Use atomic file operations to ensure valid downloads

MarcelBochtler · MarcelBochtler · commit a0e293155f73 · 2025-11-28T11:58:10.000+01:00
When downloading and caching files such as Python wheels, eggs, or zip
files, it's crucial to ensure that the files are fully and correctly
written before they are made available for use.
This change implements atomic file operations by writing to a temporary
file first and then renaming it to the target filename once the write is
complete and the file has been validated.
This prevents issues where a partially written or corrupt file could be
read by other processes.

Signed-off-by: Marcel Bochtler &lt;marcel.bochtler@bosch.com&gt;
diff --git a/src/python_inspector/utils_pypi.py b/src/python_inspector/utils_pypi.py
@@ -1725,10 +1725,32 @@ async def get(
             )
             wmode = "w" if as_text else "wb"
 
-            # acquire lock and wait until timeout to get a lock or die
-            with lockfile.FileLock(lock_file).locked(timeout=PYINSP_CACHE_LOCK_TIMEOUT):
-                async with aiofiles.open(cached, mode=wmode) as fo:
-                    await fo.write(content)
+            # Use atomic file operations.
+            temp_file = f"{cached}.tmp.{os.getpid()}"
+
+            try:
+                # acquire lock and wait until timeout to get a lock or die
+                with lockfile.FileLock(lock_file).locked(timeout=PYINSP_CACHE_LOCK_TIMEOUT):
+                    async with aiofiles.open(temp_file, mode=wmode) as fo:
+                        await fo.write(content)
+
+                    # Validate zip files before making them "live"
+                    if not as_text and path_or_url.endswith((".whl", ".egg", ".zip")):
+                        if not zipfile.is_zipfile(temp_file):
+                            raise Exception(
+                                f"Downloaded file is not a valid zip: {path_or_url}\n"
+                                f"Size: {os.path.getsize(temp_file)} bytes"
+                            )
+
+                    # Atomic rename - readers will never see partial/corrupt file
+                    os.rename(temp_file, cached)
+
+            except Exception:
+                # Clean up temp file on any error
+                if os.path.exists(temp_file):
+                    os.remove(temp_file)
+                raise
+
             return content, cached
         else:
             if TRACE_DEEP:
