mirror of
https://github.com/kuhyx/steam-backlog-enforcer.git
synced 2026-07-04 15:43:09 +02:00
Harden runtime script deployment and enforce installer safety
This commit is contained in:
parent
b9f31a159c
commit
e4f398e8fd
@ -9,6 +9,8 @@ import shutil
|
|||||||
import signal
|
import signal
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
from python_pkg.steam_backlog_enforcer.game_install import PROTECTED_APP_IDS
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
@ -58,6 +60,8 @@ def enforce_allowed_game(
|
|||||||
# Skip Steam client itself (app_id 0 or very low IDs).
|
# Skip Steam client itself (app_id 0 or very low IDs).
|
||||||
if app_id == 0:
|
if app_id == 0:
|
||||||
continue
|
continue
|
||||||
|
if app_id in PROTECTED_APP_IDS:
|
||||||
|
continue
|
||||||
|
|
||||||
violations.append((pid, app_id))
|
violations.append((pid, app_id))
|
||||||
if kill_unauthorized:
|
if kill_unauthorized:
|
||||||
|
|||||||
@ -85,6 +85,7 @@ PROTECTED_APP_IDS = {
|
|||||||
2252570,
|
2252570,
|
||||||
220200,
|
220200,
|
||||||
3527290, # Peak
|
3527290, # Peak
|
||||||
|
1331550,
|
||||||
}
|
}
|
||||||
|
|
||||||
STEAMAPPS_PATH = Path("~/.local/share/Steam/steamapps").expanduser()
|
STEAMAPPS_PATH = Path("~/.local/share/Steam/steamapps").expanduser()
|
||||||
|
|||||||
@ -10,7 +10,7 @@ ExecStart=/usr/bin/python3 -m python_pkg.steam_backlog_enforcer.main enforce
|
|||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
Environment=PYTHONUNBUFFERED=1
|
Environment=PYTHONUNBUFFERED=1
|
||||||
Environment=PYTHONPATH=/home/kuhy/.local/lib/python3.14/site-packages
|
Environment=PYTHONPATH=/home/kuhy/testsAndMisc:/home/kuhy/.local/lib/python3.14/site-packages
|
||||||
Environment=HOME=/home/kuhy
|
Environment=HOME=/home/kuhy
|
||||||
# Hardening: enforcer must not be easily killed.
|
# Hardening: enforcer must not be easily killed.
|
||||||
OOMScoreAdjust=-900
|
OOMScoreAdjust=-900
|
||||||
|
|||||||
@ -133,6 +133,25 @@ class TestEnforceAllowedGame:
|
|||||||
result = enforce_allowed_game(None, kill_unauthorized=True)
|
result = enforce_allowed_game(None, kill_unauthorized=True)
|
||||||
assert result == []
|
assert result == []
|
||||||
|
|
||||||
|
def test_skips_protected_app_id(self) -> None:
|
||||||
|
"""Protected IDs must never be killed even if not the assigned game."""
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"python_pkg.steam_backlog_enforcer.enforcer.get_running_steam_game_pids",
|
||||||
|
return_value={100: 1331550, 200: 440},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"python_pkg.steam_backlog_enforcer.enforcer.PROTECTED_APP_IDS",
|
||||||
|
{1331550},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"python_pkg.steam_backlog_enforcer.enforcer.kill_process"
|
||||||
|
) as mock_kill,
|
||||||
|
):
|
||||||
|
result = enforce_allowed_game(440, kill_unauthorized=True)
|
||||||
|
assert result == []
|
||||||
|
mock_kill.assert_not_called()
|
||||||
|
|
||||||
|
|
||||||
class TestKillProcess:
|
class TestKillProcess:
|
||||||
"""Tests for kill_process."""
|
"""Tests for kill_process."""
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user