Do not render complex objects by default?

[caioariede]

I've had an interesting experience recently with Django and Granian. We have migrated from Gunicorn to Granian, and, suddenly, while testing it in local, we saw environment variables being logged, including things like SECRET_KEY. After investigating it, we figured it was due to the request object being JSON serialized. It appears that, with Gunicorn, the request object isn't serializable, but it seems to be with Granian.

I wonder if, by default, logs should not include complex objects, and instead, do something like repr(obj).
Consider the following code:

def json_record(self, message: str, extra: dict, record: logging.LogRecord):
    extra = {
        key: value if isinstance(value, (int, float, complex, str)) else repr(value)
        for key, value in extra.items()
        if not isinstance(value, (list, dict))
    }

This way, if one wants to have those values, they can override the json_record method, adding their own logic.

What do you think?

[marselester]

Does this PR fit into your use case #36? If so, could you please test it?

[caioariede]

Yes, @marselester -- I just wanted to add that, if environment variables are leaked, this can be a potential security risk.

[marselester]

The FlatJSONFormatter is now available in the v1.1.0 release https://pypi.org/project/JSON-log-formatter/1.1/.