pax/booru-viewer
1
0
Fork 0
Code Issues Releases 18 Activity

security: fix #3 — redact params in E621Client debug log

Browse Source 
Same fix as danbooru.py — the search() log.debug params line
previously emitted login + api_key. Route through redact_params().

Audit-Ref: SECURITY_AUDIT.md finding #3
Severity: Medium
This commit is contained in:
pax 2026-04-11 16:13:06 -05:00
parent c0c8fdadbf
commit 49fa2c5b7a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
booru_viewer/core/api/e621.py
View File

@ -8,7 +8,7 @@ import threading
import httpx import httpx
from ..config import DEFAULT_PAGE_SIZE, USER_AGENT from ..config import DEFAULT_PAGE_SIZE, USER_AGENT
from ._safety import validate_public_request from ._safety import redact_params, validate_public_request
from .base import BooruClient, Post, _parse_date from .base import BooruClient, Post, _parse_date
log = logging.getLogger("booru") log = logging.getLogger("booru")
@ -84,7 +84,7 @@ class E621Client(BooruClient):
url = f"{self.base_url}/posts.json" url = f"{self.base_url}/posts.json"
log.info(f"GET {url}") log.info(f"GET {url}")
log.debug(f" params: {params}") log.debug(f" params: {redact_params(params)}")
resp = await self._request("GET", url, params=params) resp = await self._request("GET", url, params=params)
log.info(f" -> {resp.status_code}") log.info(f" -> {resp.status_code}")
if resp.status_code != 200: if resp.status_code != 200: