0xbyt4 25fb9aafcb fix: add service domain blocklist and entity_id validation to HA tools ...

Block dangerous HA service domains (shell_command, command_line,
python_script, pyscript, hassio, rest_command) that allow arbitrary
code execution or SSRF. Add regex validation for entity_id to prevent
path traversal attacks. 17 new tests covering both security features.

2026-03-01 11:53:50 +03:00

15 KiB

Raw Blame History

View Raw