search

blakeblackshear / frigate-hass-integration

Frigate integration for Home Assistant
MIT License
726 stars 114 forks source link

Home Assistant Integration Diagnostics leak RTSP user and password #668

Closed 36grad closed 4 months ago

36grad commented 5 months ago

Version of the custom_component

"5.1.0"

Configuration

n/a

Describe the bug

The downloaded diagnostics for the custom integration contain the frigate cionfiguration. And while some data is redacted, the go2rtc section shows each conbfigured RTSP URL including user name and password.

      "go2rtc": {
        "streams": {
          "camera_1": [
            "rtsp://user:password@camera1.example.com:554/Streaming/Channels/101?transportmode=unicast&profile=Profile_1"
          ],
          ...

This needs information to be redacted as it is not related to the custom integration and this data should not be stored on the home assistant server in the first place.

Debug log

In Home assistant, go to Settings --> Integrations --> Frigate, click the three dots, select "Download Diagnostics" and check the downloaded JSON file.

github-actions[bot] commented 4 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.