From ad70f7ba7306bd92a6cc274a0aa1ae0f28aa4a6f Mon Sep 17 00:00:00 2001
From: Christy Henriksson <chenriks@microsoft.com>
Date: Mon, 6 Feb 2017 10:35:46 -0800
Subject: [PATCH] Resolve fortify defects missed in 13b9701 (#116)

---
 src/Catalog/Helpers/Utils.cs                              | 8 ++++++--
 .../TestSupport/StartedWebApp.cs                          | 6 +++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/Catalog/Helpers/Utils.cs b/src/Catalog/Helpers/Utils.cs
index e8230fad6..c43ab266c 100644
--- a/src/Catalog/Helpers/Utils.cs
+++ b/src/Catalog/Helpers/Utils.cs
@@ -133,9 +133,13 @@ private static XDocument SafeXmlTransform(XmlReader reader, XslCompiledTransform
         private static XslCompiledTransform SafeLoadXslTransform(string resourceName)
         {
             var transform = new XslCompiledTransform();
-            
+
             // CodeAnalysis / XmlReader.Create: provide settings instance and set resolver property to null or instance
-            var reader = XmlReader.Create(new StreamReader(GetResourceStream(resourceName)), new XmlReaderSettings());
+            var settings = new XmlReaderSettings
+            {
+                XmlResolver = null
+            };
+            var reader = XmlReader.Create(new StreamReader(GetResourceStream(resourceName)), settings);
 
             // CodeAnalysis / XslCompiledTransform.Load: specify default settings or set resolver property to null or instance
             transform.Load(reader, XsltSettings.Default, stylesheetResolver: null);
diff --git a/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs b/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs
index bc04e40b8..5d58be5cb 100644
--- a/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs
+++ b/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs
@@ -90,7 +90,11 @@ private static T ReadFromXml<T>(string path)
             using (var stream = new FileStream(path, FileMode.Open, FileAccess.Read))
             {
                 // CodeAnalysis / XmlReader.Create: provide settings instance and set resolver property to null or instance
-                var reader = XmlReader.Create(stream, new XmlReaderSettings());
+                var settings = new XmlReaderSettings()
+                {
+                    XmlResolver = null
+                };
+                var reader = XmlReader.Create(stream, settings);
                 return (T)xmlSerializer.Deserialize(reader);
             }
         }