Redact possibly sensitive information in deCONZ diagnostics data (#64754)

2022-01-23 11:24:46 +01:00 · 2022-01-23 11:24:46 +01:00 · 01fbc4257b
commit 01fbc4257b
parent 06ef6bf38e
2 changed files with 26 additions and 6 deletions
--- a/homeassistant/components/deconz/diagnostics.py
+++ b/homeassistant/components/deconz/diagnostics.py
@ -3,11 +3,16 @@ from __future__ import annotations

 from typing import Any

+from homeassistant.components.diagnostics import async_redact_data
 from homeassistant.config_entries import ConfigEntry
+from homeassistant.const import CONF_API_KEY
 from homeassistant.core import HomeAssistant

 from .gateway import get_gateway_from_config_entry

+REDACT_CONFIG = {CONF_API_KEY}
+REDACT_DECONZ_CONFIG = {"bridgeid", "mac", "panid"}
+

 async def async_get_config_entry_diagnostics(
    hass: HomeAssistant, config_entry: ConfigEntry
@ -16,8 +21,11 @@ async def async_get_config_entry_diagnostics(
    gateway = get_gateway_from_config_entry(hass, config_entry)
    diag: dict[str, Any] = {}

-    diag["config_entry"] = dict(config_entry.data)
-    diag["deconz_config"] = gateway.api.config.raw
+    diag["config"] = async_redact_data(config_entry.data, REDACT_CONFIG)
+    diag["options"] = dict(config_entry.options)
+    diag["deconz_config"] = async_redact_data(
+        gateway.api.config.raw, REDACT_DECONZ_CONFIG
+    )
    diag["websocket_state"] = gateway.api.websocket.state
    diag["deconz_ids"] = gateway.deconz_ids
    diag["entities"] = gateway.entities
--- a/tests/components/deconz/test_diagnostics.py
+++ b/tests/components/deconz/test_diagnostics.py
@ -2,9 +2,11 @@

 from pydeconz.websocket import STATE_RUNNING

-from homeassistant.const import Platform
+from homeassistant.components.deconz.const import CONF_MASTER_GATEWAY
+from homeassistant.components.diagnostics import REDACTED
+from homeassistant.const import CONF_API_KEY, CONF_HOST, CONF_PORT, Platform

-from .test_gateway import DECONZ_CONFIG, setup_deconz_integration
+from .test_gateway import HOST, PORT, setup_deconz_integration

 from tests.components.diagnostics import get_diagnostics_for_config_entry

@ -19,8 +21,18 @@ async def test_entry_diagnostics(
    await hass.async_block_till_done()

    assert await get_diagnostics_for_config_entry(hass, hass_client, config_entry) == {
-        "config_entry": dict(config_entry.data),
-        "deconz_config": DECONZ_CONFIG,
+        "config": {CONF_API_KEY: REDACTED, CONF_HOST: HOST, CONF_PORT: PORT},
+        "options": {CONF_MASTER_GATEWAY: True},
+        "deconz_config": {
+            "bridgeid": REDACTED,
+            "ipaddress": HOST,
+            "mac": REDACTED,
+            "modelid": "deCONZ",
+            "name": "deCONZ mock gateway",
+            "sw_version": "2.05.69",
+            "uuid": "1234",
+            "websocketport": 1234,
+        },
        "websocket_state": STATE_RUNNING,
        "deconz_ids": {},
        "entities": {