From 321ddbd8f043996f620cc2f30271360d7ef4bc24 Mon Sep 17 00:00:00 2001 From: codeking Date: Wed, 5 Nov 2025 17:54:39 +0100 Subject: [PATCH] Add support for security incident artifact compilation --- core/Constants.py | 1 + core/controllers/ProfileController.py | 2 ++ core/models/BaseProfile.py | 21 +++++++++++++++++++++ core/models/session/SessionProfile.py | 5 +++++ core/models/system/SystemProfile.py | 5 +++++ 5 files changed, 34 insertions(+) diff --git a/core/Constants.py b/core/Constants.py index 4658ed5..342a62c 100644 --- a/core/Constants.py +++ b/core/Constants.py @@ -34,6 +34,7 @@ class Constants: HV_PROFILE_DATA_HOME: Final[str] = f'{HV_DATA_HOME}/profiles' HV_APPLICATION_DATA_HOME: Final[str] = f'{HV_DATA_HOME}/applications' + HV_INCIDENT_DATA_HOME: Final[str] = f'{HV_DATA_HOME}/incidents' HV_RUNTIME_DATA_HOME: Final[str] = f'{HV_DATA_HOME}/runtime' HV_SESSION_STATE_HOME: Final[str] = f'{HV_STATE_HOME}/sessions' diff --git a/core/controllers/ProfileController.py b/core/controllers/ProfileController.py index e64f16a..618a197 100644 --- a/core/controllers/ProfileController.py +++ b/core/controllers/ProfileController.py @@ -249,6 +249,8 @@ class ProfileController: except EndpointVerificationError as error: if not EndpointVerificationError in ignore: + + profile.address_security_incident() raise error @staticmethod diff --git a/core/models/BaseProfile.py b/core/models/BaseProfile.py index 0949be4..cf1f65a 100644 --- a/core/models/BaseProfile.py +++ b/core/models/BaseProfile.py @@ -6,11 +6,13 @@ from core.models.session.ApplicationVersion import ApplicationVersion from dataclasses import dataclass, field, asdict from dataclasses_json import config, Exclude, dataclass_json from json import JSONDecodeError +from pathlib import Path from typing import Optional, Self import json import os import re import shutil +import tempfile @dataclass_json @@ -27,6 +29,10 @@ class BaseProfile(ABC): def get_wireguard_configuration_path(self): pass + @abstractmethod + def has_wireguard_configuration(self): + pass + def get_config_path(self): return BaseProfile.__get_config_path(self.id) @@ -109,6 +115,21 @@ class BaseProfile(ABC): except FileNotFoundError: return None + def address_security_incident(self): + + if self.has_wireguard_configuration(): + + wireguard_configuration_path = Path(self.get_wireguard_configuration_path()) + + incident_data_path = Path(Constants.HV_INCIDENT_DATA_HOME) + incident_data_path.mkdir(parents=True, exist_ok=True) + + incident_path = Path(tempfile.mkdtemp(dir=incident_data_path, prefix='')) + incident_wireguard_configuration_path = f'{incident_path}/{wireguard_configuration_path.name}' + + shutil.copy2(wireguard_configuration_path, incident_wireguard_configuration_path) + os.chmod(incident_wireguard_configuration_path, 0o664) + def _get_dirty_keys(self: Self): reference = BaseProfile.find_by_id(self.id) diff --git a/core/models/session/SessionProfile.py b/core/models/session/SessionProfile.py index dc6ec35..03fd0bc 100644 --- a/core/models/session/SessionProfile.py +++ b/core/models/session/SessionProfile.py @@ -87,6 +87,11 @@ class SessionProfile(BaseProfile): def has_wireguard_configuration(self): return os.path.isfile(f'{self.get_config_path()}/wg.conf') + def address_security_incident(self): + + super().address_security_incident() + self.__delete_wireguard_configuration() + def determine_timezone(self): time_zone = None diff --git a/core/models/system/SystemProfile.py b/core/models/system/SystemProfile.py index cd1e2a2..9ad387a 100644 --- a/core/models/system/SystemProfile.py +++ b/core/models/system/SystemProfile.py @@ -55,6 +55,11 @@ class SystemProfile(BaseProfile): def has_wireguard_configuration(self): return os.path.isfile(f'{self.get_system_config_path()}/wg.conf') + def address_security_incident(self): + + super().address_security_incident() + self.__delete_wireguard_configuration() + def delete(self): try: