Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDL | Changing ReadXml to a more secure overload. #2147

Merged
merged 2 commits into from
Sep 14, 2023
Merged

SDL | Changing ReadXml to a more secure overload. #2147

merged 2 commits into from
Sep 14, 2023

Conversation

JRahnama
Copy link
Member

@JRahnama JRahnama commented Sep 5, 2023

Code Analysis detected CA3075, Unsafe overload of 'ReadXml' method, for LoadDataSetFromXml. Changing the XmlRead to a more secure overload will solve that issue, by setting XmlResolver to null.

@JRahnama JRahnama added this to the 5.2.0-preview4 milestone Sep 5, 2023
@codecov
Copy link

codecov bot commented Sep 5, 2023
edited
Loading

Codecov Report

Patch coverage is 100.00% of modified lines.

Files Changed Coverage
...c/Microsoft/Data/ProviderBase/DbMetaDataFactory.cs 100.00%

📢 Thoughts on this report? Let us know!.

@DavoudEshtehari DavoudEshtehari added the 💡 Enhancement New feature request label Sep 11, 2023
@DavoudEshtehari DavoudEshtehari merged commit 816a7d3 into dotnet:main Sep 14, 2023
132 checks passed
@JRahnama JRahnama deleted the sdl/Addressing-insecure-dtd branch March 8, 2024 01:09
dauinsight pushed a commit to dauinsight/SqlClient that referenced this pull request May 7, 2024
@JRahnama @dauinsight
SDL | Changing ReadXml to a more secure overload. (dotnet#2147)
82a2ca1
@dauinsight dauinsight mentioned this pull request May 7, 2024
Merged
dauinsight added a commit that referenced this pull request May 8, 2024
@dauinsight @JRahnama
SDL | Changing ReadXml to a more secure overload. (#2147) (#2490)
3994122 
Co-authored-by: Javad <v-jarahn@microsoft.com>
dauinsight added a commit to dauinsight/SqlClient that referenced this pull request May 16, 2024
@dauinsight @JRahnama
SDL | Changing ReadXml to a more secure overload. (dotnet#2147) (dotn…
c6bc5f3 
…et#2490)

Co-authored-by: Javad <v-jarahn@microsoft.com>
@dauinsight dauinsight mentioned this pull request May 16, 2024
Merged
dauinsight added a commit to dauinsight/SqlClient that referenced this pull request May 17, 2024
@dauinsight
Revert "SDL | Changing ReadXml to a more secure overload. (dotnet#2147)…
3d6f5f1 
… (dotnet#2490)"

This reverts commit c6bc5f3.
dauinsight pushed a commit to dauinsight/SqlClient that referenced this pull request May 17, 2024
@JRahnama @dauinsight
SDL | Changing ReadXml to a more secure overload. (dotnet#2147)
9ec061e
@dauinsight dauinsight mentioned this pull request May 17, 2024
Merged
dauinsight pushed a commit to dauinsight/SqlClient that referenced this pull request May 17, 2024
@JRahnama @dauinsight
SDL | Changing ReadXml to a more secure overload. (dotnet#2147)
575ac0a
@dauinsight dauinsight mentioned this pull request May 17, 2024
Merged
DavoudEshtehari pushed a commit that referenced this pull request May 21, 2024
@dauinsight
SDL | Changing ReadXml to a more secure overload. (#2147) (#2516)
4db5b55
dauinsight added a commit that referenced this pull request May 21, 2024
@dauinsight @JRahnama
SDL | Changing ReadXml to a more secure overload. (#2147) (#2514)
ddc2169 
Co-authored-by: Javad <v-jarahn@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Wraith2 Wraith2 Wraith2 left review comments

@David-Engel David-Engel David-Engel approved these changes

@DavoudEshtehari DavoudEshtehari DavoudEshtehari approved these changes

@arellegue arellegue Awaiting requested review from arellegue

Assignees
No one assigned
Labels
💡 Enhancement New feature request
Projects
None yet
Milestone
5.2.0-preview4
Development

Successfully merging this pull request may close these issues.
4 participants
@JRahnama @Wraith2 @David-Engel @DavoudEshtehari