Misc. security improvements (#3200)

* Add x-security-critical to swagger schema and do not serialize LicenseID on IPC * Apply feedback * Misc.
JustArchiNET · May 10, 2024 · 81789c7 · 81789c7
1 parent dfa6330
commit 81789c7
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 2 deletions.
diff --git a/ArchiSteamFarm/IPC/Integration/SwaggerSecurityCriticalAttribute.cs b/ArchiSteamFarm/IPC/Integration/SwaggerSecurityCriticalAttribute.cs
@@ -0,0 +1,45 @@
+// ----------------------------------------------------------------------------------------------
+//     _                _      _  ____   _                           _____
+//    / \    _ __  ___ | |__  (_)/ ___| | |_  ___   __ _  _ __ ___  |  ___|__ _  _ __  _ __ ___
+//   / _ \  | '__|/ __|| '_ \ | |\___ \ | __|/ _ \ / _` || '_ ` _ \ | |_  / _` || '__|| '_ ` _ \
+//  / ___ \ | |  | (__ | | | || | ___) || |_|  __/| (_| || | | | | ||  _|| (_| || |   | | | | | |
+// /_/   \_\|_|   \___||_| |_||_||____/  \__|\___| \__,_||_| |_| |_||_|   \__,_||_|   |_| |_| |_|
+// ----------------------------------------------------------------------------------------------
+// |
+// Copyright 2015-2024 Łukasz "JustArchi" Domeradzki
+// Contact: [email protected]
+// |
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// |
+// http://www.apache.org/licenses/LICENSE-2.0
+// |
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using JetBrains.Annotations;
+using Microsoft.OpenApi.Any;
+using Microsoft.OpenApi.Extensions;
+using Microsoft.OpenApi.Models;
+
+namespace ArchiSteamFarm.IPC.Integration;
+
+[PublicAPI]
+public sealed class SwaggerSecurityCriticalAttribute : CustomSwaggerAttribute {
+	private const string ExtensionName = "x-security-critical";
+
+	public override void Apply(OpenApiSchema schema) {
+		ArgumentNullException.ThrowIfNull(schema);
+
+		if (schema.Items is { Reference: null }) {
+			schema.Items.AddExtension(ExtensionName, new OpenApiBoolean(true));
+		} else {
+			schema.AddExtension(ExtensionName, new OpenApiBoolean(true));
+		}
+	}
+}
diff --git a/ArchiSteamFarm/Steam/Storage/BotConfig.cs b/ArchiSteamFarm/Steam/Storage/BotConfig.cs
@@ -232,6 +232,7 @@ internal set {
 	}
 
 	[JsonInclude]
+	[SwaggerSecurityCritical]
 	public string? SteamPassword {
 		get => BackingSteamPassword;
 

diff --git a/ArchiSteamFarm/Storage/GlobalConfig.cs b/ArchiSteamFarm/Storage/GlobalConfig.cs
@@ -251,6 +251,7 @@ public WebProxy? WebProxy {
 	public bool IPC { get; private init; } = DefaultIPC;
 
 	[JsonInclude]
+	[SwaggerSecurityCritical]
 	public string? IPCPassword {
 		get => BackingIPCPassword;
 
@@ -265,7 +266,15 @@ internal set {
 
 	[JsonConverter(typeof(GuidJsonConverter))]
 	[JsonInclude]
-	public Guid? LicenseID { get; private init; } = DefaultLicenseID;
+	[SwaggerSecurityCritical]
+	public Guid? LicenseID {
+		get => BackingLicenseID;
+
+		private set {
+			IsLicenseIdSet = true;
+			BackingLicenseID = value;
+		}
+	}
 
 	[JsonInclude]
 	[Range(byte.MinValue, byte.MaxValue)]
@@ -327,6 +336,8 @@ internal set {
 	[JsonInclude]
 	public string? WebProxyUsername { get; private init; } = DefaultWebProxyUsername;
 
+	internal bool IsLicenseIdSet;
+
 	[JsonExtensionData]
 	[JsonInclude]
 	internal Dictionary<string, JsonElement>? AdditionalProperties { get; set; }
@@ -337,6 +348,7 @@ internal set {
 	internal bool Saving { get; set; }
 
 	[JsonInclude]
+	[SwaggerSecurityCritical]
 	internal string? WebProxyPassword {
 		get => BackingWebProxyPassword;
 
@@ -347,6 +359,8 @@ internal string? WebProxyPassword {
 	}
 
 	private string? BackingIPCPassword = DefaultIPCPassword;
+
+	private Guid? BackingLicenseID = DefaultLicenseID;
 	private WebProxy? BackingWebProxy;
 	private string? BackingWebProxyPassword = DefaultWebProxyPassword;
 
@@ -419,7 +433,7 @@ internal GlobalConfig() { }
 	public bool ShouldSerializeIPCPasswordFormat() => !Saving || (IPCPasswordFormat != DefaultIPCPasswordFormat);
 
 	[UsedImplicitly]
-	public bool ShouldSerializeLicenseID() => !Saving || ((LicenseID != DefaultLicenseID) && (LicenseID != Guid.Empty));
+	public bool ShouldSerializeLicenseID() => Saving && IsLicenseIdSet && (LicenseID != DefaultLicenseID) && (LicenseID != Guid.Empty);
 
 	[UsedImplicitly]
 	public bool ShouldSerializeLoginLimiterDelay() => !Saving || (LoginLimiterDelay != DefaultLoginLimiterDelay);