Skip to content

C#: Add manual models for more some XML related classes. #20290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

C#: Add manual models for more some XML related classes. #20290

wants to merge 7 commits into from
+285 −196

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Aug 26, 2025
edited
Loading

Added summary models for System.Xml.XmlReader, System.Xml.XmlTextReader and System.Xml.XmlDictionaryReader.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 26, 2025
edited
Loading

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

csharp

Generated file changes for csharp

  • Changes to framework-coverage-csharp.rst:
-    System,"``System.*``, ``System``",47,12165,54,5
+    System,"``System.*``, ``System``",47,12241,54,5
-    Totals,,107,14429,407,9
+    Totals,,107,14505,407,9
  • Changes to framework-coverage-csharp.csv:
- System,54,47,12165,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5929,6236
+ System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,6003,6238

@michaelnebel michaelnebel force-pushed the csharp/xmldictionaryreader branch from 7b1ddb2 to 81f4f82 Compare August 27, 2025 12:44
@michaelnebel michaelnebel changed the title C#: Add manual models for more XmlDictionaryReader methods. C#: Add manual models for more some XML related classes. Aug 27, 2025
@michaelnebel
Copy link
Contributor Author

DCA looks good. A couple of extra results on mono/mono for some queries that generally produces lots of results. The results are there due to some of the added summaries. The steps doesn't look unsound - so we can accept the results.

@michaelnebel michaelnebel marked this pull request as ready for review August 28, 2025 07:47
@michaelnebel michaelnebel requested a review from a team as a code owner August 28, 2025 07:47
@Copilot Copilot AI review requested due to automatic review settings August 28, 2025 07:47
Copilot
Copilot AI reviewed Aug 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds manual flow models for XML-related classes in the System.Xml namespace to improve dataflow analysis. The goal is to provide comprehensive coverage for XML reading operations that can propagate taint or value flows.

  • Added manual models for System.Xml.XmlReader, System.Xml.XmlTextReader, and System.Xml.XmlDictionaryReader
  • Replaced auto-generated models with manual ones for better precision
  • Added models for constructors, read methods, and property getters

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
System.Xml.model.yml Added 65 new manual flow summary models for XML reader classes
FlowSummaries.expected Updated test expectations with new manual models (added 101 entries, removed 65 auto-generated)
FlowSummariesFiltered.expected Updated filtered test expectations with new manual models (added 37 entries, removed 11 auto-generated)
2025-08-26-xmlreader-models.md Added changelog entry describing the new XML reader models

csharp/ql/lib/ext/System.Xml.model.yml
- ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBase64", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
Copy link
Preview

Copilot AI Aug 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra space before 'manual' - should be single space for consistency with other entries.

Suggested change
- ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]

Copilot uses AI. Check for mistakes.

csharp/ql/lib/ext/System.Xml.model.yml
Comment on lines +116 to +117
- ["System.Xml", "XmlReader", True, "ReadValueChunk", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
Copy link
Preview

Copilot AI Aug 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ReadValueChunk methods appear to have incorrect parameter signature. These methods typically take parameters like (System.Char[], System.Int32, System.Int32) for the output buffer, but the signature shows '()' which suggests no parameters.

Suggested change
- ["System.Xml", "XmlReader", True, "ReadValueChunk", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["System.Xml", "XmlReader", True, "ReadValueChunk", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C# documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michaelnebel