mvt-project
diff --git a/‎acquisition/acquisition.go‎
Lines changed: 83 additions & 20 deletions b/‎acquisition/acquisition.go‎
Lines changed: 83 additions & 20 deletions
diff --git a/‎acquisition/secure.go‎
Lines changed: 132 additions & 47 deletions b/‎acquisition/secure.go‎
Lines changed: 132 additions & 47 deletions
@@ -21,6 +21,7 @@ import (
 	"github.com/mvt-project/androidqf/assets"
 	"github.com/mvt-project/androidqf/log"
 	"github.com/mvt-project/androidqf/utils"
+	"github.com/spf13/afero"
 )
 
 // Acquisition is the main object containing all phone information
@@ -35,6 +36,9 @@ type Acquisition struct {
 	SdCard           string         `json:"sdcard"`
 	Cpu              string         `json:"cpu"`
 	closeLog         func()         `json:"-"`
+	Fs               afero.Fs       `json:"-"`
+	UseMemoryFs      bool           `json:"use_memory_fs"`
+	KeyFilePresent   bool           `json:"key_file_present"`
 }
 
 // New returns a new Acquisition instance.
@@ -50,21 +54,53 @@ func New(path string) (*Acquisition, error) {
 	} else {
 		acq.StoragePath = path
 	}
-	// Check if the path exist
-	stat, err := os.Stat(acq.StoragePath)
-	if os.IsNotExist(err) {
-		err := os.Mkdir(acq.StoragePath, 0o755)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create acquisition folder: %v", err)
+
+	// Check if key.txt is present
+	keyFilePath := filepath.Join(rt.GetExecutableDirectory(), "key.txt")
+	if _, err := os.Stat(keyFilePath); err == nil {
+		acq.KeyFilePresent = true
+		log.Info("Key file detected, checking available memory for secure processing...")
+
+		// Check if we have enough memory (4GB) and key file is present
+		if utils.HasSufficientMemory() {
+			acq.UseMemoryFs = true
+			acq.Fs = afero.NewMemMapFs()
+			log.Info("Using in-memory filesystem for secure data processing")
+
+			// Create the directory structure in memory
+			err := acq.Fs.MkdirAll(acq.StoragePath, 0o755)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create acquisition folder in memory: %v", err)
+			}
+		} else {
+			log.Warning("Insufficient memory for in-memory processing, falling back to disk-based storage")
+			acq.UseMemoryFs = false
+			acq.Fs = afero.NewOsFs()
 		}
 	} else {
-		if !stat.IsDir() {
-			return nil, fmt.Errorf("path exist and is not a folder")
+		acq.KeyFilePresent = false
+		acq.UseMemoryFs = false
+		acq.Fs = afero.NewOsFs()
+		log.Debug("No key file present, using standard disk-based storage")
+	}
+
+	// For disk-based filesystem, ensure the directory exists
+	if !acq.UseMemoryFs {
+		stat, err := os.Stat(acq.StoragePath)
+		if os.IsNotExist(err) {
+			err := os.Mkdir(acq.StoragePath, 0o755)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create acquisition folder: %v", err)
+			}
+		} else {
+			if !stat.IsDir() {
+				return nil, fmt.Errorf("path exist and is not a folder")
+			}
 		}
 	}
 
 	// Get system information first to get tmp folder
-	err = acq.GetSystemInformation()
+	err := acq.GetSystemInformation()
 	if err != nil {
 		return nil, err
 	}
@@ -76,9 +112,20 @@ func New(path string) (*Acquisition, error) {
 	}
 	acq.Collector = coll
 
-	// Init logging file
+	// Init logging file - always use OS filesystem for logging to ensure it persists
 	logPath := filepath.Join(acq.StoragePath, "command.log")
-	closeLog, err := log.EnableFileLog(log.DEBUG, logPath)
+	var closeLog func()
+	if acq.UseMemoryFs {
+		// For memory filesystem, we still want logs to persist on disk
+		// Create the directory on disk if it doesn't exist
+		if _, err := os.Stat(acq.StoragePath); os.IsNotExist(err) {
+			err := os.MkdirAll(acq.StoragePath, 0o755)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create logging directory: %v", err)
+			}
+		}
+	}
+	closeLog, err = log.EnableFileLog(log.DEBUG, logPath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to enable file logging: %v", err)
 	}
@@ -146,7 +193,7 @@ func (a *Acquisition) GetSystemInformation() error {
 func (a *Acquisition) HashFiles() error {
 	log.Info("Generating list of files hashes...")
 
-	csvFile, err := os.Create(filepath.Join(a.StoragePath, "hashes.csv"))
+	csvFile, err := a.Fs.Create(filepath.Join(a.StoragePath, "hashes.csv"))
 	if err != nil {
 		return err
 	}
@@ -155,20 +202,36 @@ func (a *Acquisition) HashFiles() error {
 	csvWriter := csv.NewWriter(csvFile)
 	defer csvWriter.Flush()
 
-	_ = filepath.Walk(a.StoragePath, func(filePath string, fileInfo os.FileInfo, err error) error {
+	err = afero.Walk(a.Fs, a.StoragePath, func(filePath string, fileInfo os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
 
 		if fileInfo.IsDir() {
 			return nil
 		}
-		// Makes files read only
-		os.Chmod(filePath, 0o400)
 
-		sha256, err := hashes.FileSHA256(filePath)
-		if err != nil {
-			return err
+		// For disk-based filesystem, make files read only
+		if !a.UseMemoryFs {
+			os.Chmod(filePath, 0o400)
+		}
+
+		// For memory filesystem, we need to read the file and calculate hash manually
+		var sha256 string
+		if a.UseMemoryFs {
+			content, err := afero.ReadFile(a.Fs, filePath)
+			if err != nil {
+				return err
+			}
+			sha256, err = hashes.StringSHA256(string(content))
+			if err != nil {
+				return err
+			}
+		} else {
+			sha256, err = hashes.FileSHA256(filePath)
+			if err != nil {
+				return err
+			}
 		}
 
 		err = csvWriter.Write([]string{filePath, sha256})
@@ -179,7 +242,7 @@ func (a *Acquisition) HashFiles() error {
 		return nil
 	})
 
-	return nil
+	return err
 }
 
 func (a *Acquisition) StoreInfo() error {
@@ -193,7 +256,7 @@ func (a *Acquisition) StoreInfo() error {
 
 	infoPath := filepath.Join(a.StoragePath, "acquisition.json")
 
-	err = os.WriteFile(infoPath, info, 0o644)
+	err = afero.WriteFile(a.Fs, infoPath, info, 0o644)
 	if err != nil {
 		return fmt.Errorf("failed to write acquisition details to file: %v",
 			err)
 
@@ -16,9 +16,66 @@ import (
 	"filippo.io/age"
 	saveRuntime "github.com/botherder/go-savetime/runtime"
 	"github.com/mvt-project/androidqf/log"
+	"github.com/spf13/afero"
 )
 
-func createZipFile(sourceDir, zipPath string) error {
+// createZipFromFs creates a zip file from any afero filesystem
+func createZipFromFs(fs afero.Fs, sourceDir string, writer io.Writer) error {
+	zipWriter := zip.NewWriter(writer)
+	defer zipWriter.Close()
+
+	// Walk the filesystem and add all files to the zip
+	err := afero.Walk(fs, sourceDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Skip directories
+		if info.IsDir() {
+			return nil
+		}
+
+		// Get relative path from sourceDir
+		relPath, err := filepath.Rel(sourceDir, path)
+		if err != nil {
+			return err
+		}
+
+		// Create the file header
+		header, err := zip.FileInfoHeader(info)
+		if err != nil {
+			return err
+		}
+		header.Name = filepath.ToSlash(relPath) // Ensure forward slashes for zip compatibility
+		header.Method = zip.Deflate
+
+		// Create the file in the zip
+		writer, err := zipWriter.CreateHeader(header)
+		if err != nil {
+			return err
+		}
+
+		// Read the file content from the filesystem
+		file, err := fs.Open(path)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+
+		// Copy file content to zip
+		_, err = io.Copy(writer, file)
+		return err
+	})
+
+	if err != nil {
+		return fmt.Errorf("failed to walk filesystem: %v", err)
+	}
+
+	return zipWriter.Close()
+}
+
+// createZipFromDisk creates a zip file from disk (legacy approach)
+func createZipFromDisk(sourceDir, zipPath string) error {
 	zipFile, err := os.Create(zipPath)
 	if err != nil {
 		return fmt.Errorf("failed to create ZIP file: %v", err)
@@ -39,83 +96,111 @@ func createZipFile(sourceDir, zipPath string) error {
 }
 
 func (a *Acquisition) StoreSecurely() error {
-	cwd := saveRuntime.GetExecutableDirectory()
-
-	keyFilePath := filepath.Join(cwd, "key.txt")
-	if _, err := os.Stat(keyFilePath); os.IsNotExist(err) {
+	// Only proceed if key file is present
+	if !a.KeyFilePresent {
 		return nil
 	}
 
-	log.Info("You provided an age public key, storing the acquisition securely.")
-
-	zipFileName := fmt.Sprintf("%s.zip", a.UUID)
-	zipFilePath := filepath.Join(cwd, zipFileName)
+	log.Info("Age public key detected, storing the acquisition securely.")
 
-	log.Info("Compressing the acquisition folder. This might take a while...")
-
-	err := createZipFile(a.StoragePath, zipFilePath)
-	if err != nil {
-		return err
-	}
-
-	log.Info("Encrypting the compressed archive. This might take a while...")
+	cwd := saveRuntime.GetExecutableDirectory()
+	keyFilePath := filepath.Join(cwd, "key.txt")
 
+	// Read the public key
 	publicKey, err := os.ReadFile(keyFilePath)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to read key file: %v", err)
 	}
 	publicKeyStr := strings.TrimSpace(string(publicKey))
 
+	// Parse the age recipient
 	recipient, err := age.ParseX25519Recipient(publicKeyStr)
 	if err != nil {
 		return fmt.Errorf("failed to parse public key %q: %v", publicKeyStr, err)
 	}
 
-	zipFile, err := os.Open(zipFilePath)
-	if err != nil {
-		return err
-	}
-	defer zipFile.Close()
-
-	encFileName := fmt.Sprintf("%s.age", zipFileName)
+	// Create the encrypted file
+	encFileName := fmt.Sprintf("%s.age", a.UUID)
 	encFilePath := filepath.Join(cwd, encFileName)
-	encFile, err := os.OpenFile(encFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o600)
+	encFile, err := os.OpenFile(encFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return fmt.Errorf("unable to create encrypted file: %v", err)
 	}
 	defer encFile.Close()
 
-	w, err := age.Encrypt(encFile, recipient)
+	// Create age encryptor
+	ageWriter, err := age.Encrypt(encFile, recipient)
 	if err != nil {
-		return fmt.Errorf("failed to create encrypted file: %v", err)
+		return fmt.Errorf("failed to create age encryptor: %v", err)
 	}
 
-	_, err = io.Copy(w, zipFile)
-	if err != nil {
-		return fmt.Errorf("failed to write to encrypted file: %v", err)
+	if a.UseMemoryFs {
+		log.Info("Compressing and encrypting acquisition data from memory. This might take a while...")
+
+		// Create zip directly from memory filesystem and encrypt it
+		err = createZipFromFs(a.Fs, a.StoragePath, ageWriter)
+		if err != nil {
+			return fmt.Errorf("failed to create encrypted zip from memory: %v", err)
+		}
+	} else {
+		log.Info("Compressing the acquisition folder. This might take a while...")
+
+		// Create temporary zip file on disk first
+		zipFileName := fmt.Sprintf("%s.zip", a.UUID)
+		zipFilePath := filepath.Join(cwd, zipFileName)
+
+		err := createZipFromDisk(a.StoragePath, zipFilePath)
+		if err != nil {
+			return fmt.Errorf("failed to create zip file: %v", err)
+		}
+
+		log.Info("Encrypting the compressed archive. This might take a while...")
+
+		// Read the zip file and encrypt it
+		zipFile, err := os.Open(zipFilePath)
+		if err != nil {
+			return fmt.Errorf("failed to open zip file: %v", err)
+		}
+
+		_, err = io.Copy(ageWriter, zipFile)
+		zipFile.Close()
+
+		if err != nil {
+			return fmt.Errorf("failed to encrypt zip file: %v", err)
+		}
+
+		// Remove the temporary unencrypted zip file
+		err = os.Remove(zipFilePath)
+		if err != nil {
+			log.Warningf("Failed to remove temporary zip file: %v", err)
+		}
 	}
 
-	if err := w.Close(); err != nil {
+	// Close the age writer
+	if err := ageWriter.Close(); err != nil {
 		return fmt.Errorf("failed to close encrypted file: %v", err)
 	}
 
 	log.Infof("Acquisition successfully encrypted at %s", encFilePath)
 
-	// TODO: we should securely wipe the files.
-	zipFile.Close()
-	err = os.Remove(zipFilePath)
-	if err != nil {
-		return fmt.Errorf("failed to delete the unencrypted compressed archive: %v", err)
-	}
-
-	// Ensure log file is closed before removing the acquisition directory
-	if a.closeLog != nil {
-		defer a.closeLog()
-	}
-
-	err = os.RemoveAll(a.StoragePath)
-	if err != nil {
-		return fmt.Errorf("failed to delete the original unencrypted acquisition folder: %v", err)
+	// Clean up based on filesystem type
+	if a.UseMemoryFs {
+		log.Info("Clearing in-memory data...")
+		// For memory filesystem, we just need to ensure the log is closed
+		// The memory will be freed when the filesystem is dereferenced
+	} else {
+		log.Info("Removing unencrypted acquisition folder...")
+		// Ensure log file is closed before removing the acquisition directory
+		if a.closeLog != nil {
+			a.closeLog()
+			a.closeLog = nil // Prevent double-close
+		}
+
+		// Remove the original unencrypted folder
+		err = os.RemoveAll(a.StoragePath)
+		if err != nil {
+			return fmt.Errorf("failed to delete the original unencrypted acquisition folder: %v", err)
+		}
 	}
 
 	return nil