Apply similar logic to build checksums

2025-12-16 06:20:34 +00:00 · 2024-04-01 00:03:11 +02:00
parent a952a2e1e7
commit e02e597102
5 changed files with 31 additions and 6 deletions
--- a/ArchiSteamFarm/Core/ASF.cs
+++ b/ArchiSteamFarm/Core/ASF.cs
@@ -860,11 +860,16 @@ public static class ASF {

 			ArchiLogger.LogGenericInfo(Strings.FetchingChecksumFromRemoteServer);

-			string? remoteChecksum = await ArchiNet.FetchBuildChecksum(newVersion, SharedInfo.BuildInfo.Variant).ConfigureAwait(false);
+			// Keep short timeout allowed for this call, as we don't want to hold the flow for too long
+			using CancellationTokenSource archiNetCancellation = new(TimeSpan.FromSeconds(15));
+
+			string? remoteChecksum = await ArchiNet.FetchBuildChecksum(newVersion, SharedInfo.BuildInfo.Variant, archiNetCancellation.Token).ConfigureAwait(false);

 			switch (remoteChecksum) {
 				case null:
 					// Timeout or error, refuse to update as a security measure
+					ArchiLogger.LogGenericWarning(Strings.ChecksumTimeout);
+
 					return (false, newVersion);
 				case "":
 					// Unknown checksum, release too new or actual malicious build published, no need to scare the user as it's 99.99% the first
@@ -886,6 +891,7 @@ public static class ASF {
 			BinaryResponse? response;

 			try {
+				// ReSharper disable once MethodSupportsCancellation - the token initialized above is not meant to be passed here
 				response = await WebBrowser.UrlGetToBinary(binaryAsset.DownloadURL, progressReporter: progressReporter).ConfigureAwait(false);
 			} finally {
 				progressReporter.ProgressChanged -= onProgressChanged;
--- a/ArchiSteamFarm/Core/ArchiNet.cs
+++ b/ArchiSteamFarm/Core/ArchiNet.cs
@@ -55,7 +55,15 @@ internal static class ArchiNet {

 		Uri request = new(URL, $"/Api/Checksum/{version}/{variant}");

-		ObjectResponse<GenericResponse<string>>? response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<string>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
+		ObjectResponse<GenericResponse<string>>? response;
+
+		try {
+			response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<string>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
+		} catch (OperationCanceledException e) {
+			ASF.ArchiLogger.LogGenericDebuggingException(e);
+
+			return null;
+		}

 		if (response?.Content == null) {
 			return null;
@@ -184,12 +192,14 @@ internal static class ArchiNet {

 		Uri request = new(URL, "/Api/BadBots");

-		ObjectResponse<GenericResponse<ImmutableHashSet<ulong>>>? response = null;
+		ObjectResponse<GenericResponse<ImmutableHashSet<ulong>>>? response;

 		try {
 			response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<ImmutableHashSet<ulong>>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
 		} catch (OperationCanceledException e) {
 			ASF.ArchiLogger.LogGenericDebuggingException(e);
+
+			return (false, ASF.GlobalDatabase.CachedBadBots);
 		}

 		if (response?.Content?.Result == null) {
--- a/ArchiSteamFarm/Localization/Strings.Designer.cs
+++ b/ArchiSteamFarm/Localization/Strings.Designer.cs
@@ -1185,6 +1185,12 @@ namespace ArchiSteamFarm.Localization {
            }
        }
        
+        public static string ChecksumTimeout {
+            get {
+                return ResourceManager.GetString("ChecksumTimeout", resourceCulture);
+            }
+        }
+        
        public static string ChecksumWrong {
            get {
                return ResourceManager.GetString("ChecksumWrong", resourceCulture);
--- a/ArchiSteamFarm/Localization/Strings.resx
+++ b/ArchiSteamFarm/Localization/Strings.resx
@@ -731,6 +731,9 @@ Process uptime: {1}</value>
 	<data name="ChecksumMissing" xml:space="preserve">
 		<value>Remote server doesn't know anything about the release we're updating to. This situation is possible if the release was published recently - refusing to proceed with the update procedure right away as an additional security measure.</value>
 	</data>
+	<data name="ChecksumTimeout" xml:space="preserve">
+		<value>Failed to fetch checksum of the downloaded binary - refusing to proceed with the update procedure at this time as an additional security measure.</value>
+	</data>
 	<data name="ChecksumWrong" xml:space="preserve">
 		<value>Remote server has replied with a different checksum, this might indicate corrupted download or MITM attack, refusing to proceed with the update procedure!</value>
 	</data>
--- a/ArchiSteamFarm/Steam/Exchange/Trading.cs
+++ b/ArchiSteamFarm/Steam/Exchange/Trading.cs
@@ -396,10 +396,10 @@ public sealed class Trading : IDisposable {

 			// Deny trades from bad steamIDs if user wishes to do so
 			if (ASF.GlobalConfig?.FilterBadBots ?? GlobalConfig.DefaultFilterBadBots) {
-				// Allow no longer than 10 seconds timeout for BadBot call, as we don't want to hold the trade offer for too long
-				using CancellationTokenSource cts = new(TimeSpan.FromSeconds(10));
+				// Keep short timeout allowed for this call, as we don't want to hold the flow for too long
+				using CancellationTokenSource archiNetCancellation = new(TimeSpan.FromSeconds(15));

-				bool? isBadBot = await ArchiNet.IsBadBot(tradeOffer.OtherSteamID64, cts.Token).ConfigureAwait(false);
+				bool? isBadBot = await ArchiNet.IsBadBot(tradeOffer.OtherSteamID64, archiNetCancellation.Token).ConfigureAwait(false);

 				if (isBadBot == true) {
 					Bot.ArchiLogger.LogGenericDebug(string.Format(CultureInfo.CurrentCulture, Strings.BotTradeOfferResult, tradeOffer.TradeOfferID, ParseTradeResult.EResult.Blacklisted, $"{nameof(tradeOffer.OtherSteamID64)} {tradeOffer.OtherSteamID64}"));