From de7ef86f52dd93f8895cb0eaeb1411341941df3e Mon Sep 17 00:00:00 2001
From: ludeeus <joasoe@gmail.com>
Date: Fri, 16 Jun 2023 12:33:04 +0000
Subject: [PATCH] Disallow '

---
 supervisor/mounts/validate.py |  5 +++--
 tests/mounts/test_validate.py | 39 +++++++++++++++++++++++++++++++----
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/supervisor/mounts/validate.py b/supervisor/mounts/validate.py
index e20ff48ed..d327be098 100644
--- a/supervisor/mounts/validate.py
+++ b/supervisor/mounts/validate.py
@@ -21,6 +21,7 @@ from .const import (
 
 RE_MOUNT_NAME = re.compile(r"^\w+$")
 RE_PATH_PART = re.compile(r"^[^\\\/]+")
+RE_MOUNT_OPTION = re.compile(r"^[^']+$")
 
 VALIDATE_NAME = vol.Match(RE_MOUNT_NAME)
 VALIDATE_SERVER = vol.Match(RE_PATH_PART)
@@ -47,8 +48,8 @@ SCHEMA_MOUNT_CIFS = _SCHEMA_MOUNT_NETWORK.extend(
     {
         vol.Required(ATTR_TYPE): MountType.CIFS.value,
         vol.Required(ATTR_SHARE): VALIDATE_SHARE,
-        vol.Inclusive(ATTR_USERNAME, "basic_auth"): str,
-        vol.Inclusive(ATTR_PASSWORD, "basic_auth"): str,
+        vol.Inclusive(ATTR_USERNAME, "basic_auth"): vol.Match(RE_MOUNT_OPTION),
+        vol.Inclusive(ATTR_PASSWORD, "basic_auth"): vol.Match(RE_MOUNT_OPTION),
     }
 )
 
diff --git a/tests/mounts/test_validate.py b/tests/mounts/test_validate.py
index 46773af5d..c07a839db 100644
--- a/tests/mounts/test_validate.py
+++ b/tests/mounts/test_validate.py
@@ -1,5 +1,7 @@
 """Tests for mount manager validation."""
 
+import re
+
 import pytest
 from voluptuous import Invalid
 
@@ -15,6 +17,8 @@ async def test_valid_mounts():
             "type": "cifs",
             "server": "test.local",
             "share": "test",
+            "username": "admin",
+            "password": "p@assword!,=",
         }
     )
 
@@ -77,12 +81,39 @@ async def test_invalid_cifs():
         SCHEMA_MOUNT_CONFIG(base)
 
     # Path is for NFS
-    with pytest.raises(Invalid):
-        SCHEMA_MOUNT_CONFIG({"path": "backups"})
+    with pytest.raises(
+        Invalid, match=re.escape("required key not provided @ data['share']")
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "path": "backups"})
 
     # Username and password must be together
-    with pytest.raises(Invalid):
-        SCHEMA_MOUNT_CONFIG({"username": "admin"})
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "some but not all values in the same group of inclusion 'basic_auth' @ data[<basic_auth>]"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "share": "test", "username": "admin"})
+
+    # Username and password must be together
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "some but not all values in the same group of inclusion 'basic_auth' @ data[<basic_auth>]"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "share": "test", "password": "my=!pass"})
+
+    # Invalid password
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "does not match regular expression ^[^']+$ for dictionary value @ data['password']"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG(
+            {**base, "share": "test", "username": "admin", "password": "my=!pa'ss,"}
+        )
 
 
 async def test_invalid_nfs():