Use Path.GetTempFileName() for 600 Unix file mode

Author: Stephen Halter

src/DataProtection/DataProtection/src/Repositories/FileSystemXmlRepository.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.Internal;
 using Microsoft.Extensions.Logging;
@@ -131,9 +132,17 @@ private void StoreElementCore(XElement element, string filename)
             // crashes mid-write, we won't end up with a corrupt .xml file.
 
             Directory.Create(); // won't throw if the directory already exists
+
             var tempFilename = Path.Combine(Directory.FullName, Guid.NewGuid().ToString() + ".tmp");
             var finalFilename = Path.Combine(Directory.FullName, filename + ".xml");
 
+            // Create a temp file with the correct Unix file mode before moving it to the expected finalFilename.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempTempFilename = Path.GetTempFileName();
+                File.Move(tempTempFilename, tempFilename);
+            }
+
             try
             {
                 using (var tempFileStream = File.OpenWrite(tempFilename))

src/DataProtection/DataProtection/test/Repositories/FileSystemXmlRepositoryTests.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
@@ -158,6 +159,39 @@ public void Logs_DockerEphemeralFolders()
             });
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void StoreElement_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            WithUniqueTempDirectory(dirInfo =>
+            {
+                // Arrange
+                var element = XElement.Parse("<element1 />");
+                var repository = new FileSystemXmlRepository(dirInfo, NullLoggerFactory.Instance);
+
+                // Act
+                repository.StoreElement(element, "friendly-name");
+
+                // Assert
+                var fileInfo = Assert.Single(dirInfo.GetFiles());
+
+                //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, fileInfo.UnixFileMode);
+                var processStartInfo = new ProcessStartInfo
+                {
+                    FileName = "ls",
+                    Arguments = $"-l {fileInfo.FullName}",
+                    RedirectStandardOutput = true,
+                    UseShellExecute = false
+                };
+                var process = Process.Start(processStartInfo);
+
+                Assert.NotNull(process);
+                var output = process!.StandardOutput.ReadToEnd();
+                process.WaitForExit();
+                Assert.StartsWith("-rw-------", output);
+            });
+        }
+
         /// <summary>
         /// Runs a test and cleans up the temp directory afterward.
         /// </summary>

src/Http/WebUtilities/src/FileBufferingReadStream.cs

@@ -6,6 +6,7 @@
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Internal;
@@ -258,6 +259,14 @@ private Stream CreateTempFile()
             }
 
             _tempFileName = Path.Combine(_tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid().ToString() + ".tmp");
+
+            // Create a temp file with the correct Unix file mode before moving it to the assigned _tempFileName in the _tempFileDirectory.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempTempFileName = Path.GetTempFileName();
+                File.Move(tempTempFileName, _tempFileName);
+            }
+
             return new FileStream(_tempFileName, FileMode.Create, FileAccess.ReadWrite, FileShare.Delete, 1024 * 16,
                 FileOptions.Asynchronous | FileOptions.DeleteOnClose | FileOptions.SequentialScan);
         }

src/Http/WebUtilities/src/FileBufferingWriteStream.cs

@@ -7,6 +7,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.IO.Pipelines;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Internal;
@@ -271,6 +272,14 @@ private void EnsureFileStream()
             {
                 var tempFileDirectory = _tempFileDirectoryAccessor();
                 var tempFileName = Path.Combine(tempFileDirectory, "ASPNETCORE_" + Guid.NewGuid() + ".tmp");
+
+                // Create a temp file with the correct Unix file mode before moving it to the assigned tempFileName in the _tempFileDirectory.
+                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                {
+                    var tempTempFileName = Path.GetTempFileName();
+                    File.Move(tempTempFileName, tempFileName);
+                }
+
                 FileStream = new FileStream(
                     tempFileName,
                     FileMode.Create,

src/Http/WebUtilities/test/FileBufferingReadStreamTests.cs

@@ -3,9 +3,11 @@
 
 using System;
 using System.Buffers;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Testing;
 using Moq;
 using Xunit;
 
@@ -598,6 +600,47 @@ public async Task PartialReadAsyncThenSeekReplaysBuffer()
             Assert.Equal(data.AsMemory(0, read2).ToArray(), buffer2.AsMemory(0, read2).ToArray());
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void Read_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            var inner = MakeStream(1024 * 2);
+            string tempFileName;
+            using (var stream = new FileBufferingReadStream(inner, 1024, null, GetCurrentDirectory()))
+            {
+                var bytes = new byte[1024 * 2];
+                var read0 = stream.Read(bytes, 0, bytes.Length);
+                Assert.Equal(bytes.Length, read0);
+                Assert.Equal(read0, stream.Length);
+                Assert.Equal(read0, stream.Position);
+                Assert.False(stream.InMemory);
+                Assert.NotNull(stream.TempFileName);
+
+                var read1 = stream.Read(bytes, 0, bytes.Length);
+                Assert.Equal(0, read1);
+
+                tempFileName = stream.TempFileName!;
+                Assert.True(File.Exists(tempFileName));
+
+                //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(tempFileName));
+                var processStartInfo = new ProcessStartInfo
+                {
+                    FileName = "ls",
+                    Arguments = $"-l {tempFileName}",
+                    RedirectStandardOutput = true,
+                    UseShellExecute = false
+                };
+                var process = Process.Start(processStartInfo);
+
+                Assert.NotNull(process);
+                var output = process!.StandardOutput.ReadToEnd();
+                process.WaitForExit();
+                Assert.StartsWith("-rw-------", output);
+            }
+
+            Assert.False(File.Exists(tempFileName));
+        }
+
         private static string GetCurrentDirectory()
         {
             return AppContext.BaseDirectory;

src/Http/WebUtilities/test/FileBufferingWriteStreamTests.cs

@@ -8,7 +8,9 @@
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Configuration;
+using Microsoft.AspNetCore.Testing;
 using Xunit;
+using System.Diagnostics;
 
 namespace Microsoft.AspNetCore.WebUtilities
 {
@@ -371,6 +373,37 @@ public async Task DrainBufferAsync_WithContentInDisk_CopiesContentFromMemoryStre
             Assert.Equal(0, bufferingStream.Length);
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        public void Write_BufferingContentToDisk_CreatesFileWithUserOnlyUnixFileMode()
+        {
+            // Arrange
+            var input = new byte[] { 1, 2, 3, };
+            using var bufferingStream = new FileBufferingWriteStream(memoryThreshold: 2, tempFileDirectoryAccessor: () => TempDirectory);
+            bufferingStream.Write(input, 0, 2);
+
+            // Act
+            bufferingStream.Write(input, 2, 1);
+
+            // Assert
+            Assert.NotNull(bufferingStream.FileStream);
+
+            //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(bufferingStream.FileStream.SafeFileHandle));
+            var processStartInfo = new ProcessStartInfo
+            {
+                FileName = "ls",
+                Arguments = $"-l {bufferingStream.FileStream!.Name}",
+                RedirectStandardOutput = true,
+                UseShellExecute = false
+            };
+            var process = Process.Start(processStartInfo);
+
+            Assert.NotNull(process);
+            var output = process!.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+            Assert.StartsWith("-rw-------", output);
+        }
+
         public void Dispose()
         {
             try

src/Shared/CertificateGeneration/CertificateManager.cs

@@ -7,6 +7,7 @@
 using System.Diagnostics.Tracing;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -539,6 +540,14 @@ internal void ExportCertificate(X509Certificate2 certificate, string path, bool
             try
             {
                 Log.WriteCertificateToDisk(path);
+
+                // Create a temp file with the correct Unix file mode before moving it to the expected path.
+                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                {
+                    var tempFilename = Path.GetTempFileName();
+                    File.Move(tempFilename, path, overwrite: true);
+                }
+
                 File.WriteAllBytes(path, bytes);
             }
             catch (Exception ex) when (Log.IsEnabled())
@@ -559,6 +568,14 @@ internal void ExportCertificate(X509Certificate2 certificate, string path, bool
                 {
                     var keyPath = Path.ChangeExtension(path, ".key");
                     Log.WritePemKeyToDisk(keyPath);
+
+                    // Create a temp file with the correct Unix file mode before moving it to the expected path.
+                    if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                    {
+                        var tempFilename = Path.GetTempFileName();
+                        File.Move(tempFilename, keyPath, overwrite: true);
+                    }
+
                     File.WriteAllBytes(keyPath, pemEnvelope);
                 }
                 catch (Exception ex) when (Log.IsEnabled())

src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
@@ -419,6 +420,51 @@ public void ListCertificates_AlwaysReturnsTheCertificate_WithHighestVersion()
                     e.Oid.Value == "1.3.6.1.4.1.311.84.1.1" &&
                     e.RawData[0] == 1);
         }
+
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Windows, SkipReason = "UnixFileMode is not supported on Windows.")]
+        [OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "https://github.com/dotnet/aspnetcore/issues/6720")]
+        public void EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode()
+        {
+            _fixture.CleanupCertificates();
+
+            const string CertificateName = nameof(EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode) + ".pem";
+            const string KeyName = nameof(EnsureCreateHttpsCertificate_CreatesFilesWithUserOnlyUnixFileMode) + ".key";
+
+            var certificatePassword = Guid.NewGuid().ToString();
+            var now = DateTimeOffset.UtcNow;
+            now = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, 0, now.Offset);
+
+            var result = _manager
+                .EnsureAspNetCoreHttpsDevelopmentCertificate(now, now.AddYears(1), CertificateName, trust: false, includePrivateKey: true, password: certificatePassword, keyExportFormat: CertificateKeyExportFormat.Pem, isInteractive: false);
+
+            Assert.Equal(EnsureCertificateResult.Succeeded, result);
+
+            Assert.True(File.Exists(CertificateName));
+            //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(CertificateName));
+            AssertFileMode(CertificateName, "-rw-------");
+
+            Assert.True(File.Exists(KeyName));
+            //Assert.Equal(UnixFileMode.UserRead | UnixFileMode.UserWrite, File.GetUnixFileMode(KeyName));
+            AssertFileMode(KeyName, "-rw-------");
+        }
+
+        private static void AssertFileMode(string path, string fileMode)
+        {
+            var processStartInfo = new ProcessStartInfo
+            {
+                FileName = "ls",
+                Arguments = $"-l {path}",
+                RedirectStandardOutput = true,
+                UseShellExecute = false
+            };
+            var process = Process.Start(processStartInfo);
+
+            Assert.NotNull(process);
+            var output = process!.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+            Assert.StartsWith(fileMode, output);
+        }
     }
 
     public class CertFixture : IDisposable

src/Tools/dotnet-user-secrets/src/Internal/SecretsStore.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Text;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.UserSecrets;
@@ -46,6 +47,9 @@ public string this[string key]
 
         public int Count => _secrets.Count;
 
+        // For testing.
+        internal string SecretsFilePath => _secretsFilePath;
+
         public bool ContainsKey(string key) => _secrets.ContainsKey(key);
 
         public IEnumerable<KeyValuePair<string, string>> AsEnumerable() => _secrets;
@@ -75,6 +79,13 @@ public virtual void Save()
                 }
             }
 
+            // Create a temp file with the correct Unix file mode before moving it to the expected _filePath.
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var tempFilename = Path.GetTempFileName();
+                File.Move(tempFilename, _secretsFilePath, overwrite: true);
+            }
+
             File.WriteAllText(_secretsFilePath, contents.ToString(), Encoding.UTF8);
         }
 

src/Tools/dotnet-user-secrets/src/Program.cs

@@ -29,6 +29,9 @@ public Program(IConsole console, string workingDirectory)
             _workingDirectory = workingDirectory;
         }
 
+        // For testing.
+        internal string SecretsFilePath { get; private set; }
+
         public bool TryRun(string[] args, out int returnCode)
         {
             try
@@ -91,6 +94,10 @@ internal int RunInternal(params string[] args)
             var store = new SecretsStore(userSecretsId, reporter);
             var context = new Internal.CommandContext(store, reporter, _console);
             options.Command.Execute(context);
+
+            // For testing.
+            SecretsFilePath = store.SecretsFilePath;
+
             return 0;
         }