CA1054:URI 参数不应为字符串
类型名 |
UriParametersShouldNotBeStrings |
CheckId |
CA1054 |
类别 |
Microsoft.Design |
是否重大更改 |
是 |
原因
某类型使用名称中包含“uri”、“Uri”、“urn”、“Urn”、“url”或“Url”的字符串参数声明了方法,并且该类型没有声明采用 System.Uri 参数的相应重载。
规则说明
该规则根据 Camel 大小写约定将参数名称拆分成标记,并检查每个标记是否与“uri”、“Uri”、“urn”、“Urn”、“url”或“Url”相等。 如果存在匹配项,则该规则假定此参数表示一个统一资源标识符 (URI)。 URI 的字符串表示形式容易导致分析和编码错误,并且可造成安全漏洞。 如果某方法采用 URI 的字符串表示形式,则应提供采用 Uri 类的实例的相应重载,该重载以安全的方式提供这些服务。
如何解决冲突
要修复与该规则的冲突,请将参数更改为 Uri 类型;此更改是一个重大更改。 或者,提供采用 Uri 参数的方法的重载;此更改不是重大更改。
何时禁止显示警告
如果参数不表示 URI,则可以安全地禁止显示此规则发出的警告。
示例
下面的示例演示与该规则冲突的 ErrorProne 类型和满足该规则的 SaferWay 类型。
Imports System
Namespace DesignLibrary
Public Class ErrorProne
Dim someUriValue As String
' Violates rule UriPropertiesShouldNotBeStrings.
Property SomeUri As String
Get
Return someUriValue
End Get
Set
someUriValue = Value
End Set
End Property
' Violates rule UriParametersShouldNotBeStrings.
Sub AddToHistory(uriString As String)
End Sub
' Violates rule UriReturnValuesShouldNotBeStrings.
Function GetRefererUri(httpHeader As String) As String
Return "https://www.adventure-works.com"
End Function
End Class
Public Class SaferWay
Dim someUriValue As Uri
' To retrieve a string, call SomeUri.ToString().
' To set using a string, call SomeUri = New Uri(string).
Property SomeUri As Uri
Get
Return someUriValue
End Get
Set
someUriValue = Value
End Set
End Property
Sub AddToHistory(uriString As String)
' Check for UriFormatException.
AddToHistory(New Uri(uriString))
End Sub
Sub AddToHistory(uriString As Uri)
End Sub
Function GetRefererUri(httpHeader As String) As Uri
Return New Uri("https://www.adventure-works.com")
End Function
End Class
End Namespace
using System;
namespace DesignLibrary
{
public class ErrorProne
{
string someUri;
// Violates rule UriPropertiesShouldNotBeStrings.
public string SomeUri
{
get { return someUri; }
set { someUri = value; }
}
// Violates rule UriParametersShouldNotBeStrings.
public void AddToHistory(string uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
public string GetRefererUri(string httpHeader)
{
return "https://www.adventure-works.com";
}
}
public class SaferWay
{
Uri someUri;
// To retrieve a string, call SomeUri.ToString().
// To set using a string, call SomeUri = new Uri(string).
public Uri SomeUri
{
get { return someUri; }
set { someUri = value; }
}
public void AddToHistory(string uriString)
{
// Check for UriFormatException.
AddToHistory(new Uri(uriString));
}
public void AddToHistory(Uri uriType) { }
public Uri GetRefererUri(string httpHeader)
{
return new Uri("https://www.adventure-works.com");
}
}
}
#using <system.dll>
using namespace System;
namespace DesignLibrary
{
public ref class ErrorProne
{
public:
// Violates rule UriPropertiesShouldNotBeStrings.
property String^ SomeUri;
// Violates rule UriParametersShouldNotBeStrings.
void AddToHistory(String^ uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
String^ GetRefererUri(String^ httpHeader)
{
return "https://www.adventure-works.com";
}
};
public ref class SaferWay
{
public:
// To retrieve a string, call SomeUri()->ToString().
// To set using a string, call SomeUri(gcnew Uri(string)).
property Uri^ SomeUri;
void AddToHistory(String^ uriString)
{
// Check for UriFormatException.
AddToHistory(gcnew Uri(uriString));
}
void AddToHistory(Uri^ uriType) { }
Uri^ GetRefererUri(String^ httpHeader)
{
return gcnew Uri("https://www.adventure-works.com");
}
};
}