Bug: CustomerFingerprinter has no thread safety on customer data mutations

[techmore]

Type

bug

Severity

high

Area

customer_fingerprint.py

Description

CustomerFingerprinter methods that mutate self.customers (such as ensure_generated_customer, save_customers_config, and list append/remove operations in customer handlers) have no thread synchronization. Flask-SocketIO serves multiple clients concurrently, so multiple scans or customer operations can corrupt the customer list through interleaved reads and writes.

Specific scenarios:

• Two concurrent auto-scans both call ensure_generated_customer for the same network, creating duplicate entries
• save_customers_config is called while another thread is mid-mutation, serializing a partially-updated list
• delete_customer modifies the list while another thread is iterating it

Proposed Fix

Add a threading.Lock to CustomerFingerprinter and acquire it around all mutations:

class CustomerFingerprinter:
    def __init__(self):
        self._lock = threading.Lock()
        # ...
    
    def ensure_generated_customer(self, network_key):
        with self._lock:
            # existing logic
    
    def save_customers_config(self):
        with self._lock:
            # existing logic

Related Issues

#175 (RateLimiter thread safety — closed)