refactor: deduplicate _to_boolean and fix TOCTOU in expansion cache

Extract duplicated _to_boolean logic from condition_resolver.py and
fn_if.py into IntrinsicFunctionResolver.to_boolean() static method.

Replace os.path.isfile() + os.path.getmtime() two-step check with a
single try/except around getmtime() to eliminate the race condition.

Author: bnusunny

samcli/lib/cfn_language_extensions/resolvers/base.py

@@ -183,6 +183,26 @@ def get_function_args(self, value: Dict[str, Any]) -> Any:
         """
         return next(iter(value.values()))
 
+    @staticmethod
+    def to_boolean(value: Any) -> bool:
+        """
+        Convert a value to a boolean using CloudFormation semantics.
+
+        CloudFormation conditions can be:
+        - Boolean values (True/False)
+        - String "true"/"false" (case-insensitive)
+        - Other types use Python's truthiness
+        """
+        if isinstance(value, bool):
+            return value
+        if isinstance(value, str):
+            lower_value = value.lower()
+            if lower_value == "true":
+                return True
+            elif lower_value == "false":
+                return False
+        return bool(value)
+
 
 class IntrinsicResolver:
     """

samcli/lib/cfn_language_extensions/resolvers/condition_resolver.py

@@ -356,32 +356,4 @@ def _resolve_nested(self, value: Any) -> Any:
         return value
 
     def _to_boolean(self, value: Any) -> bool:
-        """
-        Convert a value to a boolean.
-
-        CloudFormation conditions can be:
-        - Boolean values (True/False)
-        - String "true"/"false" (case-insensitive)
-
-        Args:
-            value: The value to convert.
-
-        Returns:
-            The boolean representation of the value.
-
-        Raises:
-            InvalidTemplateException: If the value cannot be converted to boolean.
-        """
-        if isinstance(value, bool):
-            return value
-
-        if isinstance(value, str):
-            lower_value = value.lower()
-            if lower_value == "true":
-                return True
-            elif lower_value == "false":
-                return False
-
-        # For other types, use Python's truthiness
-        # This handles cases where nested intrinsics return non-boolean values
-        return bool(value)
+        return self.to_boolean(value)

samcli/lib/cfn_language_extensions/resolvers/fn_if.py

@@ -163,31 +163,7 @@ def _evaluate_condition(self, condition_name: str) -> bool:
             self.context._evaluating_conditions.discard(condition_name)
 
     def _to_boolean(self, value: Any) -> bool:
-        """
-        Convert a value to a boolean.
-
-        CloudFormation conditions can be:
-        - Boolean values (True/False)
-        - String "true"/"false" (case-insensitive)
-
-        Args:
-            value: The value to convert.
-
-        Returns:
-            The boolean representation of the value.
-        """
-        if isinstance(value, bool):
-            return value
-
-        if isinstance(value, str):
-            lower_value = value.lower()
-            if lower_value == "true":
-                return True
-            elif lower_value == "false":
-                return False
-
-        # For other types, use Python's truthiness
-        return bool(value)
+        return self.to_boolean(value)
 
     def _is_no_value_ref(self, value: Any) -> bool:
         """

samcli/lib/cfn_language_extensions/sam_integration.py

@@ -534,8 +534,13 @@ def expand_language_extensions(
     """
     # --- cache lookup ---
     cache_key: Optional[Tuple[str, float, str]] = None
-    if template_path and os.path.isfile(template_path):
-        cache_key = (template_path, os.path.getmtime(template_path), _hash_params(parameter_values))
+    if template_path:
+        try:
+            mtime = os.path.getmtime(template_path)
+            cache_key = (template_path, mtime, _hash_params(parameter_values))
+        except OSError:
+            pass
+    if cache_key is not None:
         cached = _expansion_cache.get(cache_key)
         if cached is not None:
             LOG.debug("Cache hit for template expansion: %s", template_path)