Resolve fortify defects missed in 13b9701 (#116)

8 years ago · ad70f7ba73
parent 3c672416f1
commit ad70f7ba73
2 changed files with 11 additions and 3 deletions
--- a/src/Catalog/Helpers/Utils.cs
+++ b/src/Catalog/Helpers/Utils.cs
@ -133,9 +133,13 @@ private static XDocument SafeXmlTransform(XmlReader reader, XslCompiledTransform
        private static XslCompiledTransform SafeLoadXslTransform(string resourceName)
        {
            var transform = new XslCompiledTransform();
-            
+
            // CodeAnalysis / XmlReader.Create: provide settings instance and set resolver property to null or instance
-            var reader = XmlReader.Create(new StreamReader(GetResourceStream(resourceName)), new XmlReaderSettings());
+            var settings = new XmlReaderSettings
            {
                XmlResolver = null
            };
            var reader = XmlReader.Create(new StreamReader(GetResourceStream(resourceName)), settings);
            // CodeAnalysis / XslCompiledTransform.Load: specify default settings or set resolver property to null or instance
            transform.Load(reader, XsltSettings.Default, stylesheetResolver: null);
--- a/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs
+++ b/tests/NuGet.Services.BasicSearchTests/TestSupport/StartedWebApp.cs
@ -90,7 +90,11 @@ private static T ReadFromXml<T>(string path)
            using (var stream = new FileStream(path, FileMode.Open, FileAccess.Read))
            {
                // CodeAnalysis / XmlReader.Create: provide settings instance and set resolver property to null or instance
-                var reader = XmlReader.Create(stream, new XmlReaderSettings());
+                var settings = new XmlReaderSettings()
                {
                    XmlResolver = null
                };
                var reader = XmlReader.Create(stream, settings);
                return (T)xmlSerializer.Deserialize(reader);
            }
        }