Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ban XmlReader overloads that take string #9076

Merged
merged 7 commits into from
Aug 2, 2023
Merged

Ban XmlReader overloads that take string #9076

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8ecb49c
Ban XmlReader overloads that take string
rainersigwald Jul 26, 2023
bf6fe87
Add XPathDocument string ctors to banned symbols
JanKrivanek Jul 27, 2023
8591300
fix 2 more cases for XmlReader.Create call
YuliiaKovalova Jul 27, 2023
4ddb752
Update src/Tasks/XamlTaskFactory/RelationsParser.cs
YuliiaKovalova Jul 27, 2023
d03d3c2
fix review comments
YuliiaKovalova Jul 27, 2023
d7b6855
Merge branch 'ban-xmlreader' of https://github.com/rainersigwald/msbu…
YuliiaKovalova Jul 27, 2023
dffb524
Update src/Tasks/XamlTaskFactory/RelationsParser.cs
YuliiaKovalova Aug 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/BannedSymbols.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
M:System.Globalization.CompareInfo.IndexOf(System.String,System.Char);CompareInfo.IndexOf can unexpectedly allocate strings--use string.IndexOf
P:Microsoft.Build.Construction.ProjectElementContainer.Children;Use ChildrenEnumerable instead to avoid boxing
M:System.Xml.XmlReader.Create(System.String);Do not pass paths to XmlReader.Create--use the Stream overload
M:System.Xml.XmlReader.Create(System.String,System.Xml.XmlReaderSettings);Do not pass paths to XmlReader.Create--use the Stream overload
M:System.Xml.XmlReader.Create(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);Do not pass paths to XmlReader.Create--use the Stream overload
M:System.Xml.XPath.XPathDocument.#ctor(System.String);Do not pass string paths to XPathDocument ctor--use the Stream overload
M:System.Xml.XPath.XPathDocument.#ctor(System.String,System.Xml.XmlSpace);Do not pass string paths to XPathDocument ctor--use the Stream overload
8 changes: 5 additions & 3 deletions src/Tasks/GenerateResource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
using Microsoft.Build.Utilities;
#if FEATURE_RESXREADER_LIVEDESERIALIZATION
using Microsoft.Win32;
using System.Windows.Forms;
YuliiaKovalova marked this conversation as resolved.
Show resolved Hide resolved
#endif

#nullable disable
Expand Down Expand Up @@ -1745,9 +1746,10 @@ private bool NeedSeparateAppDomain()

try
{
XmlReaderSettings readerSettings = new XmlReaderSettings();
readerSettings.DtdProcessing = DtdProcessing.Ignore;
reader = XmlReader.Create(source.ItemSpec, readerSettings);
XmlReaderSettings readerSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, CloseInput = true };

FileStream fs = File.OpenRead(source.ItemSpec);
reader = XmlReader.Create(fs, readerSettings);

while (reader.Read())
{
Expand Down
22 changes: 15 additions & 7 deletions src/Tasks/XamlTaskFactory/RelationsParser.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
using System.IO;
using System.Xml;
using Microsoft.Build.Shared;
using Microsoft.Build.Tasks.Deployment.ManifestUtilities;
using Microsoft.IO;
using File = System.IO.File;

#nullable disable

Expand Down Expand Up @@ -174,17 +177,21 @@ internal class RelationsParser
#endregion

/// <summary>
/// The method that loads in an XML file
/// The method that loads in an XML file.
/// </summary>
/// <param name="fileName">the xml file containing switches and properties</param>
private XmlDocument LoadFile(string fileName)
/// <param name="filePath">the xml file containing switches and properties.</param>
private XmlDocument LoadFile(string filePath)
{
try
{
var xmlDocument = new XmlDocument();
XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore };
XmlReader reader = XmlReader.Create(fileName, settings);
xmlDocument.Load(reader);
XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, CloseInput = true };
FileStream fs = File.OpenRead(filePath);
using (XmlReader reader = XmlReader.Create(fs, settings))
{
xmlDocument.Load(reader);
}
YuliiaKovalova marked this conversation as resolved.
Show resolved Hide resolved

YuliiaKovalova marked this conversation as resolved.
Show resolved Hide resolved
return xmlDocument;
}
catch (FileNotFoundException e)
Expand All @@ -211,6 +218,7 @@ internal XmlDocument LoadXml(string xml)
XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore };
XmlReader reader = XmlReader.Create(new StringReader(xml), settings);
YuliiaKovalova marked this conversation as resolved.
Show resolved Hide resolved
xmlDocument.Load(reader);

return xmlDocument;
}
catch (XmlException e)
Expand All @@ -221,7 +229,7 @@ internal XmlDocument LoadXml(string xml)
}

/// <summary>
/// Parses the xml file
/// Parses the xml file.
/// </summary>
public bool ParseXmlDocument(string fileName)
{
Expand Down