From 49fa2c5b7a9db0d6f481d499892665408e032544 Mon Sep 17 00:00:00 2001 From: pax Date: Sat, 11 Apr 2026 16:13:06 -0500 Subject: [PATCH] =?UTF-8?q?security:=20fix=20#3=20=E2=80=94=20redact=20par?= =?UTF-8?q?ams=20in=20E621Client=20debug=20log?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same fix as danbooru.py — the search() log.debug params line previously emitted login + api_key. Route through redact_params(). Audit-Ref: SECURITY_AUDIT.md finding #3 Severity: Medium --- booru_viewer/core/api/e621.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/booru_viewer/core/api/e621.py b/booru_viewer/core/api/e621.py index 1171355..1d92098 100644 --- a/booru_viewer/core/api/e621.py +++ b/booru_viewer/core/api/e621.py @@ -8,7 +8,7 @@ import threading import httpx from ..config import DEFAULT_PAGE_SIZE, USER_AGENT -from ._safety import validate_public_request +from ._safety import redact_params, validate_public_request from .base import BooruClient, Post, _parse_date log = logging.getLogger("booru") @@ -84,7 +84,7 @@ class E621Client(BooruClient): url = f"{self.base_url}/posts.json" log.info(f"GET {url}") - log.debug(f" params: {params}") + log.debug(f" params: {redact_params(params)}") resp = await self._request("GET", url, params=params) log.info(f" -> {resp.status_code}") if resp.status_code != 200: