security: fix #3 — redact params in DanbooruClient debug log

The log.debug(f" params: {params}") line in search() previously dumped login + api_key to the booru logger at DEBUG level. Route the params dict through redact_params() so the keys are replaced with *** before formatting. Audit-Ref: SECURITY_AUDIT.md finding #3 Severity: Medium
2026-04-11 16:12:47 -05:00 · 2026-04-11 16:12:47 -05:00 · 9a3bb697ec
commit 9a3bb697ec
parent d6909bf4d7
1 changed files with 2 additions and 1 deletions
--- a/booru_viewer/core/api/danbooru.py
+++ b/booru_viewer/core/api/danbooru.py
@ -5,6 +5,7 @@ from __future__ import annotations
 import logging

 from ..config import DEFAULT_PAGE_SIZE
+from ._safety import redact_params
 from .base import BooruClient, Post, _parse_date

 log = logging.getLogger("booru")
@ -23,7 +24,7 @@ class DanbooruClient(BooruClient):

        url = f"{self.base_url}/posts.json"
        log.info(f"GET {url}")
-        log.debug(f"  params: {params}")
+        log.debug(f"  params: {redact_params(params)}")
        resp = await self._request("GET", url, params=params)
        log.info(f"  -> {resp.status_code}")
        if resp.status_code != 200: