Share via


CA1054: URI parameters should not be strings

TypeName

UriParametersShouldNotBeStrings

CheckId

CA1054

Category

Microsoft.Design

Breaking Change

Breaking

Cause

A type declares a method with a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url" and the type does not declare a corresponding overload that takes a Uri parameter.

Rule Description

This rule splits the parameter name into tokens based on the camel casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the parameter represents a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the Uri class, which provides these services in a safe and secure manner.

How to Fix Violations

To fix a violation of this rule, change the parameter to a Uri type; this is a breaking change. Alternately, provide an overload of the method which takes a Uri parameter; this is a nonbreaking change.

When to Suppress Warnings

It is safe to suppress a warning from this rule if the parameter does not represent a URI.

Example

The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

Imports System

Namespace DesignLibrary

   Public Class ErrorProne

      Dim someUriValue As String  

      ' Violates rule UriPropertiesShouldNotBeStrings. 
      Property SomeUri As String 
         Get  
            Return someUriValue 
         End Get 
         Set 
            someUriValue = Value 
         End Set 
      End Property 

      ' Violates rule UriParametersShouldNotBeStrings. 
      Sub AddToHistory(uriString As String)
      End Sub 

      ' Violates rule UriReturnValuesShouldNotBeStrings. 
      Function GetRefererUri(httpHeader As String) As String 
         Return "https://www.adventure-works.com" 
      End Function 

   End Class 

   Public Class SaferWay

      Dim someUriValue As Uri 

      ' To retrieve a string, call SomeUri.ToString(). 
      ' To set using a string, call SomeUri = New Uri(string). 
      Property SomeUri As Uri
         Get  
            Return someUriValue 
         End Get 
         Set 
            someUriValue = Value 
         End Set 
      End Property 

      Sub AddToHistory(uriString As String)
         ' Check for UriFormatException.
         AddToHistory(New Uri(uriString))
      End Sub 

      Sub AddToHistory(uriString As Uri)
      End Sub 

      Function GetRefererUri(httpHeader As String) As Uri
         Return New Uri("https://www.adventure-works.com")
      End Function 

   End Class 

End Namespace
using System;

namespace DesignLibrary
{
   public class ErrorProne
   {
      string someUri;

      // Violates rule UriPropertiesShouldNotBeStrings. 
      public string SomeUri
      {
         get { return someUri; }
         set { someUri = value; }
      }

      // Violates rule UriParametersShouldNotBeStrings. 
      public void AddToHistory(string uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings. 
      public string GetRefererUri(string httpHeader)
      {
         return "https://www.adventure-works.com";
      }
   }

   public class SaferWay
   {
      Uri someUri;

      // To retrieve a string, call SomeUri.ToString(). 
      // To set using a string, call SomeUri = new Uri(string). 
      public Uri SomeUri
      {
         get { return someUri; }
         set { someUri = value; }
      }

      public void AddToHistory(string uriString)
      {
         // Check for UriFormatException.
         AddToHistory(new Uri(uriString));
      }

      public void AddToHistory(Uri uriType) { }

      public Uri GetRefererUri(string httpHeader)
      {
         return new Uri("https://www.adventure-works.com");
      }
   }
}
#using <system.dll>
using namespace System;

namespace DesignLibrary
{
   public ref class ErrorProne
   {
   public:
      // Violates rule UriPropertiesShouldNotBeStrings. 
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings. 
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
      {
         return "https://www.adventure-works.com";
      }
   };

   public ref class SaferWay
   {
   public:
      // To retrieve a string, call SomeUri()->ToString(). 
      // To set using a string, call SomeUri(gcnew Uri(string)). 
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
      {
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));
      }

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
      {
         return gcnew Uri("https://www.adventure-works.com");
      }
   };
}

CA1056: URI properties should not be strings

CA1055: URI return values should not be strings

CA2234: Pass System.Uri objects instead of strings

CA1057: String URI overloads call System.Uri overloads