Use Path.GetTempFileName() for 600 Unix file mode

Author: Stephen Halter

src/DataProtection/DataProtection/src/Repositories/FileSystemXmlRepository.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.Internal;
 using Microsoft.Extensions.Logging;
@@ -129,9 +130,17 @@ private void StoreElementCore(XElement element, string filename)
             // crashes mid-write, we won't end up with a corrupt .xml file.
 
             Directory.Create(); // won't throw if the directory already exists
+
             var tempFilename = Path.Combine(Directory.FullName, Guid.NewGuid().ToString() + ".tmp");
             var finalFilename = Path.Combine(Directory.FullName, filename + ".xml");
 
+            // Create a temp file with the correct Unix file mode before moving it to the expected finalFilename.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempTempFilename = Path.GetTempFileName();
+                File.Move(tempTempFilename, tempFilename);
+            }
+
             try
             {
                 using (var tempFileStream = File.OpenWrite(tempFilename))

src/DataProtection/DataProtection/test/Repositories/FileSystemXmlRepositoryTests.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
@@ -158,6 +159,39 @@ public void Logs_DockerEphemeralFolders()
             });
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void StoreElement_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            WithUniqueTempDirectory(dirInfo =>
+            {
+                // Arrange
+                var element = XElement.Parse("<element1 />");
+                var repository = new FileSystemXmlRepository(dirInfo, NullLoggerFactory.Instance);
+
+                // Act
+                repository.StoreElement(element, "friendly-name");
+
+                // Assert
+                var fileInfo = Assert.Single(dirInfo.GetFiles());
+
+                //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, fileInfo.UnixFileMode);
+                var processStartInfo = new ProcessStartInfo
+                {
+                    FileName = "ls",
+                    Arguments = $"-l {fileInfo.FullName}",
+                    RedirectStandardOutput = true,
+                    UseShellExecute = false
+                };
+                var process = Process.Start(processStartInfo);
+
+                Assert.NotNull(process);
+                var output = process!.StandardOutput.ReadToEnd();
+                process.WaitForExit();
+                Assert.StartsWith("-rw-------", output);
+            });
+        }
+
         /// <summary>
         /// Runs a test and cleans up the temp directory afterward.
         /// </summary>

src/Http/WebUtilities/src/FileBufferingReadStream.cs

@@ -5,6 +5,7 @@
 using System.Buffers;
 using System.Diagnostics;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Internal;
@@ -204,6 +205,14 @@ private Stream CreateTempFile()
             }
 
             _tempFileName = Path.Combine(_tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid().ToString() + ".tmp");
+
+            // Create a temp file with the correct Unix file mode before moving it to the assigned _tempFileName in the _tempFileDirectory.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempTempFileName = Path.GetTempFileName();
+                File.Move(tempTempFileName, _tempFileName);
+            }
+
             return new FileStream(_tempFileName, FileMode.Create, FileAccess.ReadWrite, FileShare.Delete, 1024 * 16,
                 FileOptions.Asynchronous | FileOptions.DeleteOnClose | FileOptions.SequentialScan);
         }

src/Http/WebUtilities/src/FileBufferingWriteStream.cs

@@ -5,6 +5,7 @@
 using System.Buffers;
 using System.Diagnostics;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Internal;
@@ -224,6 +225,14 @@ private void EnsureFileStream()
             {
                 var tempFileDirectory = _tempFileDirectoryAccessor();
                 var tempFileName = Path.Combine(tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid() + ".tmp");
+
+                // Create a temp file with the correct Unix file mode before moving it to the assigned tempFileName in the _tempFileDirectory.
+                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                {
+                    var tempTempFileName = Path.GetTempFileName();
+                    File.Move(tempTempFileName, tempFileName);
+                }
+
                 FileStream = new FileStream(
                     tempFileName,
                     FileMode.Create,

src/Http/WebUtilities/test/FileBufferingReadStreamTests.cs

@@ -3,9 +3,11 @@
 
 using System;
 using System.Buffers;
+using System.Diagnostics;
 using System.IO;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Testing;
 using Moq;
 using Xunit;
 
@@ -351,6 +353,47 @@ public async Task FileBufferingReadStream_UsingMemoryStream_RentsAndReturnsRente
             Assert.False(File.Exists(tempFileName));
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void Read_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            var inner = MakeStream(1024 * 2);
+            string tempFileName;
+            using (var stream = new FileBufferingReadStream(inner, 1024, null, GetCurrentDirectory()))
+            {
+                var bytes = new byte[1024 * 2];
+                var read0 = stream.Read(bytes, 0, bytes.Length);
+                Assert.Equal(bytes.Length, read0);
+                Assert.Equal(read0, stream.Length);
+                Assert.Equal(read0, stream.Position);
+                Assert.False(stream.InMemory);
+                Assert.NotNull(stream.TempFileName);
+
+                var read1 = stream.Read(bytes, 0, bytes.Length);
+                Assert.Equal(0, read1);
+
+                tempFileName = stream.TempFileName!;
+                Assert.True(File.Exists(tempFileName));
+
+                //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(tempFileName));
+                var processStartInfo = new ProcessStartInfo
+                {
+                    FileName = "ls",
+                    Arguments = $"-l {tempFileName}",
+                    RedirectStandardOutput = true,
+                    UseShellExecute = false
+                };
+                var process = Process.Start(processStartInfo);
+
+                Assert.NotNull(process);
+                var output = process!.StandardOutput.ReadToEnd();
+                process.WaitForExit();
+                Assert.StartsWith("-rw-------", output);
+            }
+
+            Assert.False(File.Exists(tempFileName));
+        }
+
         private static string GetCurrentDirectory()
         {
             return AppContext.BaseDirectory;

src/Http/WebUtilities/test/FileBufferingWriteStreamTests.cs

@@ -7,7 +7,9 @@
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Testing;
 using Xunit;
+using System.Diagnostics;
 
 namespace Microsoft.AspNetCore.WebUtilities
 {
@@ -370,6 +372,37 @@ public async Task DrainBufferAsync_WithContentInDisk_CopiesContentFromMemoryStre
             Assert.Equal(0, bufferingStream.Length);
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void Write_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            // Arrange
+            var input = new byte[] { 1, 2, 3, };
+            using var bufferingStream = new FileBufferingWriteStream(memoryThreshold: 2, tempFileDirectoryAccessor: () => TempDirectory);
+            bufferingStream.Write(input, 0, 2);
+
+            // Act
+            bufferingStream.Write(input, 2, 1);
+
+            // Assert
+            Assert.NotNull(bufferingStream.FileStream);
+
+            //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(bufferingStream.FileStream.SafeFileHandle));
+            var processStartInfo = new ProcessStartInfo
+            {
+                FileName = "ls",
+                Arguments = $"-l {bufferingStream.FileStream!.Name}",
+                RedirectStandardOutput = true,
+                UseShellExecute = false
+            };
+            var process = Process.Start(processStartInfo);
+
+            Assert.NotNull(process);
+            var output = process!.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+            Assert.StartsWith("-rw-------", output);
+        }
+
         public void Dispose()
         {
             try

src/Shared/CertificateGeneration/CertificateManager.cs

@@ -383,6 +383,14 @@ public void ExportCertificate(X509Certificate2 certificate, string path, bool in
                     throw;
                 }
             }
+
+            // Create a temp file with the correct Unix file mode before moving it to the expected path.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempFilename = Path.GetTempFileName();
+                File.Move(tempFilename, path, overwrite: true);
+            }
+
             try
             {
                 diagnostics?.Debug($"Writing exported certificate to path '{path}'.");
@@ -668,6 +676,7 @@ private static void RemoveCertificateTrustRule(X509Certificate2 certificate)
             try
             {
                 var certBytes = certificate.Export(X509ContentType.Cert);
+
                 File.WriteAllBytes(certificatePath, certBytes);
                 var processInfo = new ProcessStartInfo(
                     MacOSRemoveCertificateTrustCommandLine,

src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
@@ -241,6 +242,40 @@ public void EnsureAspNetCoreHttpsDevelopmentCertificate_CanRemoveCertificates()
                 Assert.Empty(CertificateManager.ListCertificates(CertificatePurpose.HTTPS, StoreName.Root, StoreLocation.CurrentUser, isValid: false).Where(c => c.Subject == TestCertificateSubject));
             }
         }
+
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        [OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "https://github.com/dotnet/aspnetcore/issues/6720")]
+        public void EnsureCreateHttpsCertificate_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            _fixture.CleanupCertificates();
+
+            const string CertificateName = nameof(EnsureCreateHttpsCertificate_CreatesFileWithUserOnlyUnixFileMode) + ".pfx";
+            var certificatePassword = Guid.NewGuid().ToString();
+            var now = DateTimeOffset.UtcNow;
+            now = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, 0, now.Offset);
+
+            var result = _manager
+                .EnsureAspNetCoreHttpsDevelopmentCertificate(now, now.AddYears(1), CertificateName, trust: false, includePrivateKey: true, password: certificatePassword, subject: TestCertificateSubject, isInteractive: false);
+
+            Assert.Equal(EnsureCertificateResult.Succeeded, result.ResultCode);
+            Assert.True(File.Exists(CertificateName));
+
+            //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(CertificateName));
+            var processStartInfo = new ProcessStartInfo
+            {
+                FileName = "ls",
+                Arguments = $"-l {CertificateName}",
+                RedirectStandardOutput = true,
+                UseShellExecute = false
+            };
+            var process = Process.Start(processStartInfo);
+
+            Assert.NotNull(process);
+            var output = process!.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+            Assert.StartsWith("-rw-------", output);
+        }
     }
 
     public class CertFixture : IDisposable

src/Tools/dotnet-user-secrets/src/Internal/SecretsStore.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Text;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.UserSecrets;
@@ -46,6 +47,9 @@ public string this[string key]
 
         public int Count => _secrets.Count;
 
+        // For testing.
+        internal string SecretsFilePath => _secretsFilePath;
+
         public bool ContainsKey(string key) => _secrets.ContainsKey(key);
 
         public IEnumerable<KeyValuePair<string, string>> AsEnumerable() => _secrets;
@@ -75,6 +79,13 @@ public virtual void Save()
                 }
             }
 
+            // Create a temp file with the correct Unix file mode before moving it to the expected _filePath.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempFilename = Path.GetTempFileName();
+                File.Move(tempFilename, _secretsFilePath, overwrite: true);
+            }
+
             File.WriteAllText(_secretsFilePath, contents.ToString(), Encoding.UTF8);
         }
 

src/Tools/dotnet-user-secrets/src/Program.cs

@@ -29,6 +29,9 @@ public Program(IConsole console, string workingDirectory)
             _workingDirectory = workingDirectory;
         }
 
+        // For testing.
+        internal string SecretsFilePath { get; private set; }
+
         public bool TryRun(string[] args, out int returnCode)
         {
             try
@@ -91,6 +94,10 @@ internal int RunInternal(params string[] args)
             var store = new SecretsStore(userSecretsId, reporter);
             var context = new Internal.CommandContext(store, reporter, _console);
             options.Command.Execute(context);
+
+            // For testing.
+            SecretsFilePath = store.SecretsFilePath;
+
             return 0;
         }