Type
bug
Severity
high
Area
customer_fingerprint.py
Description
CustomerFingerprinter methods that mutate self.customers (such as ensure_generated_customer, save_customers_config, and list append/remove operations in customer handlers) have no thread synchronization. Flask-SocketIO serves multiple clients concurrently, so multiple scans or customer operations can corrupt the customer list through interleaved reads and writes.
Specific scenarios:
- Two concurrent auto-scans both call
ensure_generated_customer for the same network, creating duplicate entries
save_customers_config is called while another thread is mid-mutation, serializing a partially-updated listdelete_customer modifies the list while another thread is iterating it
Proposed Fix
Add a threading.Lock to CustomerFingerprinter and acquire it around all mutations:
class CustomerFingerprinter:
def __init__(self):
self._lock = threading.Lock()
# ...
def ensure_generated_customer(self, network_key):
with self._lock:
# existing logic
def save_customers_config(self):
with self._lock:
# existing logicRelated Issues
#175 (RateLimiter thread safety — closed)
Type
bug
Severity
high
Area
customer_fingerprint.pyDescription
CustomerFingerprintermethods that mutateself.customers(such asensure_generated_customer,save_customers_config, and list append/remove operations in customer handlers) have no thread synchronization. Flask-SocketIO serves multiple clients concurrently, so multiple scans or customer operations can corrupt the customer list through interleaved reads and writes.Specific scenarios:
ensure_generated_customerfor the same network, creating duplicate entriessave_customers_configis called while another thread is mid-mutation, serializing a partially-updated listdelete_customermodifies the list while another thread is iterating itProposed Fix
Add a
threading.LocktoCustomerFingerprinterand acquire it around all mutations:Related Issues
#175 (RateLimiter thread safety — closed)