From 01fbc4257bda1d5e4b40ae023ad21b819a590133 Mon Sep 17 00:00:00 2001
From: Robert Svensson <Kane610@users.noreply.github.com>
Date: Sun, 23 Jan 2022 11:24:46 +0100
Subject: [PATCH] Redact possibly sensitive information in deCONZ diagnostics
 data (#64754)

---
 .../components/deconz/diagnostics.py          | 12 +++++++++--
 tests/components/deconz/test_diagnostics.py   | 20 +++++++++++++++----
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/homeassistant/components/deconz/diagnostics.py b/homeassistant/components/deconz/diagnostics.py
index f89c7c09849..7156b8638e4 100644
--- a/homeassistant/components/deconz/diagnostics.py
+++ b/homeassistant/components/deconz/diagnostics.py
@@ -3,11 +3,16 @@ from __future__ import annotations
 
 from typing import Any
 
+from homeassistant.components.diagnostics import async_redact_data
 from homeassistant.config_entries import ConfigEntry
+from homeassistant.const import CONF_API_KEY
 from homeassistant.core import HomeAssistant
 
 from .gateway import get_gateway_from_config_entry
 
+REDACT_CONFIG = {CONF_API_KEY}
+REDACT_DECONZ_CONFIG = {"bridgeid", "mac", "panid"}
+
 
 async def async_get_config_entry_diagnostics(
     hass: HomeAssistant, config_entry: ConfigEntry
@@ -16,8 +21,11 @@ async def async_get_config_entry_diagnostics(
     gateway = get_gateway_from_config_entry(hass, config_entry)
     diag: dict[str, Any] = {}
 
-    diag["config_entry"] = dict(config_entry.data)
-    diag["deconz_config"] = gateway.api.config.raw
+    diag["config"] = async_redact_data(config_entry.data, REDACT_CONFIG)
+    diag["options"] = dict(config_entry.options)
+    diag["deconz_config"] = async_redact_data(
+        gateway.api.config.raw, REDACT_DECONZ_CONFIG
+    )
     diag["websocket_state"] = gateway.api.websocket.state
     diag["deconz_ids"] = gateway.deconz_ids
     diag["entities"] = gateway.entities
diff --git a/tests/components/deconz/test_diagnostics.py b/tests/components/deconz/test_diagnostics.py
index 2602e97176f..1e3e0f77325 100644
--- a/tests/components/deconz/test_diagnostics.py
+++ b/tests/components/deconz/test_diagnostics.py
@@ -2,9 +2,11 @@
 
 from pydeconz.websocket import STATE_RUNNING
 
-from homeassistant.const import Platform
+from homeassistant.components.deconz.const import CONF_MASTER_GATEWAY
+from homeassistant.components.diagnostics import REDACTED
+from homeassistant.const import CONF_API_KEY, CONF_HOST, CONF_PORT, Platform
 
-from .test_gateway import DECONZ_CONFIG, setup_deconz_integration
+from .test_gateway import HOST, PORT, setup_deconz_integration
 
 from tests.components.diagnostics import get_diagnostics_for_config_entry
 
@@ -19,8 +21,18 @@ async def test_entry_diagnostics(
     await hass.async_block_till_done()
 
     assert await get_diagnostics_for_config_entry(hass, hass_client, config_entry) == {
-        "config_entry": dict(config_entry.data),
-        "deconz_config": DECONZ_CONFIG,
+        "config": {CONF_API_KEY: REDACTED, CONF_HOST: HOST, CONF_PORT: PORT},
+        "options": {CONF_MASTER_GATEWAY: True},
+        "deconz_config": {
+            "bridgeid": REDACTED,
+            "ipaddress": HOST,
+            "mac": REDACTED,
+            "modelid": "deCONZ",
+            "name": "deCONZ mock gateway",
+            "sw_version": "2.05.69",
+            "uuid": "1234",
+            "websocketport": 1234,
+        },
         "websocket_state": STATE_RUNNING,
         "deconz_ids": {},
         "entities": {