Summary
backend/secuscan/cache.py stores cached responses in dicts with TTL timestamps, but expired keys are only removed when that exact key is read again. Over time, a long-running process can accumulate a large number of expired entries.
Why this is critical
- Memory usage can grow monotonically under dashboards/polling workloads.
- Expired entries remain in
_data / _expires indefinitely unless accessed again.
Evidence (code)
backend/secuscan/cache.py
get_json() deletes only the requested key if it’s expired.- No background sweep / size bound / LRU cap.
Proposed fix (high-level)
- Add a max entry cap and eviction policy (LRU/FIFO).
- Add periodic cleanup:
- background task that sweeps expired keys,
- or opportunistic sweep every N writes.
- Add metrics for cache size and evictions.
Acceptance criteria
- Cache memory use remains bounded under sustained traffic.
- Expired keys are removed without requiring a
get_json() call on each key.
- Tests cover expiry + eviction behavior.
Summary
backend/secuscan/cache.pystores cached responses in dicts with TTL timestamps, but expired keys are only removed when that exact key is read again. Over time, a long-running process can accumulate a large number of expired entries.Why this is critical
_data/_expiresindefinitely unless accessed again.Evidence (code)
backend/secuscan/cache.pyget_json()deletes only the requested key if it’s expired.Proposed fix (high-level)
Acceptance criteria
get_json()call on each key.