mirror/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-02-19 07:55:35 -07:00
Code Issues Packages Projects Releases Wiki Activity
12,808 Commits 111 Branches 586 Tags
2ceb6ee95b1abfac7e323906f6df2b4d7fdec529
Commit Graph

12808 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
J. Nick Koston
2ceb6ee95b Add comment explaining Windows-specific multiple_dots behavior 
On Windows, Path.resolve() treats '....' as parent traversal (403),
while on Unix it is a literal directory name that stays inside the
base directory (404).
 2026-02-08 07:55:48 -06:00
J. Nick Koston
b8cad678b1 URL-encode whitespace in empty file name test parameter 
Replace raw spaces with %20%20 to avoid flakiness from HTTP clients
handling unencoded spaces differently.
 2026-02-08 07:48:41 -06:00
J. Nick Koston
5c5bf50e49 Update test docstring to reflect validation instead of sanitization 2026-02-08 07:41:00 -06:00
J. Nick Koston
401d3c2056 Fix idedata test mock to use Path instead of str 
The test set mock_image.path to str, but FlashImage.path is a Path.
This masked a pre-existing bug where Path.endswith() doesn't exist.
Fix the mock to match the real type so as_posix() works correctly.
 2026-02-08 07:36:02 -06:00
J. Nick Koston
b650d2df31 Reject empty file names and fix FlashImage.path endswith call 
- Return 400 for empty or whitespace-only file_name to prevent the
  idedata fallback from matching everything via empty-string suffix.
- Use image.path.as_posix().endswith() since FlashImage.path is a Path
  object which does not have a string endswith method.
- Add parametrized test for empty/whitespace file name values.
 2026-02-08 07:32:00 -06:00
J. Nick Koston
43448d55f1 Guard against None firmware_bin_path and mock subprocess in tests 
- Add None check for storage_json.firmware_bin_path before computing
  base_dir (covers configs from StorageJSON.from_wizard()).
- Mock async_run_system_command in path traversal tests so paths that
  pass validation but don't exist return 404 deterministically.
- Add test for firmware_bin_path=None case.
 2026-02-08 07:23:24 -06:00
J. Nick Koston
e362e6fe2f Fix multiple_dots test for Windows path resolution 
On Windows, ....//secrets.yaml escapes the base directory (403),
while on Unix it stays inside (404). Use sys.platform to set the
expected status code per platform.
 2026-02-08 07:22:08 -06:00
J. Nick Koston
803b9a7a18 Update path traversal tests for resolve/relative_to behavior 
Real traversals that escape the base directory now return 403.
Paths like '....' that resolve inside the base directory but
don't exist return 404.
 2026-02-08 07:01:37 -06:00
J. Nick Koston
a40c87eeed [dashboard] Use resolve/relative_to for download path validation 
Replace string-based path sanitization (.replace/.lstrip) with
Path.resolve() and relative_to() validation, matching the
pattern used by other dashboard endpoints (e.g. settings.rel_path).

The previous approach was not exploitable but was inconsistent
with the rest of the codebase.
 2026-02-08 06:48:38 -06:00
schrob
7b40e8afcb [epaper_spi] Declare leaf classes final (#13776) 2026-02-07 19:21:37 -06:00
J. Nick Koston
a43e3e5948 [dashboard] Close WebSocket after process exit to prevent zombie connections (#13834) 2026-02-07 15:19:20 -06:00
schrob
9de91539e6 [epaper_spi] Add Waveshare 1.54-G (#13758) 2026-02-08 06:24:57 +11:00
tronikos
eb7aa3420f Add target_temperature to the template water heater (#13661) 
Co-authored-by: J. Nick Koston <nick@koston.org>
 2026-02-06 21:23:42 +01:00
J. Nick Koston
86f91eed2f [mqtt] Move switch string tables to PROGMEM_STRING_TABLE (#13802) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: pre-commit-ci-lite[bot] <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com>
 2026-02-06 19:30:05 +01:00
J. Nick Koston
41cecbfb0f [template] Convert alarm sensor type to PROGMEM_STRING_TABLE and narrow enum to uint8_t (#13804) 2026-02-06 18:22:26 +00:00
Jonathan Swoboda
9315da79bc [core] Add missing requests dependency to requirements.txt (#13803) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-06 13:03:16 -05:00
PolarGoose
155447f541 [dsmr] Fix issue with parsing lines like 1-0:0.2.0((ER11)) (#13780) 2026-02-06 12:53:59 -05:00
J. Nick Koston
238e40966f [light] Move CSWTCH lookup table to PROGMEM in get_suitable_color_modes_mask_ (#13801) 2026-02-06 17:33:26 +00:00
J. Nick Koston
f9192b5f75 [wifi] Avoid jump tables in LOG_STR switch statements to save ESP8266 RAM (#13799) 2026-02-06 18:20:46 +01:00
J. Nick Koston
2917057da8 [analyze-memory] Trace CSWTCH switch table symbols to source components (#13798) 
Co-authored-by: Jonathan Swoboda <154711427+swoboda1337@users.noreply.github.com>
 2026-02-06 18:08:30 +01:00
J. Nick Koston
c7c9ffe7e1 [light] Convert color_mode_to_human to PROGMEM_STRING_TABLE using to_bit() (#13797) 2026-02-06 17:38:03 +01:00
J. Nick Koston
368ef5687b [update] Move update_state_to_string to update component and convert to PROGMEM_STRING_TABLE (#13796) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 17:37:41 +01:00
J. Nick Koston
b7dc975331 [core] Convert entity string lookups to PROGMEM_STRING_TABLE (#13794) 2026-02-06 17:37:19 +01:00
J. Nick Koston
44f308502e [gpio] Convert interrupt_type_to_string to PROGMEM_STRING_TABLE (#13795) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 17:37:02 +01:00
J. Nick Koston
ec477801ca [wifi] Defer ESP8266 WiFi listener callbacks from system context to main loop (#13789) 2026-02-06 16:23:19 +00:00
J. Nick Koston
c3622ef7fb [http_request] Fix chunked transfer encoding on Arduino platforms (#13790) 2026-02-06 15:52:41 +01:00
J. Nick Koston
e4ad2082bc [core] Add PROGMEM_STRING_TABLE macro for flash-optimized string lookups (#13659) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 15:26:16 +01:00
Andrew Rankin
7afd0eb1aa [esp32_ble] include sdkconfig.h before ESP-Hosted preprocessor guards (#13787) 
Co-authored-by: Jonathan Swoboda <154711427+swoboda1337@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 11:36:55 +00:00
Clyde Stubbs
112a2c5d92 [const] Move some constants to common (#13788) 2026-02-06 20:11:08 +11:00
Jonathan Swoboda
fef5d3f88f [rdm6300] Add ID-20LA compatibility by skipping CR/LF bytes (#13779) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 04:10:22 -05:00
Jonathan Swoboda
8e461db301 [ota] Fix CLI upload option shown when only http_request platform configured (#13784) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 04:09:48 -05:00
dependabot[bot]
6decdfad26 Bump github/codeql-action from 4.32.1 to 4.32.2 (#13781) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-06 10:05:10 +01:00
Jonathan Swoboda
c7729cb019 [esp32] Use underscores in arduino_libs_stub folder name (#13785) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 09:51:13 +01:00
Marek Beran
ed4f00d4a3 [vbus] Add DeltaSol BS/2 support with sensors and binary sensors (#13762) 2026-02-05 23:11:14 -08:00
J. Nick Koston
55ef8393af [api] Remove is_single parameter and fix batch buffer preparation (#13773) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-05 15:19:03 +01:00
Jonathan Swoboda
081f953dc3 [core] Add capacity check to register_component_ (#13778) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 14:00:16 +00:00
J. Nick Koston
f4e410f47f [ci] Block new scanf() usage to prevent ~9.8KB flash bloat (#13657) 2026-02-06 02:56:43 +13:00
schrob
bbdb202e2c [epaper_spi] Refactor initialise for future use (#13774) 2026-02-06 02:26:47 +13:00
Jonathan Swoboda
9ea8461440 [esp32] Remove specific claims from framework migration message (#13777) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 11:41:17 +00:00
Jonathan Swoboda
ed8c0dc99d [esp32] Skip downloading precompiled Arduino libs (#13775) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 05:55:08 -05:00
J. Nick Koston
be44d4801f [esp32] Reduce Arduino build size by 44% and build time by 36% (#13623) 2026-02-05 10:52:43 +01:00
Jas Strong
7bd8b08e16 [rd03d] Revert incorrect field order swap (#13769) 
Co-authored-by: jas <jas@asspa.in>
 2026-02-05 03:06:52 -05:00
J. Nick Koston
c27870b15d [web_server] Add some more missing ESPHOME_F macros (#13748) 2026-02-05 06:36:40 +01:00
J. Nick Koston
25c0073b2d [web_server] Fix ESP8266 watchdog panic by deferring actions to main loop (#13765) 2026-02-05 06:20:04 +01:00
J. Nick Koston
a556824875 [logger] Refactor to reduce code duplication and flash size (#13750) 2026-02-05 06:19:13 +01:00
J. Nick Koston
89fc5ebc97 Fix bare hostname ping fallback in dashboard (#13760) 2026-02-05 06:18:03 +01:00
schrob
67dfa5e2bc [epaper_spi] Validate BUSY pin as input instead of output (#13764) 2026-02-04 23:39:03 +00:00
tomaszduda23
13ddf267bb [nrf52,zigbee] update warnings (#13761) 2026-02-04 15:18:24 -05:00
Jonathan Swoboda
43d9d6fe64 [esp32] Restore develop branch for dev platform version, bump platformio (#13759) 
Co-authored-by: Claude <noreply@anthropic.com>
 2026-02-04 15:12:42 -05:00
Copilot
4a579700a0 [cover] Add operation-based triggers and fix repeated trigger firing (#13471) 2026-02-05 06:52:14 +11:00