-
-
Notifications
You must be signed in to change notification settings - Fork 29.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate slug in addon services #99232
Conversation
|
Hey there @home-assistant/supervisor, mind taking a look at this pull request as it has been labeled with an integration ( Code owner commandsCode owners of
|
aa415bc
to
48f09ff
Compare
c8b26ef
to
9314533
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you cover the 2 missing lines
|
Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍 |
| @@ -530,6 +531,11 @@ async def send_command( | |||
|
|
|||
| This method is a coroutine. | |||
| """ | |||
| url = f"http://{self._ip}{command}" | |||
| if url != str(URL(url)): | |||
| _LOGGER.error("Invalid request %s", command) | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Side note: Long term it would be better to pass the message to the exception and let the caller handle it, instead of logging it here.
Proposed change
Validate the addon field is actually an existing addon slug in all services related to addons.
Type of change
Additional information
Checklist
black --fast homeassistant tests)If user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
Updated and included derived files by running:
python3 -m script.hassfest.requirements_all.txt.Updated by running
python3 -m script.gen_requirements_all..coveragerc.To help with the load of incoming pull requests: