From 9a3bb697ec2e026942ee06b063811d3f375c1662 Mon Sep 17 00:00:00 2001
From: pax <paxxe@protonmail.com>
Date: Sat, 11 Apr 2026 16:12:47 -0500
Subject: [PATCH] =?UTF-8?q?security:=20fix=20#3=20=E2=80=94=20redact=20par?=
 =?UTF-8?q?ams=20in=20DanbooruClient=20debug=20log?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The log.debug(f"  params: {params}") line in search() previously
dumped login + api_key to the booru logger at DEBUG level. Route
the params dict through redact_params() so the keys are replaced
with *** before formatting.

Audit-Ref: SECURITY_AUDIT.md finding #3
Severity: Medium
---
 booru_viewer/core/api/danbooru.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/booru_viewer/core/api/danbooru.py b/booru_viewer/core/api/danbooru.py
index f11e5c8..e6c73f9 100644
--- a/booru_viewer/core/api/danbooru.py
+++ b/booru_viewer/core/api/danbooru.py
@@ -5,6 +5,7 @@ from __future__ import annotations
 import logging
 
 from ..config import DEFAULT_PAGE_SIZE
+from ._safety import redact_params
 from .base import BooruClient, Post, _parse_date
 
 log = logging.getLogger("booru")
@@ -23,7 +24,7 @@ class DanbooruClient(BooruClient):
 
         url = f"{self.base_url}/posts.json"
         log.info(f"GET {url}")
-        log.debug(f"  params: {params}")
+        log.debug(f"  params: {redact_params(params)}")
         resp = await self._request("GET", url, params=params)
         log.info(f"  -> {resp.status_code}")
         if resp.status_code != 200: