Skip to content

Add use with trusted files remark to FileVersionInfo.GetVersionInfo#12641

Open
steveisok wants to merge 2 commits into
dotnet:mainfrom
steveisok:add-note-fileversioninfo
Open

Add use with trusted files remark to FileVersionInfo.GetVersionInfo#12641
steveisok wants to merge 2 commits into
dotnet:mainfrom
steveisok:add-note-fileversioninfo

Conversation

@steveisok
Copy link
Copy Markdown
Member

@steveisok steveisok commented May 21, 2026

Summary

Add a small remark about using trusted files when calling FileVersionInfo.GetVersionInfo.

@steveisok steveisok requested a review from a team as a code owner May 21, 2026 17:03
@steveisok steveisok requested review from Copilot and tommcdon May 21, 2026 17:03
@github-actions github-actions Bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label May 21, 2026
@dotnet-policy-service
Copy link
Copy Markdown
Contributor

dotnet-policy-service Bot commented May 21, 2026

@steveisok - This PR edits one or more files whose 'source of truth' for documentation is not in this repo. Please make documentation updates in the /// comments in the dotnet/runtime repo (or dotnet/extensions repo) instead.

Copilot AI reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the API reference documentation for System.Diagnostics.FileVersionInfo.GetVersionInfo(String) to add a security-focused caution about using the API only with trusted files.

Changes:

  • Added a new “Remarks” section under GetVersionInfo with a [!CAUTION] admonition about trusted files and malformed/malicious inputs.

Comment thread xml/System.Diagnostics/FileVersionInfo.xml Outdated
@steveisok
Potential fix for pull request finding
ba8b2c9 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
tommcdon
tommcdon approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tommcdon tommcdon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

gewarren
gewarren previously approved these changes May 21, 2026
View reviewed changes
@gewarren gewarren dismissed their stale review May 21, 2026 18:23

This library's source of truth is in the ///. Can you add the note there instead?

@steveisok
Copy link
Copy Markdown
Member Author

steveisok commented May 21, 2026

@gewarren I'm not sure where you are suggesting. Can you please clarify?

@gewarren
Copy link
Copy Markdown
Contributor

gewarren commented May 21, 2026

@steveisok Can you add a <remarks> tag here. (Not sure what happened to the code example during the backport to the runtime repo...)

@steveisok
Copy link
Copy Markdown
Member Author

steveisok commented May 21, 2026

@steveisok Can you add a tag here. (Not sure what happened to the code example during the backport to the runtime repo...)

I see - I can push this change in runtime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tommcdon tommcdon tommcdon approved these changes

@gewarren gewarren gewarren left review comments

Assignees

@steveisok steveisok

Labels

needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@steveisok @gewarren @tommcdon