Fix media player image url password logged (#64293)

2025-07-21 20:27:08 +00:00 · 2022-01-18 08:02:02 +01:00 · 2022-01-18 08:02:02 +01:00 · ef1e56dfe1
commit ef1e56dfe1
parent 9718fd2534
2 changed files with 39 additions and 0 deletions
--- a/homeassistant/components/media_player/init.py
+++ b/homeassistant/components/media_player/init.py
@ -1008,6 +1008,12 @@ class MediaPlayerEntity(Entity):
                    content_type = content_type.split(";")[0]

        if content is None:
+            url_parts = URL(url)
+            if url_parts.user is not None:
+                url_parts = url_parts.with_user("xxxx")
+            if url_parts.password is not None:
+                url_parts = url_parts.with_password("xxxxxxxx")
+            url = str(url_parts)
            _LOGGER.warning("Error retrieving proxied image from %s", url)

        return content, content_type
--- a/tests/components/media_player/test_init.py
+++ b/tests/components/media_player/test_init.py
@ -1,5 +1,7 @@
 """Test the base functions of the media player."""
+import asyncio
 import base64
+from http import HTTPStatus
 from unittest.mock import patch

 from homeassistant.components import media_player
@ -92,6 +94,37 @@ async def test_get_image_http_remote(hass, hass_client_no_auth):
        assert content == b"image"


+async def test_get_image_http_log_credentials_redacted(
+    hass, hass_client_no_auth, aioclient_mock, caplog
+):
+    """Test credentials are redacted when logging url when fetching image."""
+    url = "http://vi:pass@example.com/default.jpg"
+    with patch(
+        "homeassistant.components.demo.media_player.DemoYoutubePlayer.media_image_url",
+        url,
+    ):
+        await async_setup_component(
+            hass, "media_player", {"media_player": {"platform": "demo"}}
+        )
+        await hass.async_block_till_done()
+
+        state = hass.states.get("media_player.bedroom")
+        assert "entity_picture_local" not in state.attributes
+
+        aioclient_mock.get(url, exc=asyncio.TimeoutError())
+
+        client = await hass_client_no_auth()
+
+        resp = await client.get(state.attributes["entity_picture"])
+
+    assert resp.status == HTTPStatus.INTERNAL_SERVER_ERROR
+    assert f"Error retrieving proxied image from {url}" not in caplog.text
+    assert (
+        "Error retrieving proxied image from "
+        f"{url.replace('pass', 'xxxxxxxx').replace('vi', 'xxxx')}"
+    ) in caplog.text
+
+
 async def test_get_async_get_browse_image(hass, hass_client_no_auth, hass_ws_client):
    """Test get browse image."""
    await async_setup_component(