C#: Add manual models for more some XML related classes.

[michaelnebel]

Added summary models for System.Xml.XmlReader, System.Xml.XmlTextReader and System.Xml.XmlDictionaryReader.

[github-actions]

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

csharp

Generated file changes for csharp

• Changes to framework-coverage-csharp.rst:

-    System,"``System.*``, ``System``",47,12165,54,5
+    System,"``System.*``, ``System``",47,12241,54,5
-    Totals,,107,14429,407,9
+    Totals,,107,14505,407,9

• Changes to framework-coverage-csharp.csv:

- System,54,47,12165,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5929,6236
+ System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,6003,6238

[michaelnebel]

DCA looks good. A couple of extra results on mono/mono for some queries that generally produces lots of results. The results are there due to some of the added summaries. The steps doesn't look unsound - so we can accept the results.

[Copilot]

Pull Request Overview

This PR adds manual flow models for XML-related classes in the System.Xml namespace to improve dataflow analysis. The goal is to provide comprehensive coverage for XML reading operations that can propagate taint or value flows.

• Added manual models for System.Xml.XmlReader, System.Xml.XmlTextReader, and System.Xml.XmlDictionaryReader
• Replaced auto-generated models with manual ones for better precision
• Added models for constructors, read methods, and property getters

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
System.Xml.model.yml	Added 65 new manual flow summary models for XML reader classes
FlowSummaries.expected	Updated test expectations with new manual models (added 101 entries, removed 65 auto-generated)
FlowSummariesFiltered.expected	Updated filtered test expectations with new manual models (added 37 entries, removed 11 auto-generated)
2025-08-26-xmlreader-models.md	Added changelog entry describing the new XML reader models

[Copilot]

The ReadValueChunk methods appear to have incorrect parameter signature. These methods typically take parameters like (System.Char[], System.Int32, System.Int32) for the output buffer, but the signature shows '()' which suggests no parameters.

Suggested change

	- ["System.Xml", "XmlReader", True, "ReadValueChunk", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
	- ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
	- ["System.Xml", "XmlReader", True, "ReadValueChunk", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
	- ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]

[hvitved]

Looks like copilot is right?

[michaelnebel]

Yes, it does. We even have a neutral generated model with the correct signature.

[michaelnebel]

Mostly I try and copy the signatures from the neutral models (to avoid such mistakes) - so I don't know how this one slipped.

[michaelnebel]

DCA still looks good.
Compared to the last run we now also see some new results for cs/assembly-path-injection and cs/log-forging and the paths for these use models from this PR. I suspect this is due to other dataflow improvements (which in conjunction with the new models yields even more results).

The failing change note validation is unrelated to this PR.