Improve ApplicationTemp's temporary directory creation

Closes gh-50170

Author: wilkinsona

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/system/ApplicationTemp.java

@@ -18,13 +18,17 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.FileSystem;
 import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFileAttributes;
 import java.nio.file.attribute.PosixFilePermission;
 import java.nio.file.attribute.PosixFilePermissions;
+import java.nio.file.attribute.UserPrincipal;
 import java.security.MessageDigest;
 import java.util.EnumSet;
 import java.util.HexFormat;
@@ -54,6 +58,8 @@ public class ApplicationTemp {
 
 	private final Lock pathLock = new ReentrantLock();
 
+	private final UserPrincipal directoryOwner;
+
 	private volatile Path path;
 
 	/**
@@ -69,6 +75,22 @@ public ApplicationTemp() {
 	 */
 	public ApplicationTemp(Class<?> sourceClass) {
 		this.sourceClass = sourceClass;
+		this.directoryOwner = directoryOwner();
+	}
+
+	private static UserPrincipal directoryOwner() {
+		try {
+			Path tempFile = Files.createTempFile("application-temp", "-owner");
+			UserPrincipal owner = Files.getOwner(tempFile);
+			Files.delete(tempFile);
+			return owner;
+		}
+		catch (UnsupportedOperationException ex) {
+			return null;
+		}
+		catch (IOException ex) {
+			throw new UncheckedIOException(ex);
+		}
 	}
 
 	@Override
@@ -111,8 +133,28 @@ private Path getPath() {
 
 	private Path createDirectory(Path path) {
 		try {
-			if (!Files.exists(path)) {
-				Files.createDirectory(path, getFileAttributes(path.getFileSystem(), DIRECTORY_PERMISSIONS));
+			FileSystem fileSystem = path.getFileSystem();
+			if (!Files.exists(path, LinkOption.NOFOLLOW_LINKS)) {
+				Files.createDirectory(path, asFileAttributes(fileSystem, DIRECTORY_PERMISSIONS));
+			}
+			else {
+				if (supportsPosixView(fileSystem)) {
+					PosixFileAttributes attributes = Files.readAttributes(path, PosixFileAttributes.class,
+							LinkOption.NOFOLLOW_LINKS);
+					Assert.state(attributes.isDirectory(),
+							() -> "'" + path + "' already exists but it is not a directory");
+					Assert.state(DIRECTORY_PERMISSIONS.equals(attributes.permissions()), () -> "Existing directory '"
+							+ path + "' does not have the permissions " + DIRECTORY_PERMISSIONS);
+					assertDirectoryOwnership(attributes.owner(), path);
+				}
+				else {
+					try {
+						assertDirectoryOwnership(Files.getOwner(path, LinkOption.NOFOLLOW_LINKS), path);
+					}
+					catch (UnsupportedOperationException ex) {
+						// Ownership check not supported. Continue.
+					}
+				}
 			}
 			return path;
 		}
@@ -121,13 +163,22 @@ private Path createDirectory(Path path) {
 		}
 	}
 
-	private FileAttribute<?>[] getFileAttributes(FileSystem fileSystem, EnumSet<PosixFilePermission> ownerReadWrite) {
-		if (!fileSystem.supportedFileAttributeViews().contains("posix")) {
+	private void assertDirectoryOwnership(UserPrincipal owner, Path path) {
+		Assert.state((this.directoryOwner == null) || this.directoryOwner.equals(owner),
+				() -> "Existing directory '" + path + "' is not owned by " + this.directoryOwner.getName());
+	}
+
+	private FileAttribute<?>[] asFileAttributes(FileSystem fileSystem, EnumSet<PosixFilePermission> ownerReadWrite) {
+		if (!supportsPosixView(fileSystem)) {
 			return NO_FILE_ATTRIBUTES;
 		}
 		return new FileAttribute<?>[] { PosixFilePermissions.asFileAttribute(ownerReadWrite) };
 	}
 
+	private boolean supportsPosixView(FileSystem fileSystem) {
+		return fileSystem.supportedFileAttributeViews().contains("posix");
+	}
+
 	private Path getTempDirectory() {
 		String property = System.getProperty("java.io.tmpdir");
 		Assert.state(StringUtils.hasLength(property), "No 'java.io.tmpdir' property set");

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/system/ApplicationTempTests.java

@@ -23,6 +23,7 @@
 import java.nio.file.Path;
 import java.nio.file.attribute.PosixFileAttributeView;
 import java.nio.file.attribute.PosixFilePermission;
+import java.util.EnumSet;
 import java.util.Set;
 
 import org.junit.jupiter.api.AfterEach;
@@ -32,6 +33,7 @@
 import org.springframework.util.FileSystemUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * Tests for {@link ApplicationTemp}.
@@ -85,6 +87,29 @@ void posixPermissions() throws IOException {
 		}
 	}
 
+	@Test
+	void whenDirectoryExistsWithWrongPermissionsGetDirThrows() throws IOException {
+		ApplicationTemp temp = new ApplicationTemp();
+		Path path = temp.getDir().toPath();
+		Files.getFileAttributeView(path, PosixFileAttributeView.class)
+			.setPermissions(EnumSet.allOf(PosixFilePermission.class));
+		assertThatIllegalStateException().isThrownBy(new ApplicationTemp()::getDir)
+			.withMessageContaining("does not have the permissions");
+		FileSystemUtils.deleteRecursively(path);
+	}
+
+	@Test
+	void whenSymlinkExistsInDirectoryLocationGetDirThrows() throws IOException {
+		ApplicationTemp temp = new ApplicationTemp();
+		Path path = temp.getDir().toPath();
+		FileSystemUtils.deleteRecursively(path);
+		Path linkTarget = Files.createTempDirectory("application-test-tests");
+		Files.createSymbolicLink(path, linkTarget);
+		assertThatIllegalStateException().isThrownBy(new ApplicationTemp()::getDir)
+			.withMessageContaining("already exists but it is not a directory");
+		FileSystemUtils.deleteRecursively(path);
+	}
+
 	private void assertDirectoryPermissions(Path path) throws IOException {
 		Set<PosixFilePermission> permissions = Files.getFileAttributeView(path, PosixFileAttributeView.class)
 			.readAttributes()