CA1054: URI parameters should not be strings

 

For the latest documentation on Visual Studio 2017 RC, see Visual Studio 2017 RC Documentation.

TypeNameUriParametersShouldNotBeStrings
CheckIdCA1054
CategoryMicrosoft.Design
Breaking ChangeBreaking

A type declares a method with a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url" and the type does not declare a corresponding overload that takes a System.Uri parameter.

This rule splits the parameter name into tokens based on the camel casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the parameter represents a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the Uri class, which provides these services in a safe and secure manner.

To fix a violation of this rule, change the parameter to a Uri type; this is a breaking change. Alternately, provide an overload of the method which takes a Uri parameter; this is a nonbreaking change.

It is safe to suppress a warning from this rule if the parameter does not represent a URI.

The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

Imports System

Namespace DesignLibrary

   Public Class ErrorProne
   
      Dim someUriValue As String 

      ' Violates rule UriPropertiesShouldNotBeStrings.
      Property SomeUri As String
         Get 
            Return someUriValue 
         End Get
         Set 
            someUriValue = Value 
         End Set
      End Property

      ' Violates rule UriParametersShouldNotBeStrings.
      Sub AddToHistory(uriString As String)
      End Sub

      ' Violates rule UriReturnValuesShouldNotBeStrings.
      Function GetRefererUri(httpHeader As String) As String
         Return "http://www.adventure-works.com"
      End Function

   End Class

   Public Class SaferWay
   
      Dim someUriValue As Uri 

      ' To retrieve a string, call SomeUri.ToString().
      ' To set using a string, call SomeUri = New Uri(string).
      Property SomeUri As Uri
         Get 
            Return someUriValue 
         End Get
         Set 
            someUriValue = Value 
         End Set
      End Property

      Sub AddToHistory(uriString As String)
         ' Check for UriFormatException.
         AddToHistory(New Uri(uriString))
      End Sub

      Sub AddToHistory(uriString As Uri)
      End Sub

      Function GetRefererUri(httpHeader As String) As Uri
         Return New Uri("http://www.adventure-works.com")
      End Function

   End Class

End Namespace

CA1056: URI properties should not be strings

CA1055: URI return values should not be strings

CA2234: Pass System.Uri objects instead of strings

CA1057: String URI overloads call System.Uri overloads

Show: