Skip to content

fix(webapp): prevent TOCTOU race and use atomic writes#12

Merged
lostmygithubaccount merged 1 commit into
mainfrom
fix/toctou-race-atomic-writes
Apr 5, 2026
Merged

fix(webapp): prevent TOCTOU race and use atomic writes#12
lostmygithubaccount merged 1 commit into
mainfrom
fix/toctou-race-atomic-writes

Conversation

@lostmygithubaccount
Copy link
Copy Markdown
Member

@lostmygithubaccount lostmygithubaccount commented Apr 5, 2026

Summary

  • Hold Mutex across entire load-modify-save cycle via modify_config() helper to prevent concurrent requests from overwriting each other's changes
  • Write config to temp file then fs::rename for crash-safe atomic saves in toml_storage.rs
  • Refactor all mutation handlers (add_url, add_group, delete_url, delete_group, edit_url, edit_group) to use new modify_or_err pattern

Generated with Claude Code

@lostmygithubaccount @claude
fix(webapp): prevent TOCTOU race in config mutation and use atomic wr…
c325797 
…ites

Hold the Mutex across the entire load-modify-save cycle so concurrent
requests cannot read stale config and overwrite each other's changes.
Also write config to a temp file then rename for crash-safe saves.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@lostmygithubaccount lostmygithubaccount enabled auto-merge (squash) April 5, 2026 23:48
@lostmygithubaccount lostmygithubaccount merged commit 8f5324d into main Apr 5, 2026
1 check passed
@lostmygithubaccount lostmygithubaccount deleted the fix/toctou-race-atomic-writes branch April 5, 2026 23:52
@lostmygithubaccount lostmygithubaccount mentioned this pull request Apr 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lostmygithubaccount