Potential fix for code scanning alert no. 59: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-12-23 23:16:58 +08:00 · 2025-12-22 11:59:50 +08:00
parent c7cf7aad4e
commit 15eccb445d
1 changed files with 8 additions and 8 deletions
--- a/common/http_client.py
+++ b/common/http_client.py
@ -151,16 +151,16 @@ async def async_request(
            except httpx.RequestError as exc:
                last_exc = exc
                if attempt >= retries:
-                    if not _is_sensitive_url(url):
-                        log_url = _redact_sensitive_url_params(url)
-                        logger.warning(f"async_request exhausted retries for {method} {log_url}")
+                    # Do not log the full URL here to avoid leaking sensitive data.
+                    logger.warning(
+                        f"async_request exhausted retries for {method}; last error: {exc}"
+                    )
                    raise
                delay = _get_delay(backoff_factor, attempt)
-                if not _is_sensitive_url(url):
-                    log_url = _redact_sensitive_url_params(url)
-                    logger.warning(
-                        f"async_request attempt {attempt + 1}/{retries + 1} failed for {method} {log_url}; retrying in {delay:.2f}s"
-                    )
+                # Avoid including the (potentially sensitive) URL in retry logs.
+                logger.warning(
+                    f"async_request attempt {attempt + 1}/{retries + 1} failed for {method}; retrying in {delay:.2f}s"
+                )
                await asyncio.sleep(delay)
        raise last_exc  # pragma: no cover