From 15eccb445d61d8d5d2a40d2716ce755ec41167ec Mon Sep 17 00:00:00 2001
From: Yingfeng <yingfeng.zhang@gmail.com>
Date: Mon, 22 Dec 2025 11:59:50 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 59: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 common/http_client.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/common/http_client.py b/common/http_client.py
index d98db0e82..2bdfca91e 100644
--- a/common/http_client.py
+++ b/common/http_client.py
@@ -151,16 +151,16 @@ async def async_request(
             except httpx.RequestError as exc:
                 last_exc = exc
                 if attempt >= retries:
-                    if not _is_sensitive_url(url):
-                        log_url = _redact_sensitive_url_params(url)
-                        logger.warning(f"async_request exhausted retries for {method} {log_url}")
+                    # Do not log the full URL here to avoid leaking sensitive data.
+                    logger.warning(
+                        f"async_request exhausted retries for {method}; last error: {exc}"
+                    )
                     raise
                 delay = _get_delay(backoff_factor, attempt)
-                if not _is_sensitive_url(url):
-                    log_url = _redact_sensitive_url_params(url)
-                    logger.warning(
-                        f"async_request attempt {attempt + 1}/{retries + 1} failed for {method} {log_url}; retrying in {delay:.2f}s"
-                    )
+                # Avoid including the (potentially sensitive) URL in retry logs.
+                logger.warning(
+                    f"async_request attempt {attempt + 1}/{retries + 1} failed for {method}; retrying in {delay:.2f}s"
+                )
                 await asyncio.sleep(delay)
         raise last_exc  # pragma: no cover