:\n\n```ini\n[flake8]\nenable-extensions=G\n```\n\n## Motivation\n\nOur motivation has to do with balancing the needs of our team and those of our customers.\nOn the one hand, developers and front-line support should be able to look at application logs. On the other hand, our customers don't want their data shared with anyone, including internal employees.\n\nThe implementation approaches this in two ways:\n\n1. By trying to prevent the use of string concatenation in logs (vs explicit variable passing in the standard logging `extra` dictionary)\n\n2. By providing an (optional) mechanism for whitelisting which field names may appear in the `extra` dictionary\n\nNaturally, this _does not_ prevent developers from doing something like:\n\n```python\nextra=dict(\n    user_id=user.name,\n)\n```\n\nbut then avoiding a case like this falls back to other processes around pull-requests, code review and internal policy.\n",
    "bugtrack_url": null,
    "license": "Apache License 2.0",
    "summary": null,
    "version": "2024.24.12",
    "project_urls": {
        "Homepage": "https://github.com/globality-corp/flake8-logging-format"
    },
    "split_keywords": [
        "microcosm"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "700815fa53eea2c9569d4b19d8bbe9d87c87d7bb153cf1dee24ceb28343bd51b",
                "md5": "89699c7f5ef93af5120430139c98ed41",
                "sha256": "7d93c2107354b10a05b1a0d8ccd3a9bfb793aee108007765114c958a7541d674"
            },
            "downloads": -1,
            "filename": "flake8_logging_format-2024.24.12-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "89699c7f5ef93af5120430139c98ed41",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 11524,
            "upload_time": "2024-06-11T16:31:32",
            "upload_time_iso_8601": "2024-06-11T16:31:32.374001Z",
            "url": "https://files.pythonhosted.org/packages/70/08/15fa53eea2c9569d4b19d8bbe9d87c87d7bb153cf1dee24ceb28343bd51b/flake8_logging_format-2024.24.12-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-11 16:31:32",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "globality-corp",
    "github_project": "flake8-logging-format",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "flake8-logging-format"
}
        
Elapsed time: 1.33157s