Potential fix for code scanning alert no. 59: Clear-text logging of sensitive information

yingfeng · github-advanced-security[bot] · web-flow · commit 15eccb445d61 · 2025-12-22T11:59:50.000+08:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/common/http_client.py b/common/http_client.py
@@ -151,16 +151,16 @@ async def async_request(
             except httpx.RequestError as exc:
                 last_exc = exc
                 if attempt >= retries:
-                    if not _is_sensitive_url(url):
-                        log_url = _redact_sensitive_url_params(url)
-                        logger.warning(f"async_request exhausted retries for {method} {log_url}")
-                    raise
-                delay = _get_delay(backoff_factor, attempt)
-                if not _is_sensitive_url(url):
-                    log_url = _redact_sensitive_url_params(url)
+                    # Do not log the full URL here to avoid leaking sensitive data.
                     logger.warning(
-                        f"async_request attempt {attempt + 1}/{retries + 1} failed for {method} {log_url}; retrying in {delay:.2f}s"
+                        f"async_request exhausted retries for {method}; last error: {exc}"
                     )
+                    raise
+                delay = _get_delay(backoff_factor, attempt)
+                # Avoid including the (potentially sensitive) URL in retry logs.
+                logger.warning(
+                    f"async_request attempt {attempt + 1}/{retries + 1} failed for {method}; retrying in {delay:.2f}s"
+                )
                 await asyncio.sleep(delay)
         raise last_exc  # pragma: no cover
 
