Skip to content

fix: add lock on config.yaml to prevent TOCTOU coruption#50

Merged
Zack (Zackaryia) merged 4 commits into
mainfrom
zshamsi/fix-config-filelock
May 26, 2026
Merged

fix: add lock on config.yaml to prevent TOCTOU coruption#50
Zack (Zackaryia) merged 4 commits into
mainfrom
zshamsi/fix-config-filelock

Conversation

@Zackaryia
Copy link
Copy Markdown
Contributor

@Zackaryia Zack (Zackaryia) commented May 21, 2026

Add race_test.go that demonstrates IIP-20714: multiple concurrent read-modify-write cycles on config.yaml without file locking causes invalid YAML, empty file reads, and silent data loss.

@Zackaryia Zack (Zackaryia) changed the title test: reproduce config file corruption from concurrent CLI instances fix: add lock on config.yaml to prevent TOCTOU coruption May 21, 2026
@Zackaryia
test: reproduce config file corruption from concurrent CLI instances
c41a0e0 
Add race_test.go that demonstrates IIP-20714: multiple concurrent
read-modify-write cycles on config.yaml without file locking causes
invalid YAML, empty file reads, and silent data loss.
@Zackaryia Zack (Zackaryia) force-pushed the zshamsi/fix-config-filelock branch 2 times, most recently from 7b5b0e5 to f13abb7 Compare May 22, 2026 16:05
@Zackaryia
fix: add cross-process file lock to prevent config.yaml corruption
378f62c 
Concurrent CLI invocations race on config.yaml through the non-atomic
read-modify-write in New() (viper.WriteConfig + addDocCommentsToYAML).
Wrap the entire critical section in an exclusive flock via gofrs/flock.
@Zackaryia Zack (Zackaryia) force-pushed the zshamsi/fix-config-filelock branch from f13abb7 to 378f62c Compare May 22, 2026 16:09
Zackaryia
Zack (Zackaryia) commented May 22, 2026
View reviewed changes
Comment thread internal/config/config_test.go
Copy link
Copy Markdown
Contributor Author

@Zackaryia Zack (Zackaryia) May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is because the file lock fails before writing fails, so we need to edit the error message. Permission denied makes more sense in context.

btschwartz12
Ben Schwartz (btschwartz12) reviewed May 22, 2026
View reviewed changes
Comment thread internal/config/config.go
btschwartz12
Ben Schwartz (btschwartz12) reviewed May 22, 2026
View reviewed changes
Comment thread internal/config/config.go
btschwartz12
Ben Schwartz (btschwartz12) reviewed May 22, 2026
View reviewed changes
Comment thread internal/config/race_test.go Outdated
btschwartz12
Ben Schwartz (btschwartz12) reviewed May 22, 2026
View reviewed changes
Comment thread internal/config/config_test.go Outdated
@Zackaryia Zack (Zackaryia) marked this pull request as ready for review May 22, 2026 20:52
@Zackaryia Zack (Zackaryia) requested a review from a team as a code owner May 22, 2026 20:52
@Zackaryia
test: tighten readonly_directory assertion to verify lock acquisition…
7186e38 
… path
@Zackaryia
test: allow TestRaceWorker to run standalone as a config.New() smoke …
1327f2b 
…test

Falls back to t.TempDir() when RACE_DATA_DIR is not set, so the test
no longer skips/fatals when run individually or in CI outside of the
race suite.
@Zackaryia Zack (Zackaryia) merged commit 67b58b2 into main May 26, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@btschwartz12 Ben Schwartz (btschwartz12) btschwartz12 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zackaryia @btschwartz12