Apply similar logic to build checksums

JustArchiNET · Mar 31, 2024 · e02e597 · e02e597
1 parent a952a2e
commit e02e597
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 6 deletions.
diff --git a/ArchiSteamFarm/Core/ASF.cs b/ArchiSteamFarm/Core/ASF.cs
@@ -860,11 +860,16 @@ private static async Task UpdateAndRestart() {
 
 			ArchiLogger.LogGenericInfo(Strings.FetchingChecksumFromRemoteServer);
 
-			string? remoteChecksum = await ArchiNet.FetchBuildChecksum(newVersion, SharedInfo.BuildInfo.Variant).ConfigureAwait(false);
+			// Keep short timeout allowed for this call, as we don't want to hold the flow for too long
+			using CancellationTokenSource archiNetCancellation = new(TimeSpan.FromSeconds(15));
+
+			string? remoteChecksum = await ArchiNet.FetchBuildChecksum(newVersion, SharedInfo.BuildInfo.Variant, archiNetCancellation.Token).ConfigureAwait(false);
 
 			switch (remoteChecksum) {
 				case null:
 					// Timeout or error, refuse to update as a security measure
+					ArchiLogger.LogGenericWarning(Strings.ChecksumTimeout);
+
 					return (false, newVersion);
 				case "":
 					// Unknown checksum, release too new or actual malicious build published, no need to scare the user as it's 99.99% the first
@@ -886,6 +891,7 @@ private static async Task UpdateAndRestart() {
 			BinaryResponse? response;
 
 			try {
+				// ReSharper disable once MethodSupportsCancellation - the token initialized above is not meant to be passed here
 				response = await WebBrowser.UrlGetToBinary(binaryAsset.DownloadURL, progressReporter: progressReporter).ConfigureAwait(false);
 			} finally {
 				progressReporter.ProgressChanged -= onProgressChanged;

diff --git a/ArchiSteamFarm/Core/ArchiNet.cs b/ArchiSteamFarm/Core/ArchiNet.cs
@@ -55,7 +55,15 @@ internal static class ArchiNet {
 
 		Uri request = new(URL, $"/Api/Checksum/{version}/{variant}");
 
-		ObjectResponse<GenericResponse<string>>? response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<string>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
+		ObjectResponse<GenericResponse<string>>? response;
+
+		try {
+			response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<string>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
+		} catch (OperationCanceledException e) {
+			ASF.ArchiLogger.LogGenericDebuggingException(e);
+
+			return null;
+		}
 
 		if (response?.Content == null) {
 			return null;
@@ -184,12 +192,14 @@ internal static class ArchiNet {
 
 		Uri request = new(URL, "/Api/BadBots");
 
-		ObjectResponse<GenericResponse<ImmutableHashSet<ulong>>>? response = null;
+		ObjectResponse<GenericResponse<ImmutableHashSet<ulong>>>? response;
 
 		try {
 			response = await ASF.WebBrowser.UrlGetToJsonObject<GenericResponse<ImmutableHashSet<ulong>>>(request, cancellationToken: cancellationToken).ConfigureAwait(false);
 		} catch (OperationCanceledException e) {
 			ASF.ArchiLogger.LogGenericDebuggingException(e);
+
+			return (false, ASF.GlobalDatabase.CachedBadBots);
 		}
 
 		if (response?.Content?.Result == null) {

diff --git a/ArchiSteamFarm/Localization/Strings.Designer.cs b/ArchiSteamFarm/Localization/Strings.Designer.cs
diff --git a/ArchiSteamFarm/Localization/Strings.resx b/ArchiSteamFarm/Localization/Strings.resx
@@ -731,6 +731,9 @@ Process uptime: {1}</value>
 	<data name="ChecksumMissing" xml:space="preserve">
 		<value>Remote server doesn't know anything about the release we're updating to. This situation is possible if the release was published recently - refusing to proceed with the update procedure right away as an additional security measure.</value>
 	</data>
+	<data name="ChecksumTimeout" xml:space="preserve">
+		<value>Failed to fetch checksum of the downloaded binary - refusing to proceed with the update procedure at this time as an additional security measure.</value>
+	</data>
 	<data name="ChecksumWrong" xml:space="preserve">
 		<value>Remote server has replied with a different checksum, this might indicate corrupted download or MITM attack, refusing to proceed with the update procedure!</value>
 	</data>

diff --git a/ArchiSteamFarm/Steam/Exchange/Trading.cs b/ArchiSteamFarm/Steam/Exchange/Trading.cs
@@ -396,10 +396,10 @@ private async Task<ParseTradeResult> ParseTrade(TradeOffer tradeOffer) {
 
 			// Deny trades from bad steamIDs if user wishes to do so
 			if (ASF.GlobalConfig?.FilterBadBots ?? GlobalConfig.DefaultFilterBadBots) {
-				// Allow no longer than 10 seconds timeout for BadBot call, as we don't want to hold the trade offer for too long
-				using CancellationTokenSource cts = new(TimeSpan.FromSeconds(10));
+				// Keep short timeout allowed for this call, as we don't want to hold the flow for too long
+				using CancellationTokenSource archiNetCancellation = new(TimeSpan.FromSeconds(15));
 
-				bool? isBadBot = await ArchiNet.IsBadBot(tradeOffer.OtherSteamID64, cts.Token).ConfigureAwait(false);
+				bool? isBadBot = await ArchiNet.IsBadBot(tradeOffer.OtherSteamID64, archiNetCancellation.Token).ConfigureAwait(false);
 
 				if (isBadBot == true) {
 					Bot.ArchiLogger.LogGenericDebug(string.Format(CultureInfo.CurrentCulture, Strings.BotTradeOfferResult, tradeOffer.TradeOfferID, ParseTradeResult.EResult.Blacklisted, $"{nameof(tradeOffer.OtherSteamID64)} {tradeOffer.OtherSteamID64}"));