Check for known Hue vulnerability (#31494)

2020-02-05 13:57:17 -08:00 · 2020-02-05 13:57:17 -08:00 · f7f8de41e2
commit f7f8de41e2
parent 6a4d9d3a73
2 changed files with 48 additions and 3 deletions
--- a/homeassistant/components/hue/init.py
+++ b/homeassistant/components/hue/init.py
@ -6,6 +6,7 @@ from aiohue.util import normalize_bridge_id
 import voluptuous as vol

 from homeassistant import config_entries, core
+from homeassistant.components import persistent_notification
 from homeassistant.const import CONF_HOST
 from homeassistant.helpers import config_validation as cv, device_registry as dr

@ -142,8 +143,20 @@ async def async_setup_entry(
        sw_version=config.swversion,
    )

-    if config.swupdate2_bridge_state == "readytoinstall":
-        err = "Please check for software updates of the bridge in the Philips Hue App."
+    if config.modelid == "BSB002" and config.swversion < "1935144040":
+        persistent_notification.async_create(
+            hass,
+            "Your Hue hub has a known security vulnerability ([CVE-2020-6007](https://cve.circl.lu/cve/CVE-2020-6007)). Go to the Hue app and check for software updates.",
+            "Signify Hue",
+            "hue_hub_firmware",
+        )
+
+    elif config.swupdate2_bridge_state == "readytoinstall":
+        err = (
+            "Please check for software updates of the bridge in the Philips Hue App.",
+            "Signify Hue",
+            "hue_hub_firmware",
+        )
        _LOGGER.warning(err)

    return True
--- a/tests/components/hue/test_init.py
+++ b/tests/components/hue/test_init.py
@ -1,5 +1,7 @@
 """Test Hue setup process."""
-from unittest.mock import Mock, patch
+from unittest.mock import Mock
+
+from asynctest import CoroutineMock, patch

 from homeassistant.components import hue
 from homeassistant.setup import async_setup_component
@ -184,3 +186,33 @@ async def test_setting_unique_id(hass):
        assert await async_setup_component(hass, hue.DOMAIN, {}) is True

    assert entry.unique_id == "mock-id"
+
+
+async def test_security_vuln_check(hass):
+    """Test that we report security vulnerabilities."""
+    assert await async_setup_component(hass, "persistent_notification", {})
+    entry = MockConfigEntry(domain=hue.DOMAIN, data={"host": "0.0.0.0"})
+    entry.add_to_hass(hass)
+
+    with patch.object(
+        hue,
+        "HueBridge",
+        Mock(
+            return_value=Mock(
+                async_setup=CoroutineMock(return_value=True),
+                api=Mock(
+                    config=Mock(
+                        bridgeid="", mac="", modelid="BSB002", swversion="1935144020"
+                    )
+                ),
+            )
+        ),
+    ):
+
+        assert await async_setup_component(hass, "hue", {})
+
+    await hass.async_block_till_done()
+
+    state = hass.states.get("persistent_notification.hue_hub_firmware")
+    assert state is not None
+    assert "CVE-2020-6007" in state.attributes["message"]