CA1054:URI 參數不應該為字串
型別名稱 |
UriParametersShouldNotBeStrings |
CheckId |
CA1054 |
分類 |
Microsoft.Design |
中斷變更 |
中斷 |
原因
型別會以名稱中包含 "uri"、"Uri"、"urn"、"Urn"、"url" 或 "Url" 的字串參數宣告方法,並且型別不會宣告採用 System.Uri 參數的對應多載。
規則描述
這項規則會根據 Camel 命名法的大小寫慣例將參數名稱分割成語彙基元 (Token),並檢查每個語彙基元是否等於 "uri"、"Uri"、"urn"、"Urn"、"url" 或 "Url"。 如果有符合的項目,規則就會假設參數代表統一資源識別元 (URI)。 URI 的字串表示方式容易發生剖析和編碼錯誤,並且可能因此產生安全性弱點。 如果方法使用 URI 字串表示,應該提供採用 Uri 類別的對應多載,這樣就可以透過安全的方式提供這些服務。
如何修正違規
若要修正此規則的違規情形,請將參數變更為 Uri 型別,而這會是中斷變更。 此外,也提供使用 Uri 參數的方法多載,而這會是非中斷變更。
隱藏警告的時機
如果參數不代表 URI,則您可以放心地隱藏此規則的警告。
範例
下列程式碼範例會示範違反此規則的型別 (ErrorProne),和滿足此規則的型別 (SaferWay)。
Imports System
Namespace DesignLibrary
Public Class ErrorProne
Dim someUriValue As String
' Violates rule UriPropertiesShouldNotBeStrings.
Property SomeUri As String
Get
Return someUriValue
End Get
Set
someUriValue = Value
End Set
End Property
' Violates rule UriParametersShouldNotBeStrings.
Sub AddToHistory(uriString As String)
End Sub
' Violates rule UriReturnValuesShouldNotBeStrings.
Function GetRefererUri(httpHeader As String) As String
Return "https://www.adventure-works.com"
End Function
End Class
Public Class SaferWay
Dim someUriValue As Uri
' To retrieve a string, call SomeUri.ToString().
' To set using a string, call SomeUri = New Uri(string).
Property SomeUri As Uri
Get
Return someUriValue
End Get
Set
someUriValue = Value
End Set
End Property
Sub AddToHistory(uriString As String)
' Check for UriFormatException.
AddToHistory(New Uri(uriString))
End Sub
Sub AddToHistory(uriString As Uri)
End Sub
Function GetRefererUri(httpHeader As String) As Uri
Return New Uri("https://www.adventure-works.com")
End Function
End Class
End Namespace
using System;
namespace DesignLibrary
{
public class ErrorProne
{
string someUri;
// Violates rule UriPropertiesShouldNotBeStrings.
public string SomeUri
{
get { return someUri; }
set { someUri = value; }
}
// Violates rule UriParametersShouldNotBeStrings.
public void AddToHistory(string uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
public string GetRefererUri(string httpHeader)
{
return "https://www.adventure-works.com";
}
}
public class SaferWay
{
Uri someUri;
// To retrieve a string, call SomeUri.ToString().
// To set using a string, call SomeUri = new Uri(string).
public Uri SomeUri
{
get { return someUri; }
set { someUri = value; }
}
public void AddToHistory(string uriString)
{
// Check for UriFormatException.
AddToHistory(new Uri(uriString));
}
public void AddToHistory(Uri uriType) { }
public Uri GetRefererUri(string httpHeader)
{
return new Uri("https://www.adventure-works.com");
}
}
}
#using <system.dll>
using namespace System;
namespace DesignLibrary
{
public ref class ErrorProne
{
public:
// Violates rule UriPropertiesShouldNotBeStrings.
property String^ SomeUri;
// Violates rule UriParametersShouldNotBeStrings.
void AddToHistory(String^ uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
String^ GetRefererUri(String^ httpHeader)
{
return "https://www.adventure-works.com";
}
};
public ref class SaferWay
{
public:
// To retrieve a string, call SomeUri()->ToString().
// To set using a string, call SomeUri(gcnew Uri(string)).
property Uri^ SomeUri;
void AddToHistory(String^ uriString)
{
// Check for UriFormatException.
AddToHistory(gcnew Uri(uriString));
}
void AddToHistory(Uri^ uriType) { }
Uri^ GetRefererUri(String^ httpHeader)
{
return gcnew Uri("https://www.adventure-works.com");
}
};
}