Replace redacted stream recorder credentials with '****' (#48832)

2021-04-08 21:44:17 +02:00 · 2021-04-08 21:44:17 +02:00 · b0aa64d59c
commit b0aa64d59c
parent 2dc46d4516
4 changed files with 12 additions and 13 deletions
--- a/homeassistant/components/stream/init.py
+++ b/homeassistant/components/stream/init.py
@ -39,7 +39,12 @@ from .hls import async_setup_hls

 _LOGGER = logging.getLogger(__name__)

-STREAM_SOURCE_RE = re.compile("//(.*):(.*)@")
+STREAM_SOURCE_RE = re.compile("//.*:.*@")
+
+
+def redact_credentials(data):
+    """Redact credentials from string data."""
+    return STREAM_SOURCE_RE.sub("//****:****@", data)


 def create_stream(hass, stream_source, options=None):
@ -176,9 +181,7 @@ class Stream:
                target=self._run_worker,
            )
            self._thread.start()
-            _LOGGER.info(
-                "Started stream: %s", STREAM_SOURCE_RE.sub("//", str(self.source))
-            )
+            _LOGGER.info("Started stream: %s", redact_credentials(str(self.source)))

    def update_source(self, new_source):
        """Restart the stream with a new stream source."""
@ -244,9 +247,7 @@ class Stream:
            self._thread_quit.set()
            self._thread.join()
            self._thread = None
-            _LOGGER.info(
-                "Stopped stream: %s", STREAM_SOURCE_RE.sub("//", str(self.source))
-            )
+            _LOGGER.info("Stopped stream: %s", redact_credentials(str(self.source)))

    async def async_record(self, video_path, duration=30, lookback=5):
        """Make a .mp4 recording from a provided stream."""
--- a/homeassistant/components/stream/worker.py
+++ b/homeassistant/components/stream/worker.py
@ -5,7 +5,7 @@ import logging

 import av

-from . import STREAM_SOURCE_RE
+from . import redact_credentials
 from .const import (
    AUDIO_CODECS,
    MAX_MISSING_DTS,
@ -128,9 +128,7 @@ def stream_worker(source, options, segment_buffer, quit_event):
    try:
        container = av.open(source, options=options, timeout=STREAM_TIMEOUT)
    except av.AVError:
-        _LOGGER.error(
-            "Error opening stream %s", STREAM_SOURCE_RE.sub("//", str(source))
-        )
+        _LOGGER.error("Error opening stream %s", redact_credentials(str(source)))
        return
    try:
        video_stream = container.streams.video[0]
--- a/tests/components/stream/test_recorder.py
+++ b/tests/components/stream/test_recorder.py
@ -266,4 +266,4 @@ async def test_recorder_log(hass, caplog):
    with patch.object(hass.config, "is_allowed_path", return_value=True):
        await stream.async_record("/example/path")
    assert "https://abcd:efgh@foo.bar" not in caplog.text
-    assert "https://foo.bar" in caplog.text
+    assert "https://****:****@foo.bar" in caplog.text
--- a/tests/components/stream/test_worker.py
+++ b/tests/components/stream/test_worker.py
@ -588,4 +588,4 @@ async def test_worker_log(hass, caplog):
        )
        await hass.async_block_till_done()
    assert "https://abcd:efgh@foo.bar" not in caplog.text
-    assert "https://foo.bar" in caplog.text
+    assert "https://****:****@foo.bar" in caplog.text