search

dotnet / msbuild

The Microsoft Build Engine (MSBuild) is the build platform for .NET and Visual Studio.
https://docs.microsoft.com/visualstudio/msbuild/msbuild
MIT License
5.17k stars 1.34k forks source link

[Bug]: XmlPeek Result output item not properly escaped #10313

Open hickford opened 1 week ago

hickford commented 1 week ago

Issue Description

It looks like XmlPeek Result output item metadata is not properly escaped.

Steps to Reproduce

Create an XML document doc.xml with text content that happens to use MSBuild special characters:

<Root>
    <Key>abcdefg</Key>
    <Key>a$(d)fg</Key>
    <Key>a$(d.f)</Key>
</Root>

Run msbuild project.proj project.proj that uses XmlPeek to query and print the three keys:

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
    <Target Name="Build">
        <XmlPeek XmlInputPath="doc.xml" Query="//Key/text()">
            <Output TaskParameter="Result" PropertyName="Key" />
            <Output TaskParameter="Result" ItemName="Keys" />
        </XmlPeek>
        <Message Text="Key=$(Key)" />
        <Message Text="Keys (expanded)=@(Keys)" />
        <Message Text="Keys (individual)=%(Keys.Identity)" />
    </Target>
</Project>

Expected Behavior

Prints verbatim text content from XML file. 

Key=abcdefg;a$(d)fg;a$(d.f)
Keys (expanded)=abcdefg;a$(d)fg;a$(d.f)
Keys (individual)=abcdefg
Keys (individual)=a$(d)fg
Keys (individual)=a$(d.f)

Actual Behavior

Prints verbatim text content for property and expanded item, but tries to interpret item metadata as MSBuild property. This is inconsistent and confusing.

Key=abcdefg;a$(d)fg;a$(d.f)
Keys (expanded)=abcdefg;a$(d)fg;a$(d.f)
Keys (individual)=abcdefg
Keys (individual)=afg

and gives error:

error MSB4184: The expression """.f" cannot be evaluated. Method 'System.String.f' not found.

Analysis

No response

Versions & Configurations

MSBuild version 17.10.4+10fbfbf2e for .NET Framework
17.10.4.21802
hickford commented 1 week ago

The bug does not occur with Item elements. Of course, you have to escape the MSBuild special characters:

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
    <Target Name="Build">
        <ItemGroup>
            <Keys Include="abcdefg;a%24%28d%29fg;a%24%28d.f%29" />
        </ItemGroup>
        <Message Text="Keys (expanded)=@(Keys)" />
        <Message Text="Keys (individual)=%(Keys.Identity)" />
    </Target>
</Project>
hickford commented 1 week ago

Here's the offending code: XmlPeek neglects to escape the item:

https://github.com/dotnet/msbuild/blob/049835be350eb60f66b63e2e9adbd89094b4b127/src/Tasks/XmlPeek.cs#L153

https://github.com/dotnet/msbuild/blob/049835be350eb60f66b63e2e9adbd89094b4b127/src/Utilities/TaskItem.cs#L73-L76