Delen via

CA1055: URI return values should not be strings







Breaking Change



The name of a method contains "uri", "Uri", "urn", "Urn", "url", or "Url", and the method returns a string.

Rule Description

This rule splits the method name into tokens based on the Pascal casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the method returns a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

How to Fix Violations

To fix a violation of this rule, change the return type to a Uri.

When to Suppress Warnings

It is safe to suppress a warning from this rule if the return value does not represent a URI.


The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

Imports System

Namespace DesignLibrary

   Public Class ErrorProne

      Dim someUriValue As String  

      ' Violates rule UriPropertiesShouldNotBeStrings. 
      Property SomeUri As String 
            Return someUriValue 
         End Get 
            someUriValue = Value 
         End Set 
      End Property 

      ' Violates rule UriParametersShouldNotBeStrings. 
      Sub AddToHistory(uriString As String)
      End Sub 

      ' Violates rule UriReturnValuesShouldNotBeStrings. 
      Function GetRefererUri(httpHeader As String) As String 
         Return "" 
      End Function 

   End Class 

   Public Class SaferWay

      Dim someUriValue As Uri 

      ' To retrieve a string, call SomeUri.ToString(). 
      ' To set using a string, call SomeUri = New Uri(string). 
      Property SomeUri As Uri
            Return someUriValue 
         End Get 
            someUriValue = Value 
         End Set 
      End Property 

      Sub AddToHistory(uriString As String)
         ' Check for UriFormatException.
         AddToHistory(New Uri(uriString))
      End Sub 

      Sub AddToHistory(uriString As Uri)
      End Sub 

      Function GetRefererUri(httpHeader As String) As Uri
         Return New Uri("")
      End Function 

   End Class 

End Namespace
using System;

namespace DesignLibrary
   public class ErrorProne
      string someUri;

      // Violates rule UriPropertiesShouldNotBeStrings. 
      public string SomeUri
         get { return someUri; }
         set { someUri = value; }

      // Violates rule UriParametersShouldNotBeStrings. 
      public void AddToHistory(string uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings. 
      public string GetRefererUri(string httpHeader)
         return "";

   public class SaferWay
      Uri someUri;

      // To retrieve a string, call SomeUri.ToString(). 
      // To set using a string, call SomeUri = new Uri(string). 
      public Uri SomeUri
         get { return someUri; }
         set { someUri = value; }

      public void AddToHistory(string uriString)
         // Check for UriFormatException.
         AddToHistory(new Uri(uriString));

      public void AddToHistory(Uri uriType) { }

      public Uri GetRefererUri(string httpHeader)
         return new Uri("");
#using <system.dll>
using namespace System;

namespace DesignLibrary
   public ref class ErrorProne
      // Violates rule UriPropertiesShouldNotBeStrings. 
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings. 
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
         return "";

   public ref class SaferWay
      // To retrieve a string, call SomeUri()->ToString(). 
      // To set using a string, call SomeUri(gcnew Uri(string)). 
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
         return gcnew Uri("");

CA1056: URI properties should not be strings

CA1054: URI parameters should not be strings

CA2234: Pass System.Uri objects instead of strings

CA1057: String URI overloads call System.Uri overloads