Validate cached zip files before reuse

We've seen corrupted wheel files in Python Inspector's cache leading to
`BadZipFile` exceptions.
Add additional validation that ensures that files that will be reused
from the cache are actual zip files.

Signed-off-by: Marcel Bochtler <[email protected]>

Author: MarcelBochtler

src/python_inspector/utils_pypi.py

@@ -34,6 +34,7 @@
 import attr
 import packageurl
 import requests
+import zipfile
 from bs4 import BeautifulSoup
 from commoncode import fileutils
 from commoncode.hash import multi_checksums
@@ -1698,6 +1699,20 @@ async def get(
 
         cache_valid = os.path.exists(cached) and os.path.getsize(cached) > 0
 
+        # Validate cached wheel/egg files.
+        if cache_valid and not as_text:
+            if path_or_url.endswith((".whl", ".egg", ".zip")):
+                try:
+                    if not zipfile.is_zipfile(cached):
+                        if TRACE_DEEP:
+                            print(f"        FILE CACHE INVALID (corrupted zip): {path_or_url}")
+                        cache_valid = False
+                except (FileNotFoundError, OSError):
+                    # File was deleted/modified by another task - treat as cache miss
+                    if TRACE_DEEP:
+                        print(f"        FILE CACHE VANISHED during validation: {path_or_url}")
+                    cache_valid = False
+
         if force or not cache_valid:
             if not cache_valid and os.path.exists(cached):
                 if TRACE_DEEP: