Workspace: make HeaderCacheService configuration aware

[LeFrosch]

The header cache was designed from the beginning to be configuration aware. This PR fills in the gaps using the target's configuration id.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request completes the implementation of configuration awareness within the HeaderCacheService. By integrating the target's configuration ID into cache directory resolution, header tracking, and error logging, it ensures that cached headers are correctly isolated and managed across different build configurations, thereby enhancing cache integrity and preventing potential conflicts.

Highlights

• Cache Directory Resolution: The cacheDirectory method was updated to resolve the cache path based on the target's configurationId(), ensuring different configurations utilize distinct cache locations.
• Header Tracking Logic: The cacheTracker now incorporates the configurationId() into the key used for tracking headers, preventing potential conflicts when multiple configurations might reference the same header path.
• Enhanced Logging: Logging for failed header caching operations was improved to include the configurationId(), providing more specific context for debugging.

Changelog

• cpp/src/com/google/idea/blaze/cpp/sync/HeaderCacheService.kt
  • Updated cacheDirectory to use configurationId() for path resolution.
  • Modified cacheTracker to include configurationId() in header keys.
  • Added configurationId() to warning logs for cache failures.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request enhances the HeaderCacheService to be configuration aware, ensuring headers are cached and retrieved based on their specific configuration ID to prevent conflicts and improve efficiency. However, the current implementation introduces several Path Traversal vulnerabilities due to a lack of validation for configurationId and other path-related strings obtained from build metadata. This could allow malicious projects to write, delete, or read arbitrary files on the user's system. It is crucial to sanitize these inputs to prevent traversal characters (e.g., ..) and ensure resolved paths remain within the intended cache directory.

[gemini-code-assist]

The configurationId() from TargetKey is used to construct a file path without validation, leading to a Path Traversal vulnerability. An untrusted project could use .. in configurationId to write files outside the intended cache directory. While using ifBlank { "default" } is a good approach for empty IDs, it's critical to sanitize configurationId() to prevent path traversal. Additionally, consider adding a DEBUG log when the default is used to help identify missing configurations.

    val configId = configurationId().ifBlank { "default" }
    if (configId == "default") {
      LOG.debug("Using default cache directory for target key: $this")
    }
    return cacheDirectory.resolve(configId)

References

1. Path Traversal vulnerability due to unsanitized input in file path construction.

[gemini-code-assist]

The use of header.relativePath() and configurationId() to track cached headers, while an in-memory operation here, highlights an insecure handling of untrusted strings. These values are later used to construct file system paths, which could lead to Path Traversal vulnerabilities if configurationId() contains unsafe characters. It is crucial to sanitize or encode configurationId() to ensure it is filesystem-safe before it's used in any path-related operations.

References

1. Path Traversal vulnerability due to unsanitized input in file path construction.