Crash on unrecognized LOG_LEVEL environment variable (e.g. TRACE) #7459
Description
Describe the issue
Checkov crashes with a ValueError when the LOG_LEVEL environment variable is set to a value Python's logging module doesn't recognize - such as TRACE, which is a standard log level in many ecosystems (Java/Log4j, Rust/tracing, etc.).
The crash happens at import time in checkov/logging_init.py before any user code runs, so there's no way to catch or handle it.
Examples
LOG_LEVEL=trace checkov --version
% LOG_LEVEL=trace checkov --version
Traceback (most recent call last):
File "/opt/homebrew/bin/checkov", line 2, in <module>
from checkov.main import Checkov
File "/opt/homebrew/Cellar/checkov/3.2.500/libexec/lib/python3.14/site-packages/checkov/main.py", line 21, in <module>
import checkov.logging_init # noqa # should be imported before the others to ensure correct logging setup
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/checkov/3.2.500/libexec/lib/python3.14/site-packages/checkov/logging_init.py", line 8, in <module>
logging.basicConfig(level=LOG_LEVEL)
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/python@3.14/3.14.3_1/Frameworks/Python.framework/Versions/3.14/lib/python3.14/logging/__init__.py", line 2120, in basicConfig
root.setLevel(level)
~~~~~~~~~~~~~^^^^^^^
File "/opt/homebrew/Cellar/python@3.14/3.14.3_1/Frameworks/Python.framework/Versions/3.14/lib/python3.14/logging/__init__.py", line 1495, in setLevel
self.level = _checkLevel(level)
~~~~~~~~~~~^^^^^^^
File "/opt/homebrew/Cellar/python@3.14/3.14.3_1/Frameworks/Python.framework/Versions/3.14/lib/python3.14/logging/__init__.py", line 210, in _checkLevel
raise ValueError("Unknown level: %r" % level)
ValueError: Unknown level: 'TRACE'Expected Behavior
Checkov should fall back to a default log level (e.g. WARNING) when LOG_LEVEL contains an unrecognized value.
Actual Behavior
ValueError: Unknown level: 'TRACE'
The crash originates from checkov/logging_init.py:
LOG_LEVEL = os.getenv('LOG_LEVEL', 'WARNING').upper()
logging.basicConfig(level=LOG_LEVEL) # raises ValueErrorSuggested Fix
Wrap the basicConfig call in a try/except:
LOG_LEVEL = os.getenv('LOG_LEVEL', 'WARNING').upper()
try:
logging.basicConfig(level=LOG_LEVEL)
except (ValueError, TypeError):
logging.basicConfig(level='WARNING')Desktop (please complete the following information):
- Checkov version: 3.2.500
- Python version: 3.13
- OS: macOS Tahoe/Amazon Linux 2023
Additional context
LOG_LEVEL is a widely-used generic environment variable. If environments are set to Python invalid LOG_LEVEL=trace in the environment, checkov will crash when invoked from those contexts. Any unrecognized value (not just TRACE) triggers the same crash — e.g. VERBOSE, DEBG, etc.