security: fix #3 — redact params in E621Client debug log

Same fix as danbooru.py — the search() log.debug params line previously emitted login + api_key. Route through redact_params(). Audit-Ref: SECURITY_AUDIT.md finding #3 Severity: Medium
2026-04-11 16:13:06 -05:00 · 2026-04-11 16:13:06 -05:00 · 49fa2c5b7a
commit 49fa2c5b7a
parent c0c8fdadbf
1 changed files with 2 additions and 2 deletions
--- a/booru_viewer/core/api/e621.py
+++ b/booru_viewer/core/api/e621.py
@ -8,7 +8,7 @@ import threading
 import httpx

 from ..config import DEFAULT_PAGE_SIZE, USER_AGENT
-from ._safety import validate_public_request
+from ._safety import redact_params, validate_public_request
 from .base import BooruClient, Post, _parse_date

 log = logging.getLogger("booru")
@ -84,7 +84,7 @@ class E621Client(BooruClient):

        url = f"{self.base_url}/posts.json"
        log.info(f"GET {url}")
-        log.debug(f"  params: {params}")
+        log.debug(f"  params: {redact_params(params)}")
        resp = await self._request("GET", url, params=params)
        log.info(f"  -> {resp.status_code}")
        if resp.status_code != 200: