EnsureDBInstalled race condition (TOCTOU)

## Description
While `EnsureDBInstalled()` uses a mutex (`ensureMux`) to protect the installation process, the initial check `IsDBInstalled()` at line 56 happens outside the mutex lock. This creates a TOCTOU (Time-of-Check-Time-of-Use) race condition where two concurrent calls could both see the DB as not installed, then both proceed with installation (though the mutex will serialize the actual install).

## Severity
**MEDIUM** - Race condition

## Test Reference
Test: `TestEnsureDBInstalled_Concurrent` in `pkg/db/db_local/install_test.go:167` (skipped)

## Suggested Fix
Move the `IsDBInstalled()` check inside the mutex lock.

## Related Code
- `pkg/db/db_local/install.go:39-54`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

EnsureDBInstalled race condition (TOCTOU) #4818

Description

Severity

Test Reference

Suggested Fix

Related Code

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

EnsureDBInstalled race condition (TOCTOU) #4818

Description

Description

Severity

Test Reference

Suggested Fix

Related Code

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions