mirror of
https://github.com/kuhyx/steam-backlog-enforcer.git
synced 2026-07-04 11:43:12 +02:00
Harden runtime script deployment and enforce installer safety
This commit is contained in:
parent
b9f31a159c
commit
e4f398e8fd
@ -9,6 +9,8 @@ import shutil
|
||||
import signal
|
||||
import subprocess
|
||||
|
||||
from python_pkg.steam_backlog_enforcer.game_install import PROTECTED_APP_IDS
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@ -58,6 +60,8 @@ def enforce_allowed_game(
|
||||
# Skip Steam client itself (app_id 0 or very low IDs).
|
||||
if app_id == 0:
|
||||
continue
|
||||
if app_id in PROTECTED_APP_IDS:
|
||||
continue
|
||||
|
||||
violations.append((pid, app_id))
|
||||
if kill_unauthorized:
|
||||
|
||||
@ -85,6 +85,7 @@ PROTECTED_APP_IDS = {
|
||||
2252570,
|
||||
220200,
|
||||
3527290, # Peak
|
||||
1331550,
|
||||
}
|
||||
|
||||
STEAMAPPS_PATH = Path("~/.local/share/Steam/steamapps").expanduser()
|
||||
|
||||
@ -10,7 +10,7 @@ ExecStart=/usr/bin/python3 -m python_pkg.steam_backlog_enforcer.main enforce
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
Environment=PYTHONUNBUFFERED=1
|
||||
Environment=PYTHONPATH=/home/kuhy/.local/lib/python3.14/site-packages
|
||||
Environment=PYTHONPATH=/home/kuhy/testsAndMisc:/home/kuhy/.local/lib/python3.14/site-packages
|
||||
Environment=HOME=/home/kuhy
|
||||
# Hardening: enforcer must not be easily killed.
|
||||
OOMScoreAdjust=-900
|
||||
|
||||
@ -133,6 +133,25 @@ class TestEnforceAllowedGame:
|
||||
result = enforce_allowed_game(None, kill_unauthorized=True)
|
||||
assert result == []
|
||||
|
||||
def test_skips_protected_app_id(self) -> None:
|
||||
"""Protected IDs must never be killed even if not the assigned game."""
|
||||
with (
|
||||
patch(
|
||||
"python_pkg.steam_backlog_enforcer.enforcer.get_running_steam_game_pids",
|
||||
return_value={100: 1331550, 200: 440},
|
||||
),
|
||||
patch(
|
||||
"python_pkg.steam_backlog_enforcer.enforcer.PROTECTED_APP_IDS",
|
||||
{1331550},
|
||||
),
|
||||
patch(
|
||||
"python_pkg.steam_backlog_enforcer.enforcer.kill_process"
|
||||
) as mock_kill,
|
||||
):
|
||||
result = enforce_allowed_game(440, kill_unauthorized=True)
|
||||
assert result == []
|
||||
mock_kill.assert_not_called()
|
||||
|
||||
|
||||
class TestKillProcess:
|
||||
"""Tests for kill_process."""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user