Visual Studio Team System
Specify StringComparison

TypeName

SpecifyStringComparison

CheckId

CA1307

Category

Microsoft.Globalization

Breaking Change

Non Breaking

Cause

A string comparison operation uses a method overload that does not set a StringComparison parameter.

Rule Description

Many string operations, most important the Compare and Equals methods, provide an overload that accepts a StringComparison enumeration value as a parameter.

Whenever an overload exists that takes a StringComparison parameter, it should be used instead of an overload that does not take this parameter. By explicitly setting this parameter, your code is often made clearer and easier to maintain.

How to Fix Violations

To fix a violation of this rule, change string comparison methods to overloads that accept the StringComparison enumeration as a parameter. For example: change String.Compare(str1, str2) to String.Compare(str1, str2, StringComparison.Ordinal).

When to Suppress Warnings

It is safe to suppress a warning from this rule when the library or application is intended for a limited local audience and will therefore not be localized.

See Also

Reference

Use ordinal StringComparison

Other Resources

Globalization Warnings
Tags :


Community Content

David M. Kean - MSFT
'When to Suppress Warning' is incorrect

It is safe to suppress a warning from this rule when the library or application is intended for a limited local audience and will therefore not be localized.

This is actually incorrect. If making security decisions based on the result or doing path comparisons, you should explicitly specify a string comparison, passing one of StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase.

The following example shows a method that incorrectly compares the start of an URL:

[C#]
 
using System;
using System.Globalization;
using System.Threading;
 
namespace Samples
{
    class Program
    {
        static void Main(string[] args)
        {  
            Thread.CurrentThread.CurrentCulture = new CultureInfo("tr-TR");
 
            string url = "file:///C|/MyFile.txt";
            if (string.Compare(url, 0, "FILE:", 0, 5, true) == 0)
            {
                Console.WriteLine("File path");
            }
            else
            {
                Console.WriteLine("Something else");
            }
        }
    }
}


The above outputs the following:

Something else

To fix the above violation specify StringComparison.OrdinalIgnoreCase.

The following example shows this.

[C#]
 
using System;
using System.Globalization;
using System.Threading;
 
namespace Samples
{
    class Program
    {
        static void Main(string[] args)
        {
            Thread.CurrentThread.CurrentCulture = new CultureInfo("tr-TR");
 
            string url = "file:///C|/MyFile.txt";
 
            if (string.Compare(url, 0, "FILE:", 0, 5, StringComparison.OrdinalIgnoreCase) == 0)
            {
                Console.WriteLine("File path");
            }
            else
            {
                Console.WriteLine("Something else");
            }
        }
    }
}

The above outputs the following:

File path
Tags :

David M. Kean - MSFT
More information

By default, most of the comparison methods on the String class (such as String.Compare) perform a linguistic comparison. This is in constrast to String.Equals, which, by default, performs a non-linguistic (ordinal) comparison.
Because these linguistic comparisons use the thread's current culture (retrieved from CultureInfo.CurrentCulture), their behavior can vary based on the current user's locale settings. To make it clear which comparison method a particular call site makes, use an overload that takes a StringComparison value. This is especially important if comparing paths, registry keys, environment variables, or making security decisions based on the result.

For more information, see the following article:

New Recommendations for Using Strings in Microsoft .NET 2.0
http://msdn2.microsoft.com/en-us/library/ms973919.aspx

Tags :

Page view tracker