Allow load_verify_locations with only cadata passed (#133299)

2024-12-15 19:26:46 +01:00 · 2024-12-15 19:26:46 +01:00 · e951511132
parent 2a49378f4c
commit e951511132
2 changed files with 13 additions and 1 deletions
--- a/homeassistant/block_async_io.py
+++ b/homeassistant/block_async_io.py
@ -50,6 +50,12 @@ def _check_sleep_call_allowed(mapped_args: dict[str, Any]) -> bool:
    return False


+def _check_load_verify_locations_call_allowed(mapped_args: dict[str, Any]) -> bool:
+    # If only cadata is passed, we can ignore it
+    kwargs = mapped_args.get("kwargs")
+    return bool(kwargs and len(kwargs) == 1 and "cadata" in kwargs)
+
+
@dataclass(slots=True, frozen=True)
 class BlockingCall:
    """Class to hold information about a blocking call."""
@ -158,7 +164,7 @@ _BLOCKING_CALLS: tuple[BlockingCall, ...] = (
        original_func=SSLContext.load_verify_locations,
        object=SSLContext,
        function="load_verify_locations",
-        check_allowed=None,
+        check_allowed=_check_load_verify_locations_call_allowed,
        strict=False,
        strict_core=False,
        skip_for_tests=True,
--- a/tests/test_block_async_io.py
+++ b/tests/test_block_async_io.py
@ -429,6 +429,12 @@ async def test_protect_loop_load_verify_locations(
        context.load_verify_locations("/dev/null")
    assert "Detected blocking call to load_verify_locations" in caplog.text

+    # ignore with only cadata
+    caplog.clear()
+    with pytest.raises(ssl.SSLError):
+        context.load_verify_locations(cadata="xxx")
+    assert "Detected blocking call to load_verify_locations" not in caplog.text
+

 async def test_protect_loop_load_cert_chain(
    hass: HomeAssistant, caplog: pytest.LogCaptureFixture