Don't expose config or diagnostic entities to Google Assistant (#57669)

2025-07-23 05:07:41 +00:00 · 2021-10-15 18:12:34 +02:00 · 2021-10-15 18:12:34 +02:00 · 8b33aa3702
commit 8b33aa3702
parent 7c1ba8be3d
2 changed files with 43 additions and 2 deletions
--- a/homeassistant/components/google_assistant/http.py
+++ b/homeassistant/components/google_assistant/http.py
@ -12,9 +12,12 @@ import jwt
 from homeassistant.components.http import HomeAssistantView
 from homeassistant.const import (
    CLOUD_NEVER_EXPOSED_ENTITIES,
+    ENTITY_CATEGORY_CONFIG,
+    ENTITY_CATEGORY_DIAGNOSTIC,
    HTTP_INTERNAL_SERVER_ERROR,
    HTTP_UNAUTHORIZED,
 )
+from homeassistant.helpers import entity_registry as er
 from homeassistant.helpers.aiohttp_client import async_get_clientsession
 from homeassistant.util import dt as dt_util

@ -112,16 +115,30 @@ class GoogleConfig(AbstractConfig):
        if state.entity_id in CLOUD_NEVER_EXPOSED_ENTITIES:
            return False

+        entity_registry = er.async_get(self.hass)
+        registry_entry = entity_registry.async_get(state.entity_id)
+        if registry_entry:
+            auxiliary_entity = registry_entry.entity_category in (
+                ENTITY_CATEGORY_CONFIG,
+                ENTITY_CATEGORY_DIAGNOSTIC,
+            )
+        else:
+            auxiliary_entity = False
+
        explicit_expose = self.entity_config.get(state.entity_id, {}).get(CONF_EXPOSE)

        domain_exposed_by_default = (
            expose_by_default and state.domain in exposed_domains
        )

-        # Expose an entity if the entity's domain is exposed by default and
+        # Expose an entity by default if the entity's domain is exposed by default
+        # and the entity is not a config or diagnostic entity
+        entity_exposed_by_default = domain_exposed_by_default and not auxiliary_entity
+
+        # Expose an entity if the entity's is exposed by default and
        # the configuration doesn't explicitly exclude it from being
        # exposed, or if the entity is explicitly exposed
-        is_default_exposed = domain_exposed_by_default and explicit_expose is not False
+        is_default_exposed = entity_exposed_by_default and explicit_expose is not False

        return is_default_exposed or explicit_expose

--- a/tests/components/google_assistant/test_google_assistant.py
+++ b/tests/components/google_assistant/test_google_assistant.py
@ -22,6 +22,8 @@ from homeassistant.const import CLOUD_NEVER_EXPOSED_ENTITIES

 from . import DEMO_DEVICES

+from tests.common import mock_registry
+
 API_PASSWORD = "test1234"

 PROJECT_ID = "hasstest-1234"
@ -123,6 +125,28 @@ def hass_fixture(loop, hass):

 async def test_sync_request(hass_fixture, assistant_client, auth_header):
    """Test a sync request."""
+
+    entity_registry = mock_registry(hass_fixture)
+
+    entity_entry1 = entity_registry.async_get_or_create(
+        "switch",
+        "test",
+        "switch_config_id",
+        suggested_object_id="config_switch",
+        entity_category="config",
+    )
+    entity_entry2 = entity_registry.async_get_or_create(
+        "switch",
+        "test",
+        "switch_diagnostic_id",
+        suggested_object_id="diagnostic_switch",
+        entity_category="diagnostic",
+    )
+
+    # These should not show up in the sync request
+    hass_fixture.states.async_set(entity_entry1.entity_id, "on")
+    hass_fixture.states.async_set(entity_entry2.entity_id, "something_else")
+
    reqid = "5711642932632160983"
    data = {"requestId": reqid, "inputs": [{"intent": "action.devices.SYNC"}]}
    result = await assistant_client.post(