Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't print MQTT credentials to log #37364

Merged
merged 2 commits into from
Jul 3, 2020
Merged

Don't print MQTT credentials to log #37364

merged 2 commits into from
Jul 3, 2020

Conversation

emontnemery
Copy link
Contributor

Proposed change

Don't print MQTT credentials to log

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

Checklist

  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • The code has been formatted using Black (black --fast homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • Untested files have been added to .coveragerc.

The integration reached or maintains the following Integration Quality Scale:

  • No score or internal
  • 🥈 Silver
  • 🥇 Gold
  • 🏆 Platinum

@probot-home-assistant
Copy link

Hey there @home-assistant/core, mind taking a look at this pull request as its been labeled with an integration (mqtt) you are listed as a codeowner for? Thanks!
(message by CodeOwnersMention)

@emontnemery emontnemery added this to the 0.112.1 milestone Jul 2, 2020
balloob
balloob reviewed Jul 2, 2020
View reviewed changes
homeassistant/components/mqtt/__init__.py Outdated
Comment on lines 480 to 481
tmp_data.pop(CONF_PASSWORD, None)
tmp_data.pop(CONF_USERNAME, None)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of popping it, should we replace it with ******** ? And maybe only password ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also wonder if we can actually specify which keys are going to be overridden, not just show all the data ?

Copy link
Contributor Author

@emontnemery emontnemery Jul 3, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, improved to replace the password with ********.
It will now print all keys present in both the config entry, and in configuration.yaml, including those which are implicitly present because they have default values.

It could print only keys which actually differ?

@balloob balloob removed this from the 0.112.1 milestone Jul 2, 2020
@balloob
Copy link
Member

balloob commented Jul 2, 2020

Clearing from current milestone, as I am prepping it now. Will target 112.2.

@balloob balloob added this to the 0.112.2 milestone Jul 2, 2020
balloob
balloob reviewed Jul 3, 2020
View reviewed changes
homeassistant/components/mqtt/__init__.py
tmp_data = dict(entry.data)
tmp_data.pop(CONF_PASSWORD, None)
tmp_data.pop(CONF_USERNAME, None)
shared_keys = conf.keys() & entry.data.keys()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't know this was a thing. Nice.

@balloob balloob merged commit cd5f6a0 into home-assistant:dev Jul 3, 2020
balloob pushed a commit that referenced this pull request Jul 3, 2020
@emontnemery @balloob
Don't print MQTT credentials to log (#37364)
08ebc4c
@balloob balloob mentioned this pull request Jul 3, 2020
Merged
@pvizeli
Copy link
Member

pvizeli commented Jul 4, 2020

Maybe somethings like: https://github.com/home-assistant/core/blob/dev/homeassistant/util/logging.py#L15 ?

@emontnemery emontnemery deleted the mqtt_spill_secrets branch October 14, 2020 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balloob balloob balloob approved these changes

Assignees
No one assigned
Labels
bugfix by-code-owner cherry-picked cla-signed core integration: mqtt small-pr PRs with less than 30 lines.
Projects
None yet
Milestone
0.112.2
Development

Successfully merging this pull request may close these issues.

MQTT integration exposing broker credentials in log entry
4 participants
@emontnemery @balloob @pvizeli @homeassistant