Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

CA2234: Pass System.Uri objects instead of strings

TypeName

PassSystemUriObjectsInsteadOfStrings

CheckId

CA2234

Category

Microsoft.Usage

Breaking Change

Non Breaking

A call is made to a method that has a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url"; and the declaring type of the method contains a corresponding method overload that has a System::Uri parameter.

A parameter name is split into tokens based on the camel casing convention, and then each token is checked to see whether it equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the parameter is assumed to represent a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The Uri class provides these services in a safe and secure manner. When there is a choice between two overloads that differ only regarding the representation of a URI, the user should choose the overload that takes a Uri argument.

To fix a violation of this rule, call the overload that takes the Uri argument.

It is safe to suppress a warning from this rule if the string parameter does not represent a URI.

The following example shows a method, ErrorProne, which violates the rule and a method, SaferWay, which correctly calls the Uri overload.

#using <system.dll>
using namespace System;

namespace DesignLibrary
{
   ref class History
   {
   public:
      void AddToHistory(String^ uriString) {}
      void AddToHistory(Uri^ uriType) {}
   };

   public ref class Browser
   {
      History^ uriHistory;

   public:
      Browser()
      {
         uriHistory = gcnew History();
      }

      void ErrorProne()
      {
         uriHistory->AddToHistory("http://www.adventure-works.com");
      }

      void SaferWay()
      {
         try
         {
            Uri^ newUri = gcnew Uri("http://www.adventure-works.com");
            uriHistory->AddToHistory(newUri);
         }
         catch(UriFormatException^ uriException) {}
      }
   };
}
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.