mirror of
https://github.com/home-assistant/core.git
synced 2025-07-23 21:27:38 +00:00
Don't allow recursive secrets loading (#41812)
Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
This commit is contained in:
parent
a5a45f29e2
commit
27d16af36b
@ -275,6 +275,11 @@ def _load_secret_yaml(secret_path: str) -> JSON_TYPE:
|
|||||||
|
|
||||||
def secret_yaml(loader: SafeLineLoader, node: yaml.nodes.Node) -> JSON_TYPE:
|
def secret_yaml(loader: SafeLineLoader, node: yaml.nodes.Node) -> JSON_TYPE:
|
||||||
"""Load secrets and embed it into the configuration YAML."""
|
"""Load secrets and embed it into the configuration YAML."""
|
||||||
|
if os.path.basename(loader.name) == SECRET_YAML:
|
||||||
|
_LOGGER.error("secrets.yaml: attempt to load secret from within secrets file")
|
||||||
|
raise HomeAssistantError(
|
||||||
|
"secrets.yaml: attempt to load secret from within secrets file"
|
||||||
|
)
|
||||||
secret_path = os.path.dirname(loader.name)
|
secret_path = os.path.dirname(loader.name)
|
||||||
while True:
|
while True:
|
||||||
secrets = _load_secret_yaml(secret_path)
|
secrets = _load_secret_yaml(secret_path)
|
||||||
|
@ -463,6 +463,17 @@ def test_duplicate_key(caplog):
|
|||||||
assert "contains duplicate key" in caplog.text
|
assert "contains duplicate key" in caplog.text
|
||||||
|
|
||||||
|
|
||||||
|
def test_no_recursive_secrets(caplog):
|
||||||
|
"""Test that loading of secrets from the secrets file fails correctly."""
|
||||||
|
files = {YAML_CONFIG_FILE: "key: !secret a", yaml.SECRET_YAML: "a: 1\nb: !secret a"}
|
||||||
|
with patch_yaml_files(files), pytest.raises(HomeAssistantError) as e:
|
||||||
|
load_yaml_config_file(YAML_CONFIG_FILE)
|
||||||
|
assert e.value.args == (
|
||||||
|
"secrets.yaml: attempt to load secret from within secrets file",
|
||||||
|
)
|
||||||
|
assert "attempt to load secret from within secrets file" in caplog.text
|
||||||
|
|
||||||
|
|
||||||
def test_input_class():
|
def test_input_class():
|
||||||
"""Test input class."""
|
"""Test input class."""
|
||||||
input = yaml_loader.Input("hello")
|
input = yaml_loader.Input("hello")
|
||||||
|
Loading…
x
Reference in New Issue
Block a user