Arie Bovenberg <a.c.bovenb...@gmail.com> added the comment:
I've done some more digging, and have read the related issue bpo-30995. There are IMHO two challenges that are worth tackling: 1. A great number[1] of developers do their own string formatting. This is sub-optimal for performance and - in rare cases - leaves them potentially vulnerable to attack (DoS through a string formatting attack). We cannot prohibit this without breaking backwards compatibility: https://docs.python.org/3/howto/logging.html#using-arbitrary-objects-as-messages. 2. The logging cookbook has several mechanisms for new-style formatting, but because these do not ship with the stdlib, the vast majority[2] of programmers don't use them. We can solve both issues with a new family of `Logger` methods. The debug one shown below: def debugf(self, msg: Literal[str], *args, exc_info=False, **kwargs): """ Log 'msg.format(*args, **kwargs)' with severity 'DEBUG'. To pass exception information, use the keyword argument exc_info with a true value, e.g. logger.debugf("Houston, we have a {}", "thorny problem", exc_info=1) """ if self.isEnabledFor(DEBUG): # `BraceMessage` from the logging cookbook. self._log(DEBUG, BraceMessage(msg, args, kwargs), exc_info=exc_info) Advantages of this approach: - It's mostly the existing work of @vinay.sajip. It's Idiomatic and proven to work. - No change to existing methods or loggers. Fully backwards compatible. - Protection against string formatting attack at the type level (thanks to PEP675). Everyone with an IDE will get warned about unsafe use. - Embed correct use of log formatting at type level. - People will stop complaining about the `%`-style, now that there is an easy way to use new-style formatting in the stdlib. The disadvantage of course is an extra set of logging methods. However: - An `f` suffix for string formatting operations is common (e.g. `printf`) - It's visually similar to f-strings, thus straightforward to comprehend. Compare `debug(f"hello ...` and `debugf("hello ...`. - It's explicit. The method logs _and_ formats. Sources: [1] On GitHub code search, `logger` gets 8M results. `logger` `format` gets almost 4M results, of which about half are actually instances of logging `.format()` strings. f-strings are not even included in this search, and probably used very frequently as well. (https://github.com/search?l=Python&p=2&q=logger+format&type=Code) [2] There are <1000 instances of `StyleAdapter`, `BraceMessage` in GitHub code search, while `getLogger` gets almost 5M results. (https://github.com/search?l=Python&q=bracemessage&type=Code) (https://github.com/search?l=Python&q=styleadapter&type=Code) (https://github.com/search?l=Python&q=getlogger&type=Code) ---------- components: +Library (Lib) _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue46200> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
