security: fix #1 — wire SSRF hook into BooruClient shared client

Adds validate_public_request to the BooruClient event_hooks list so every request (and every redirect hop) is checked against the block list from _safety.py. Danbooru, Gelbooru, and Moebooru subclasses all go through BooruClient.client and inherit the protection. Preserves the existing _log_request hook by listing both hooks in order: validate first (so blocked hops never reach the log), then log. Audit-Ref: SECURITY_AUDIT.md finding #1 Severity: High
2026-04-11 16:10:12 -05:00 · 2026-04-11 16:10:12 -05:00 · 6eebb77ae5
commit 6eebb77ae5
parent 013fe43f95
1 changed files with 7 additions and 1 deletions
--- a/booru_viewer/core/api/base.py
+++ b/booru_viewer/core/api/base.py
@ -12,6 +12,7 @@ import httpx

 from ..config import USER_AGENT, DEFAULT_PAGE_SIZE
 from ..cache import log_connection
+from ._safety import validate_public_request

 log = logging.getLogger("booru")

@ -106,7 +107,12 @@ class BooruClient(ABC):
                    headers={"User-Agent": USER_AGENT},
                    follow_redirects=True,
                    timeout=20.0,
-                    event_hooks={"request": [self._log_request]},
+                    event_hooks={
+                        "request": [
+                            validate_public_request,
+                            self._log_request,
+                        ],
+                    },
                    limits=httpx.Limits(max_connections=10, max_keepalive_connections=5),
                )
                BooruClient._shared_client = c