Merged PR 413718: Prep work for 17.2

On Linux, the default /tmp folder is shared across all users and accessible by them. There are some cases in which we put sensitive information in temp and assume it's fine because on Windows, it is. This doesn't actually fix that assumption, since we're currently waiting for a new API that will be introduced in .NET 7 that will make a folder with appropriate permissions. However, this PR changes all the issues Eric Erhardt identified such that they go through a single code path, so to fix the security issue afterwards just requires changing the one place in our code.

It did occur to me that we may not be able to use that API, in which case I can just write something to make a folder with a random name under temp then tweak its permissions.

Author: Nathan Mytelka

eng/Versions.props

@@ -2,7 +2,7 @@
 <!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the MIT license. See License.txt in the project root for full license information. -->
 <Project>
   <PropertyGroup>
-    <VersionPrefix>17.2.1</VersionPrefix><DotNetFinalVersionKind>release</DotNetFinalVersionKind>
+    <VersionPrefix>17.2.2</VersionPrefix><DotNetFinalVersionKind>release</DotNetFinalVersionKind>
     <AssemblyVersion>15.1.0.0</AssemblyVersion>
     <PreReleaseVersionLabel>preview</PreReleaseVersionLabel>
     <DotNetUseShippingVersions>true</DotNetUseShippingVersions>

src/Build.OM.UnitTests/Definition/Project_Tests.cs

@@ -654,9 +654,7 @@ public void TransformsUseCorrectDirectory_Basic()
                 project.ReevaluateIfNecessary();
 
                 project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(
-                    NativeMethodsShared.IsWindows
-                        ? Path.Combine(Path.GetTempPath(), @"obj\i386\foo.dll")
-                        : Path.Combine(Path.GetTempPath(), @"obj/i386/foo.dll"));
+                        Path.Combine(FileUtilities.TempFileDirectory, "obj", "i386", "foo.dll"));
             }
             finally
             {
@@ -721,8 +719,8 @@ public void TransformsUseCorrectDirectory_DirectoryTransform()
                 Project project = new Project(xml);
                 ProjectInstance projectInstance = new ProjectInstance(xml);
 
-                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath(), "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
-                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath(), "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
+                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory, "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
+                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory, "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
             }
             finally
             {
@@ -756,8 +754,8 @@ public void TransformsUseCorrectDirectory_DirectoryItemFunction()
                 Project project = new Project(xml);
                 ProjectInstance projectInstance = new ProjectInstance(xml);
 
-                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath(), "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
-                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath(), "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
+                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory, "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
+                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory, "obj", "i386").Substring(RootPrefixLength) + Path.DirectorySeparatorChar);
             }
             finally
             {
@@ -794,8 +792,8 @@ public void TransformsUseCorrectDirectory_DirectoryNameItemFunction()
                 ProjectInstance projectInstance = new ProjectInstance(xml);
 
                 // Should be the full path to the directory
-                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath() /* remove c:\ */, "obj" + Path.DirectorySeparatorChar + "i386"));
-                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(Path.GetTempPath() /* remove c:\ */, "obj" + Path.DirectorySeparatorChar + "i386"));
+                project.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory /* remove c:\ */, "obj" + Path.DirectorySeparatorChar + "i386"));
+                projectInstance.GetItems("BuiltProjectOutputGroupKeyOutput").First().EvaluatedInclude.ShouldBe(Path.Combine(FileUtilities.TempFileDirectory /* remove c:\ */, "obj" + Path.DirectorySeparatorChar + "i386"));
             }
             finally
             {

src/Build.UnitTests/BackEnd/BuildEventArgTransportSink_Tests.cs

@@ -129,7 +129,7 @@ void TransportDelegate(INodePacket packet)
         [SkipOnTargetFramework(TargetFrameworkMonikers.Netcoreapp, "https://github.com/dotnet/msbuild/issues/282")]
         public void TestShutDown()
         {
-            SendDataDelegate transportDelegate = PacketProcessor;
+            SendDataDelegate transportDelegate = new(PacketProcessor);
             var weakTransportDelegateReference = new WeakReference(transportDelegate);
             var transportSink = new BuildEventArgTransportSink(transportDelegate);
 

src/Build.UnitTests/BackEnd/BuildRequestConfiguration_Tests.cs

@@ -476,6 +476,7 @@ public void TestCache2()
                 Environment.SetEnvironmentVariable("TEMP", problematicTmpPath);
 
                 FileUtilities.ClearCacheDirectoryPath();
+                FileUtilities.ClearTempFileDirectory();
                 string cacheFilePath = configuration.GetCacheFile();
                 Assert.StartsWith(problematicTmpPath, cacheFilePath);
             }
@@ -484,6 +485,7 @@ public void TestCache2()
                 Environment.SetEnvironmentVariable("TMP", originalTmp);
                 Environment.SetEnvironmentVariable("TEMP", originalTemp);
                 FileUtilities.ClearCacheDirectoryPath();
+                FileUtilities.ClearTempFileDirectory();
             }
         }
 

src/Build.UnitTests/BackEnd/DebugUtils_tests.cs

@@ -24,7 +24,7 @@ public void DumpExceptionToFileShouldWriteInTempPathByDefault()
             try
             {
                 ExceptionHandling.DumpExceptionToFile(new Exception("hello world"));
-                exceptionFiles = Directory.GetFiles(Path.GetTempPath(), "MSBuild_*failure.txt");
+                exceptionFiles = Directory.GetFiles(FileUtilities.TempFileDirectory, "MSBuild_*failure.txt");
             }
             finally
             {

src/Build.UnitTests/BackEnd/TargetUpToDateChecker_Tests.cs

@@ -978,7 +978,7 @@ private void SimpleSymlinkInputCheck(DateTime symlinkWriteTime, DateTime targetW
                 _testOutputHelper.WriteLine($"Created input file {inputTarget}");
                 File.SetLastWriteTime(inputTarget, targetWriteTime);
 
-                inputSymlink = FileUtilities.GetTemporaryFile(null, ".linkin", createFile: false);
+                inputSymlink = FileUtilities.GetTemporaryFile(null, null, ".linkin", createFile: false);
 
                 if (!CreateSymbolicLink(inputSymlink, inputTarget, 0))
                 {

src/Build.UnitTests/Construction/SolutionFile_Tests.cs

@@ -141,7 +141,7 @@ public void ParseFirstProjectLine_InvalidProject()
         [Fact]
         public void ParseEtpProject()
         {
-            string proj1Path = Path.Combine(Path.GetTempPath(), "someproj.etp");
+            string proj1Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj.etp");
             try
             {
                 // Create the first .etp project file
@@ -192,8 +192,8 @@ public void ParseEtpProject()
         [Fact]
         public void CanBeMSBuildFile()
         {
-            string proj1Path = Path.Combine(Path.GetTempPath(), "someproj.etp");
-            string proj2Path = Path.Combine(Path.GetTempPath(), "someproja.proj");
+            string proj1Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj.etp");
+            string proj2Path = Path.Combine(FileUtilities.TempFileDirectory, "someproja.proj");
             try
             {
                 // Create the first .etp project file
@@ -317,8 +317,8 @@ public void CanBeMSBuildFileRejectsMSBuildLikeFiles()
         [Fact]
         public void ParseNestedEtpProjectSingleLevel()
         {
-            string proj1Path = Path.Combine(Path.GetTempPath(), "someproj.etp");
-            string proj2Path = Path.Combine(Path.GetTempPath(), "someproj2.etp");
+            string proj1Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj.etp");
+            string proj2Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj2.etp");
             try
             {
                 // Create the first .etp project file
@@ -513,9 +513,9 @@ public void TestVSAndSolutionVersionParsing()
         [Trait("Category", "netcore-linux-failing")]
         public void ParseNestedEtpProjectMultipleLevel()
         {
-            string proj1Path = Path.Combine(Path.GetTempPath(), "someproj.etp");
-            string proj2Path = Path.Combine(Path.GetTempPath(), "someproj2.etp");
-            string proj3Path = Path.Combine(Path.GetTempPath(), "ETPProjUpgradeTest", "someproj3.etp");
+            string proj1Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj.etp");
+            string proj2Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj2.etp");
+            string proj3Path = Path.Combine(FileUtilities.TempFileDirectory, "ETPProjUpgradeTest", "someproj3.etp");
             try
             {
                 // Create the first .etp project file
@@ -567,7 +567,7 @@ public void ParseNestedEtpProjectMultipleLevel()
                     </GENERAL>
                 </EFPROJECT>";
                 // Create the directory for the third project
-                Directory.CreateDirectory(Path.Combine(Path.GetTempPath(), "ETPProjUpgradeTest"));
+                Directory.CreateDirectory(Path.Combine(FileUtilities.TempFileDirectory, "ETPProjUpgradeTest"));
                 File.WriteAllText(proj3Path, etpProjContent);
 
                 // Create the SolutionFile object
@@ -602,7 +602,7 @@ public void ParseNestedEtpProjectMultipleLevel()
         [Fact]
         public void MalformedEtpProjFile()
         {
-            string proj1Path = Path.Combine(Path.GetTempPath(), "someproj.etp");
+            string proj1Path = Path.Combine(FileUtilities.TempFileDirectory, "someproj.etp");
             try
             {
                 // Create the .etp project file

src/Build.UnitTests/Construction/SolutionProjectGenerator_Tests.cs

@@ -695,7 +695,7 @@ public void SolutionConfigurationWithDependencies()
   <ProjectConfiguration Project=`{{786E302A-96CE-43DC-B640-D6B6CC9BF6C0}}` AbsolutePath=`##temp##{Path.Combine("Project1", "A.csproj")}` BuildProjectInSolution=`True`>Debug|AnyCPU</ProjectConfiguration>
   <ProjectConfiguration Project=`{{881C1674-4ECA-451D-85B6-D7C59B7F16FA}}` AbsolutePath=`##temp##{Path.Combine("Project2", "B.csproj")}` BuildProjectInSolution=`True`>Debug|AnyCPU<ProjectDependency Project=`{{4A727FF8-65F2-401E-95AD-7C8BBFBE3167}}` /></ProjectConfiguration>
   <ProjectConfiguration Project=`{{4A727FF8-65F2-401E-95AD-7C8BBFBE3167}}` AbsolutePath=`##temp##{Path.Combine("Project3", "C.csproj")}` BuildProjectInSolution=`True`>Debug|AnyCPU</ProjectConfiguration>
-</SolutionConfiguration>".Replace("`", "\"").Replace("##temp##", Path.GetTempPath());
+</SolutionConfiguration>".Replace("`", "\"").Replace("##temp##", FileUtilities.TempFileDirectory);
 
             Helpers.VerifyAssertLineByLine(expected, solutionConfigurationContents);
         }
@@ -935,14 +935,14 @@ public void TestAddPropertyGroupForSolutionConfiguration()
             msbuildProject.ReevaluateIfNecessary();
 
             string solutionConfigurationContents = msbuildProject.GetPropertyValue("CurrentSolutionConfigurationContents");
-            string tempProjectPath = Path.Combine(Path.GetTempPath(), "ClassLibrary1", "ClassLibrary1.csproj");
+            string tempProjectPath = Path.Combine(FileUtilities.TempFileDirectory, "ClassLibrary1", "ClassLibrary1.csproj");
 
             Assert.Contains("{6185CC21-BE89-448A-B3C0-D1C27112E595}", solutionConfigurationContents);
             tempProjectPath = Path.GetFullPath(tempProjectPath);
             Assert.True(solutionConfigurationContents.IndexOf(tempProjectPath, StringComparison.OrdinalIgnoreCase) > 0);
             Assert.Contains("CSConfig1|AnyCPU", solutionConfigurationContents);
 
-            tempProjectPath = Path.Combine(Path.GetTempPath(), "MainApp", "MainApp.vcxproj");
+            tempProjectPath = Path.Combine(FileUtilities.TempFileDirectory, "MainApp", "MainApp.vcxproj");
             tempProjectPath = Path.GetFullPath(tempProjectPath);
             Assert.Contains("{A6F99D27-47B9-4EA4-BFC9-25157CBDC281}", solutionConfigurationContents);
             Assert.True(solutionConfigurationContents.IndexOf(tempProjectPath, StringComparison.OrdinalIgnoreCase) > 0);

src/Build.UnitTests/Evaluation/Expander_Tests.cs

@@ -3040,7 +3040,7 @@ public void PropertyFunctionStaticMethodEnumArgument()
         [Fact]
         public void PropertyFunctionStaticMethodDirectoryNameOfFileAbove()
         {
-            string tempPath = Path.GetTempPath();
+            string tempPath = FileUtilities.TempFileDirectory;
             string tempFile = Path.GetFileName(FileUtilities.GetTemporaryFile());
 
             try
@@ -3078,7 +3078,7 @@ public void PropertyFunctionStaticMethodGetPathOfFileAbove()
             //
             MockElementLocation mockElementLocation = new MockElementLocation(Path.Combine(ObjectModelHelpers.TempProjectDir, "one", "two", "three", "four", "five", Path.GetRandomFileName()));
 
-            string fileToFind = FileUtilities.GetTemporaryFile(ObjectModelHelpers.TempProjectDir, ".tmp");
+            string fileToFind = FileUtilities.GetTemporaryFile(ObjectModelHelpers.TempProjectDir, null, ".tmp");
 
             try
             {

src/Build/BackEnd/BuildManager/BuildManager.cs

@@ -398,6 +398,14 @@ public DeferredBuildMessage(string text, MessageImportance importance)
         /// <exception cref="InvalidOperationException">Thrown if a build is already in progress.</exception>
         public void BeginBuild(BuildParameters parameters, IEnumerable<DeferredBuildMessage> deferredBuildMessages)
         {
+            // TEMP can be modified from the environment. Most of Traits is lasts for the duration of the process (with a manual reset for tests)
+            // and environment variables we use as properties are stored in a dictionary at the beginning of the build, so they also cannot be
+            // changed during a build. Some of our older stuff uses live environment variable checks. The TEMP directory previously used a live
+            // environment variable check, but it now uses a cached value. Nevertheless, we should support changing it between builds, so reset
+            // it here in case the user is using Visual Studio or the MSBuild server, as those each last for multiple builds without changing
+            // BuildManager.
+            FileUtilities.ClearTempFileDirectory();
+
             // deferredBuildMessages cannot be an optional parameter on a single BeginBuild method because it would break binary compatibility.
             _deferredBuildMessages = deferredBuildMessages;
             BeginBuild(parameters);