diff --git a/src/BannedSymbols.txt b/src/BannedSymbols.txt
index f11ba0906af..c369fe9d42b 100644
--- a/src/BannedSymbols.txt
+++ b/src/BannedSymbols.txt
@@ -1,2 +1,7 @@
M:System.Globalization.CompareInfo.IndexOf(System.String,System.Char);CompareInfo.IndexOf can unexpectedly allocate strings--use string.IndexOf
P:Microsoft.Build.Construction.ProjectElementContainer.Children;Use ChildrenEnumerable instead to avoid boxing
+M:System.Xml.XmlReader.Create(System.String);Do not pass paths to XmlReader.Create--use the Stream overload
+M:System.Xml.XmlReader.Create(System.String,System.Xml.XmlReaderSettings);Do not pass paths to XmlReader.Create--use the Stream overload
+M:System.Xml.XmlReader.Create(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);Do not pass paths to XmlReader.Create--use the Stream overload
+M:System.Xml.XPath.XPathDocument.#ctor(System.String);Do not pass string paths to XPathDocument ctor--use the Stream overload
+M:System.Xml.XPath.XPathDocument.#ctor(System.String,System.Xml.XmlSpace);Do not pass string paths to XPathDocument ctor--use the Stream overload
diff --git a/src/Tasks/GenerateResource.cs b/src/Tasks/GenerateResource.cs
index 535e0a3dd2d..3c198c1d512 100644
--- a/src/Tasks/GenerateResource.cs
+++ b/src/Tasks/GenerateResource.cs
@@ -1745,9 +1745,10 @@ private bool NeedSeparateAppDomain()
try
{
- XmlReaderSettings readerSettings = new XmlReaderSettings();
- readerSettings.DtdProcessing = DtdProcessing.Ignore;
- reader = XmlReader.Create(source.ItemSpec, readerSettings);
+ XmlReaderSettings readerSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, CloseInput = true };
+
+ FileStream fs = File.OpenRead(source.ItemSpec);
+ reader = XmlReader.Create(fs, readerSettings);
while (reader.Read())
{
diff --git a/src/Tasks/ManifestUtil/XmlUtil.cs b/src/Tasks/ManifestUtil/XmlUtil.cs
index e2360d23b24..ca35d8090a0 100644
--- a/src/Tasks/ManifestUtil/XmlUtil.cs
+++ b/src/Tasks/ManifestUtil/XmlUtil.cs
@@ -97,36 +97,38 @@ public static Stream XslTransform(string resource, Stream input, params Dictiona
Util.CopyStream(input, clonedInput);
int t4 = Environment.TickCount;
- XmlReader xml = XmlReader.Create(clonedInput);
- Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "new XmlReader(2) t={0}", Environment.TickCount - t4));
-
- XsltArgumentList args = null;
- if (entries.Length > 0)
+ using (XmlReader reader = XmlReader.Create(clonedInput))
{
- args = new XsltArgumentList();
- foreach (DictionaryEntry entry in entries)
+ Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "new XmlReader(2) t={0}", Environment.TickCount - t4));
+
+ XsltArgumentList args = null;
+ if (entries.Length > 0)
{
- string key = entry.Key.ToString();
- object val = entry.Value.ToString();
- args.AddParam(key, "", val);
- Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "arg: key='{0}' value='{1}'", key, val.ToString()));
+ args = new XsltArgumentList();
+ foreach (DictionaryEntry entry in entries)
+ {
+ string key = entry.Key.ToString();
+ object val = entry.Value.ToString();
+ args.AddParam(key, "", val);
+ Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "arg: key='{0}' value='{1}'", key, val.ToString()));
+ }
}
- }
- var m = new MemoryStream();
- var w = new XmlTextWriter(m, Encoding.UTF8);
- w.WriteStartDocument();
+ var m = new MemoryStream();
+ var w = new XmlTextWriter(m, Encoding.UTF8);
+ w.WriteStartDocument();
- int t5 = Environment.TickCount;
- xslc.Transform(xml, args, w, s_resolver);
- Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "XslCompiledTransform.Transform t={0}", Environment.TickCount - t4));
+ int t5 = Environment.TickCount;
+ xslc.Transform(reader, args, w, s_resolver);
+ Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "XslCompiledTransform.Transform t={0}", Environment.TickCount - t4));
- w.WriteEndDocument();
- w.Flush();
- m.Position = 0;
+ w.WriteEndDocument();
+ w.Flush();
+ m.Position = 0;
- Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "XslCompiledTransform(\"{0}\") t={1}", resource, Environment.TickCount - t1));
- return m;
+ Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "XslCompiledTransform(\"{0}\") t={1}", resource, Environment.TickCount - t1));
+ return m;
+ }
}
private class ResourceResolver : XmlUrlResolver
diff --git a/src/Tasks/ManifestUtil/mansign2.cs b/src/Tasks/ManifestUtil/mansign2.cs
index ef14371aa36..3b19aee2b1e 100644
--- a/src/Tasks/ManifestUtil/mansign2.cs
+++ b/src/Tasks/ManifestUtil/mansign2.cs
@@ -612,8 +612,10 @@ private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldF
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
- XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI);
- normalizedDom.Load(reader);
+ using (XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI))
+ {
+ normalizedDom.Load(reader);
+ }
}
XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
diff --git a/src/Tasks/XamlTaskFactory/RelationsParser.cs b/src/Tasks/XamlTaskFactory/RelationsParser.cs
index f9734a9720f..8ef3dee1bf3 100644
--- a/src/Tasks/XamlTaskFactory/RelationsParser.cs
+++ b/src/Tasks/XamlTaskFactory/RelationsParser.cs
@@ -6,6 +6,9 @@
using System.IO;
using System.Xml;
using Microsoft.Build.Shared;
+using Microsoft.Build.Tasks.Deployment.ManifestUtilities;
+using Microsoft.IO;
+using File = System.IO.File;
#nullable disable
@@ -174,17 +177,19 @@ internal class RelationsParser
#endregion
///
- /// The method that loads in an XML file
+ /// The method that loads in an XML file.
///
- /// the xml file containing switches and properties
- private XmlDocument LoadFile(string fileName)
+ /// the xml file containing switches and properties.
+ private XmlDocument LoadFile(string filePath)
{
try
{
var xmlDocument = new XmlDocument();
- XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore };
- XmlReader reader = XmlReader.Create(fileName, settings);
+ XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, CloseInput = true };
+ FileStream fs = File.OpenRead(filePath);
+ using XmlReader reader = XmlReader.Create(fs, settings);
xmlDocument.Load(reader);
+
return xmlDocument;
}
catch (FileNotFoundException e)
@@ -209,9 +214,12 @@ internal XmlDocument LoadXml(string xml)
{
var xmlDocument = new XmlDocument();
XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore };
- XmlReader reader = XmlReader.Create(new StringReader(xml), settings);
- xmlDocument.Load(reader);
- return xmlDocument;
+ using (XmlReader reader = XmlReader.Create(new StringReader(xml), settings))
+ {
+ xmlDocument.Load(reader);
+
+ return xmlDocument;
+ }
}
catch (XmlException e)
{
@@ -221,7 +229,7 @@ internal XmlDocument LoadXml(string xml)
}
///
- /// Parses the xml file
+ /// Parses the xml file.
///
public bool ParseXmlDocument(string fileName)
{
diff --git a/src/Tasks/XslTransformation.cs b/src/Tasks/XslTransformation.cs
index c2829bd8851..f5e09078922 100644
--- a/src/Tasks/XslTransformation.cs
+++ b/src/Tasks/XslTransformation.cs
@@ -201,7 +201,7 @@ public override bool Execute()
/// Takes the raw XML and loads XsltArgumentList
///
/// The raw XML that holds each parameter as
- /// XsltArgumentList
+ /// XsltArgumentList.
private static XsltArgumentList ProcessXsltArguments(string xsltParametersXml)
{
XsltArgumentList arguments = new XsltArgumentList();
@@ -214,8 +214,10 @@ private static XsltArgumentList ProcessXsltArguments(string xsltParametersXml)
try
{
XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore };
- XmlReader reader = XmlReader.Create(new StringReader("" + xsltParametersXml + ""), settings);
- doc.Load(reader);
+ using (XmlReader reader = XmlReader.Create(new StringReader("" + xsltParametersXml + ""), settings))
+ {
+ doc.Load(reader);
+ }
}
catch (XmlException xe)
{