CA1056: URI properties should not be strings







Breaking Change


A type declares a string property whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url".

This rule splits the property name into tokens based on the Pascal casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the property represents a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System::Uri class provides these services in a safe and secure manner.

To fix a violation of this rule, change the property to a Uri type.

It is safe to suppress a warning from this rule if the property does not represent a URI.

The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

#using <system.dll>
using namespace System;

namespace DesignLibrary
   public ref class ErrorProne
      // Violates rule UriPropertiesShouldNotBeStrings. 
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings. 
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
         return "";

   public ref class SaferWay
      // To retrieve a string, call SomeUri()->ToString(). 
      // To set using a string, call SomeUri(gcnew Uri(string)). 
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
         return gcnew Uri("");