Skip to content

feat: add FileBackend for filesystem-based caching #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
27Bslash6 merged 1 commit into from
Dec 15, 2025
Merged

feat: add FileBackend for filesystem-based caching #18

27Bslash6 merged 1 commit into from
Dec 15, 2025

Conversation

@27Bslash6
Copy link
Contributor

@27Bslash6 27Bslash6 commented Dec 15, 2025

Summary

Implements a pure Python filesystem cache backend (FileBackend) that provides:

  • BaseBackend protocol compliance - get/set/delete/exists/health_check
  • Thread-safe operations - RLock + fcntl.flock (Unix) / msvcrt.locking (Windows)
  • Atomic writes - write-then-rename pattern prevents torn reads
  • LRU eviction - triggers at 90% capacity, evicts to 70%
  • TTL support - expiration enforcement on read
  • 14-byte versioned header - corruption detection with magic bytes

Security Hardening

Protection Implementation
Path traversal blake2b key hashing
Symlink attacks O_NOFOLLOW on all file opens
TOCTOU races "Ask forgiveness" pattern (no pre-checks)
Symlink in cleanup/eviction lstat() + S_ISREG filter
TTL overflow Bounds validation (0 to 10 years)
Disk exhaustion Entry count limits
Permission leaks Default 0o600/0o700 with warnings

Configuration

Via CACHEKIT_FILE_* environment variables:

  • cache_dir, max_size_mb, max_value_mb
  • max_entry_count, lock_timeout_seconds
  • permissions, dir_permissions

Test Coverage

Suite Tests Coverage
Unit tests 89 91%
Integration 7 Concurrency, atomicity, eviction
Performance 5 Latency benchmarks
Critical 4 Smoke tests

Files Changed

  • src/cachekit/backends/file/ - New backend implementation
  • tests/unit/backends/test_file_*.py - Unit tests
  • tests/integration/test_file_backend_integration.py - Integration tests
  • tests/performance/test_file_backend_perf.py - Benchmarks
  • tests/critical/test_file_backend_critical.py - Critical path tests
  • docs/guides/backend-guide.md - Documentation

Test plan

  • make quick-check passes
  • 91% code coverage on backend.py
  • Security tests for symlink attacks, TOCTOU, TTL overflow
  • Integration tests with 10 concurrent threads
  • Performance benchmarks show acceptable latency

@27Bslash6
feat: add FileBackend for filesystem-based caching
8a87bd6 
Implements a pure Python filesystem cache backend with:

Core Features:
- BaseBackend protocol compliance (get/set/delete/exists/health_check)
- Thread-safe operations via RLock + fcntl.flock/msvcrt.locking
- Atomic writes via write-then-rename pattern
- LRU eviction at 90% capacity to 70% target
- TTL support with expiration enforcement on read
- 14-byte versioned header format for corruption detection

Security Hardening:
- blake2b key hashing prevents path traversal
- O_NOFOLLOW on all file opens prevents symlink attacks
- lstat() in cleanup/eviction prevents symlink manipulation
- ELOOP handling for symlink detection at runtime
- Default permissions 0o600/0o700 with security warnings
- TTL bounds validation (0 to 10 years max)
- Entry count limits prevent disk exhaustion
- TOCTOU elimination via "ask forgiveness" pattern

Configuration (via CACHEKIT_FILE_* env vars):
- cache_dir, max_size_mb, max_value_mb
- max_entry_count, lock_timeout_seconds
- permissions, dir_permissions

Test Coverage:
- 89 unit tests (91% coverage)
- 7 integration tests (concurrency, atomicity, eviction)
- 5 performance benchmarks
- 4 critical path tests
- Security-specific tests for symlink attacks, TOCTOU, TTL overflow
@27Bslash6 27Bslash6 merged commit e73b865 into main Dec 15, 2025
18 checks passed
@cachekit-release-bot cachekit-release-bot bot mentioned this pull request Dec 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@27Bslash6