Fix race condition in content exclusion that causes intermittent bypass

Concurrent isIgnored() calls could cache stale 'not ignored' results
when a content exclusion rule fetch was in progress. This happened
because:

1. After yielding at getRepositoryFetchUrls, a concurrent caller could
   have already started a fetch and seeded the cache with empty patterns.
   The current caller would skip the fetch (patterns already seeded,
   lastRuleFetch just set) and match against empty rules.

2. The glob result cache was only cleared at the start of the fetch, so
   any 'false' entries written during the fetch window persisted until
   the next 30-minute refresh.

Fix:
- Re-check _contentExclusionFetchPromise after the getRepositoryFetchUrls
  yield point and wait for any in-progress fetch before pattern matching.
- Clear both glob and regex result caches at the end of the fetch to
  invalidate stale entries written by concurrent callers.

Fixes github/Copilot-Controls#650

Author: ulugbekna

extensions/copilot/src/platform/ignore/node/remoteContentExclusion.ts

@@ -124,6 +124,11 @@ export class RemoteContentExclusion implements IDisposable {
 			this._logService.trace(`Fetching content exclusions, due to ${this.shouldFetchContentExclusionRules(repoMetadata) ? 'repository change' : 'stale cache'}.`);
 			this._lastRuleFetch = Date.now();
 			await raceCancellationError(this.makeContentExclusionRequest(), token);
+		} else if (this._contentExclusionFetchPromise) {
+			// A concurrent caller may have started a fetch while we were awaiting
+			// getRepositoryFetchUrls above. Wait for it to complete so we match
+			// against the actual rules instead of the empty seed entries.
+			await raceCancellationError(this._contentExclusionFetchPromise, token);
 		}
 
 		const minimatchConfig = {
@@ -259,7 +264,9 @@ export class RemoteContentExclusion implements IDisposable {
 	 * Not recommended to call directly and instead use {@link makeContentExclusionRequest} as that ensures only one call is pending at any time
 	 */
 	private async _contentExclusionRequest(): Promise<void> {
-		// Clear the result cache as new rules will come and therefore it is no longer valid
+		// Clear the result cache as new rules will come and therefore it is no longer valid.
+		// Note: we clear again at the end of this method to invalidate any stale entries
+		// written by concurrent isIgnored() calls that ran while the fetch was in flight.
 		this._ignoreGlobResultCache.clear();
 		const startTime = Date.now();
 		const capiClientService = this._capiClientService;
@@ -300,6 +307,10 @@ export class RemoteContentExclusion implements IDisposable {
 			await updateRulesForRepos(batch);
 		}
 		this._lastRuleFetch = Date.now();
+		// Clear result caches again to invalidate any stale entries written by concurrent
+		// isIgnored() calls that matched against the empty seed entries during the fetch.
+		this._ignoreGlobResultCache.clear();
+		this._ignoreRegexResultCache.clear();
 		this._logService.info(`Fetched content exclusion rules in ${Date.now() - startTime}ms`);
 
 		// Log the fetched rules to the request logger for debugging visibility

extensions/copilot/src/platform/ignore/node/test/remoteContentExclusion.spec.ts

@@ -5,6 +5,7 @@
 
 import { beforeEach, describe, expect, suite, test, vi } from 'vitest';
 import { CancellationToken } from '../../../../util/vs/base/common/cancellation';
+import { Barrier } from '../../../../util/vs/base/common/async';
 import { URI } from '../../../../util/vs/base/common/uri';
 import { IAuthenticationService } from '../../../authentication/common/authentication';
 import { ICAPIClientService } from '../../../endpoint/common/capiClient';
@@ -232,4 +233,80 @@ suite('RemoteContentExclusion', () => {
 			expect(mockGitService.getRepositoryFetchUrlsCallCount).toBe(0);
 		});
 	});
+
+	describe('concurrent isIgnored calls', () => {
+		test('should not cache false for files that match rules fetched by a concurrent call', async () => {
+			// This test reproduces the race condition where:
+			// 1. Call A enters isIgnored, yields at getRepositoryFetchUrls
+			// 2. Call B enters isIgnored, yields at getRepositoryFetchUrls
+			// 3. Call A resumes, triggers content exclusion fetch, yields at network request
+			// 4. Call B resumes, finds empty seed patterns, must NOT cache "false"
+			const repoRoot = '/workspace/my-repo';
+
+			// Use a barrier to control when getRepositoryFetchUrls resolves,
+			// ensuring both calls are in-flight before either proceeds.
+			const gitBarrier = new Barrier();
+			let gitCallCount = 0;
+			mockGitService.getRepositoryFetchUrls = vi.fn().mockImplementation(() => {
+				gitCallCount++;
+				return gitBarrier.wait().then(() => ({
+					rootUri: URI.file(repoRoot),
+					remoteFetchUrls: ['https://github.com/org/repo.git']
+				}));
+			});
+
+			// Set up the CAPI mock to return exclusion rules with a pattern that matches.
+			// The response is an array — one entry per repo URL requested.
+			// Use **/keyword/** to match any file inside a keyword/ directory.
+			mockCAPIClientService.setMockResponse({
+				ok: true,
+				json: () => Promise.resolve([{
+					rules: [{ paths: ['**/keyword/**'], source: { name: 'org', type: 'Organization' } }],
+					last_updated_at: Date.now()
+				}]),
+			} as any);
+
+			const fileA = URI.file('/workspace/my-repo/keyword/keyword.py');
+			const fileB = URI.file('/workspace/my-repo/keyword/extra.py');
+
+			// Start both isIgnored calls concurrently (both will block at getRepositoryFetchUrls)
+			const resultA = remoteContentExclusion.isIgnored(fileA, CancellationToken.None);
+			const resultB = remoteContentExclusion.isIgnored(fileB, CancellationToken.None);
+
+			// Both calls should be waiting at the git barrier
+			expect(gitCallCount).toBe(2);
+
+			// Release the barrier — both calls proceed
+			gitBarrier.open();
+
+			// Both files should be correctly identified as ignored
+			expect(await resultA).toBe(true);
+			expect(await resultB).toBe(true);
+		});
+
+		test('should correctly exclude files when rules arrive after concurrent calls start', async () => {
+			// Similar to above but with the non-git-file path (no repository)
+			mockGitService.setRepositoryFetchUrls(undefined);
+
+			// Use a barrier to control when the CAPI request resolves
+			const capiBarrier = new Barrier();
+			mockCAPIClientService.setMockResponse({
+				ok: true,
+				json: () => capiBarrier.wait().then(() => [{
+					rules: [{ paths: ['**/secret/**'], source: { name: 'org', type: 'Organization' } }],
+					last_updated_at: Date.now()
+				}]),
+			} as any);
+
+			const secretFile = URI.file('/project/secret/config.py');
+
+			// Start isIgnored — it will trigger a fetch that blocks on the capiBarrier
+			const resultPromise = remoteContentExclusion.isIgnored(secretFile, CancellationToken.None);
+
+			// Release CAPI response so rules load
+			capiBarrier.open();
+
+			expect(await resultPromise).toBe(true);
+		});
+	});
 });