Merged PR 25951: [internal/release/7.0] Use Path.GetTempFileName() for 600 Unix file mode

# {PR title}

Summary of the changes (Less than 80 chars)

## Description

{Detail}

Fixes #{bug number} (in this specific format)

## Customer Impact

{Justification}

## Regression?

- [ ] Yes
- [ ] No

[If yes, specify the version the behavior has regressed from]

## Risk

- [ ] High
- [ ] Medium
- [ ] Low

[Justify the selection above]

## Verification

- [ ] Manual (required)
- [ ] Automated

## Packaging changes reviewed?

- [ ] Yes
- [ ] No
- [ ] N/A

----

## When servicing release/2.1

- [ ] Make necessary changes in eng/PatchConfig.props

This is the simplest "backport" of https://dev.azure.com/dnceng/internal/_git/dotnet-aspnetcore/pullrequest/25405 since we can use Path.GetTempFileName() on windows without worrying about hitting a limit, and we can use the Unix file mode APIs for tests.

The other backports shouldn't be too bad though. Do we have a recommendation on how to test the unix file mode on backports? P/Inoking stat(2)? Don't bother?

Cherry picked from !25566

Author: mmitche

src/DataProtection/DataProtection/src/Repositories/FileSystemXmlRepository.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.Internal;
 using Microsoft.Extensions.Logging;
@@ -131,9 +132,17 @@ private void StoreElementCore(XElement element, string filename)
         // crashes mid-write, we won't end up with a corrupt .xml file.
 
         Directory.Create(); // won't throw if the directory already exists
+
         var tempFilename = Path.Combine(Directory.FullName, Guid.NewGuid().ToString() + ".tmp");
         var finalFilename = Path.Combine(Directory.FullName, filename + ".xml");
 
+        // Create a temp file with the correct Unix file mode before moving it to the expected finalFilename.
+        if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+        {
+            var tempTempFilename = Path.GetTempFileName();
+            File.Move(tempTempFilename, tempFilename);
+        }
+
         try
         {
             using (var tempFileStream = File.OpenWrite(tempFilename))

src/DataProtection/DataProtection/test/Repositories/FileSystemXmlRepositoryTests.cs

@@ -155,6 +155,25 @@ public void Logs_DockerEphemeralFolders()
         });
     }
 
+    [ConditionalFact]
+    [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+    public void StoreElement_CreatesFileWithUserOnlyUnixFileMode()
+    {
+        WithUniqueTempDirectory(dirInfo =>
+        {
+            // Arrange
+            var element = XElement.Parse("<element1 />");
+            var repository = new FileSystemXmlRepository(dirInfo, NullLoggerFactory.Instance);
+
+            // Act
+            repository.StoreElement(element, "friendly-name");
+
+            // Assert
+            var fileInfo = Assert.Single(dirInfo.GetFiles());
+            Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, fileInfo.UnixFileMode);
+        });
+    }
+
     /// <summary>
     /// Runs a test and cleans up the temp directory afterward.
     /// </summary>

src/Http/WebUtilities/src/FileBufferingReadStream.cs

@@ -4,6 +4,7 @@
 using System.Buffers;
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
+using System.Runtime.InteropServices;
 using Microsoft.AspNetCore.Internal;
 
 namespace Microsoft.AspNetCore.WebUtilities;
@@ -254,6 +255,14 @@ private Stream CreateTempFile()
         }
 
         _tempFileName = Path.Combine(_tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid().ToString() + ".tmp");
+
+        // Create a temp file with the correct Unix file mode before moving it to the assigned _tempFileName in the _tempFileDirectory.
+        if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+        {
+            var tempTempFileName = Path.GetTempFileName();
+            File.Move(tempTempFileName, _tempFileName);
+        }
+
         return new FileStream(_tempFileName, FileMode.Create, FileAccess.ReadWrite, FileShare.Delete, 1024 * 16,
             FileOptions.Asynchronous | FileOptions.DeleteOnClose | FileOptions.SequentialScan);
     }

src/Http/WebUtilities/src/FileBufferingWriteStream.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 using System.IO.Pipelines;
+using System.Runtime.InteropServices;
 using Microsoft.AspNetCore.Internal;
 
 namespace Microsoft.AspNetCore.WebUtilities;
@@ -271,6 +272,14 @@ private void EnsureFileStream()
         {
             var tempFileDirectory = _tempFileDirectoryAccessor();
             var tempFileName = Path.Combine(tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid() + ".tmp");
+
+            // Create a temp file with the correct Unix file mode before moving it to the assigned tempFileName in the _tempFileDirectory.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempTempFileName = Path.GetTempFileName();
+                File.Move(tempTempFileName, tempFileName);
+            }
+
             FileStream = new FileStream(
                 tempFileName,
                 FileMode.Create,

src/Http/WebUtilities/test/FileBufferingReadStreamTests.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Buffers;
+using Microsoft.AspNetCore.Testing;
 using Moq;
 
 namespace Microsoft.AspNetCore.WebUtilities;
@@ -599,6 +600,33 @@ public async Task PartialReadAsyncThenSeekReplaysBuffer()
         Assert.Equal(data.AsMemory(0, read2).ToArray(), buffer2.AsMemory(0, read2).ToArray());
     }
 
+    [ConditionalFact]
+    [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+    public void Read_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+    {
+        var inner = MakeStream(1024 * 2);
+        string tempFileName;
+        using (var stream = new FileBufferingReadStream(inner, 1024, null, GetCurrentDirectory()))
+        {
+            var bytes = new byte[1024 * 2];
+            var read0 = stream.Read(bytes, 0, bytes.Length);
+            Assert.Equal(bytes.Length, read0);
+            Assert.Equal(read0, stream.Length);
+            Assert.Equal(read0, stream.Position);
+            Assert.False(stream.InMemory);
+            Assert.NotNull(stream.TempFileName);
+
+            var read1 = stream.Read(bytes, 0, bytes.Length);
+            Assert.Equal(0, read1);
+
+            tempFileName = stream.TempFileName!;
+            Assert.True(File.Exists(tempFileName));
+            Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(tempFileName));
+        }
+
+        Assert.False(File.Exists(tempFileName));
+    }
+
     private static string GetCurrentDirectory()
     {
         return AppContext.BaseDirectory;

src/Http/WebUtilities/test/FileBufferingWriteStreamTests.cs

@@ -3,6 +3,7 @@
 
 using System.Buffers;
 using System.Text;
+using Microsoft.AspNetCore.Testing;
 
 namespace Microsoft.AspNetCore.WebUtilities;
 
@@ -365,6 +366,23 @@ public async Task DrainBufferAsync_WithContentInDisk_CopiesContentFromMemoryStre
         Assert.Equal(0, bufferingStream.Length);
     }
 
+    [ConditionalFact]
+    [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+    public void Write_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+    {
+        // Arrange
+        var input = new byte[] { 1, 2, 3, };
+        using var bufferingStream = new FileBufferingWriteStream(memoryThreshold: 2, tempFileDirectoryAccessor: () => TempDirectory);
+        bufferingStream.Write(input, 0, 2);
+
+        // Act
+        bufferingStream.Write(input, 2, 1);
+
+        // Assert
+        Assert.NotNull(bufferingStream.FileStream);
+        Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(bufferingStream.FileStream.SafeFileHandle));
+    }
+
     public void Dispose()
     {
         try

src/Shared/CertificateGeneration/CertificateManager.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Diagnostics.Tracing;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -548,6 +549,14 @@ internal static void ExportCertificate(X509Certificate2 certificate, string path
         try
         {
             Log.WriteCertificateToDisk(path);
+
+            // Create a temp file with the correct Unix file mode before moving it to the expected path.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempFilename = Path.GetTempFileName();
+                File.Move(tempFilename, path, overwrite: true);
+            }
+
             File.WriteAllBytes(path, bytes);
         }
         catch (Exception ex) when (Log.IsEnabled())
@@ -568,6 +577,14 @@ internal static void ExportCertificate(X509Certificate2 certificate, string path
             {
                 var keyPath = Path.ChangeExtension(path, ".key");
                 Log.WritePemKeyToDisk(keyPath);
+
+                // Create a temp file with the correct Unix file mode before moving it to the expected path.
+                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                {
+                    var tempFilename = Path.GetTempFileName();
+                    File.Move(tempFilename, keyPath, overwrite: true);
+                }
+
                 File.WriteAllBytes(keyPath, pemEnvelope);
             }
             catch (Exception ex) when (Log.IsEnabled())

src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs

@@ -418,6 +418,32 @@ public void ListCertificates_AlwaysReturnsTheCertificate_WithHighestVersion()
                 e.Oid.Value == CertificateManager.AspNetHttpsOid &&
                 e.RawData[0] == 1);
     }
+
+    [ConditionalFact]
+    [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+    [OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "https://github.com/dotnet/aspnetcore/issues/6720")]
+    public void EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode()
+    {
+        _fixture.CleanupCertificates();
+
+        const string CertificateName = nameof(EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode) + ".pem";
+        const string KeyName = nameof(EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode) + ".key";
+
+        var certificatePassword = Guid.NewGuid().ToString();
+        var now = DateTimeOffset.UtcNow;
+        now = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, 0, now.Offset);
+
+        var result = _manager
+            .EnsureAspNetCoreHttpsDevelopmentCertificate(now, now.AddYears(1), CertificateName, trust: false, includePrivateKey: true, password: certificatePassword, keyExportFormat: CertificateKeyExportFormat.Pem, isInteractive: false);
+
+        Assert.Equal(EnsureCertificateResult.Succeeded, result);
+
+        Assert.True(File.Exists(CertificateName));
+        Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(CertificateName));
+
+        Assert.True(File.Exists(KeyName));
+        Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(KeyName));
+    }
 }
 
 public class CertFixture : IDisposable

src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs

@@ -20,7 +20,7 @@ internal sealed class CreateCommand
         @"s\s"
     };
 
-    public static void Register(ProjectCommandLineApplication app)
+    public static void Register(ProjectCommandLineApplication app, Program program)
     {
         app.Command("create", cmd =>
         {
@@ -94,7 +94,7 @@ public static void Register(ProjectCommandLineApplication app)
                     return 1;
                 }
 
-                return Execute(cmd.Reporter, cmd.ProjectOption.Value(), options, optionsString, outputOption.Value());
+                return Execute(cmd.Reporter, cmd.ProjectOption.Value(), options, optionsString, outputOption.Value(), program);
             });
         });
     }
@@ -227,7 +227,8 @@ private static int Execute(
         string projectPath,
         JwtCreatorOptions options,
         string optionsString,
-        string outputFormat)
+        string outputFormat,
+        Program program)
     {
         if (!DevJwtCliHelpers.GetProjectAndSecretsId(projectPath, reporter, out var project, out var userSecretsId))
         {
@@ -238,7 +239,7 @@ private static int Execute(
         var jwtIssuer = new JwtIssuer(options.Issuer, keyMaterial);
         var jwtToken = jwtIssuer.Create(options);
 
-        var jwtStore = new JwtStore(userSecretsId);
+        var jwtStore = new JwtStore(userSecretsId, program);
         var jwt = Jwt.Create(options.Scheme, jwtToken, JwtIssuer.WriteToken(jwtToken), options.Scopes, options.Roles, options.Claims);
         if (options.Claims is { } customClaims)
         {

src/Tools/dotnet-user-jwts/src/Helpers/JwtStore.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Runtime.InteropServices;
 using System.Text.Json;
 using Microsoft.Extensions.Configuration.UserSecrets;
 
@@ -12,11 +13,17 @@ public class JwtStore
     private readonly string _userSecretsId;
     private readonly string _filePath;
 
-    public JwtStore(string userSecretsId)
+    public JwtStore(string userSecretsId, Program program = null)
     {
         _userSecretsId = userSecretsId;
         _filePath = Path.Combine(Path.GetDirectoryName(PathHelper.GetSecretsPathFromSecretsId(userSecretsId)), FileName);
         Load();
+
+        // For testing.
+        if (program is not null)
+        {
+            program.UserJwtsFilePath = _filePath;
+        }
     }
 
     public IDictionary<string, Jwt> Jwts { get; private set; } = new Dictionary<string, Jwt>();
@@ -37,6 +44,13 @@ public void Save()
     {
         if (Jwts is not null)
         {
+            // Create a temp file with the correct Unix file mode before moving it to the expected _filePath.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempFilename = Path.GetTempFileName();
+                File.Move(tempFilename, _filePath, overwrite: true);
+            }
+
             using var fileStream = new FileStream(_filePath, FileMode.Create, FileAccess.Write);
             JsonSerializer.Serialize(fileStream, Jwts);
         }