URI parameters should not be strings
Collapse the table of content
Expand the table of content

Uri parameters should not be strings







Breaking Change


A type declares a method with a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url"; and the type does not declare a corresponding overload that takes a System.Uri parameter.

This rule splits the parameter name into tokens based on the camel casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the parameter represents a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the Uri class, which provides these services in a safe and secure manner.

To fix a violation of this rule, change the parameter to a Uri type; this is a breaking change. Alternately, provide an overload of the method which takes a Uri parameter; this is a non-breaking change.

It is safe to exclude a warning from this rule if the parameter does not represent a URI.

The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

#using <system.dll>
using namespace System;

namespace DesignLibrary
   public ref class ErrorProne
      // Violates rule UriPropertiesShouldNotBeStrings.
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings.
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
         return "http://www.adventure-works.com";

   public ref class SaferWay
      // To retrieve a string, call SomeUri()->ToString().
      // To set using a string, call SomeUri(gcnew Uri(string)).
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
         return gcnew Uri("http://www.adventure-works.com");

Community Additions

© 2016 Microsoft