CA1056:URI 屬性不應該為字串
型別名稱 |
UriPropertiesShouldNotBeStrings |
CheckId |
CA1056 |
分類 |
Microsoft.Design |
中斷變更 |
中斷 |
型別所宣告之字串屬性的名稱會包含 "uri"、"Uri"、"urn"、"Urn"、"url" 或 "Url"。
此規則會根據 Pascal 命名法的大小寫慣例將屬性名稱分割為多個語彙基元 (Token),並檢查每個語彙基元是否等於 "uri"、"Uri"、"urn"、"Urn"、"url" 或 "Url"。如果有相對應的情況,則規則會假設該屬性表示統一資源識別元 (URI)。URI 的字串表示方式容易發生剖析和編碼錯誤,並且可能因此產生安全性弱點。System.Uri 類別以安全的方式提供這些服務。
若要修正此規則的違規情形,請將屬性變更為 Uri 型別。
如果屬性不代表 URI,則您可以放心地隱藏此規則的警告。
下列程式碼範例會示範違反此規則的型別 (ErrorProne),和滿足此規則的型別 (SaferWay)。
Imports System
Namespace DesignLibrary
Public Class ErrorProne
Dim someUriValue As String
' Violates rule UriPropertiesShouldNotBeStrings.
Property SomeUri As String
Return someUriValue
End Get
someUriValue = Value
End Set
End Property
' Violates rule UriParametersShouldNotBeStrings.
Sub AddToHistory(uriString As String)
End Sub
' Violates rule UriReturnValuesShouldNotBeStrings.
Function GetRefererUri(httpHeader As String) As String
Return ""
End Function
End Class
Public Class SaferWay
Dim someUriValue As Uri
' To retrieve a string, call SomeUri.ToString().
' To set using a string, call SomeUri = New Uri(string).
Property SomeUri As Uri
Return someUriValue
End Get
someUriValue = Value
End Set
End Property
Sub AddToHistory(uriString As String)
' Check for UriFormatException.
AddToHistory(New Uri(uriString))
End Sub
Sub AddToHistory(uriString As Uri)
End Sub
Function GetRefererUri(httpHeader As String) As Uri
Return New Uri("")
End Function
End Class
End Namespace
using System;
namespace DesignLibrary
public class ErrorProne
string someUri;
// Violates rule UriPropertiesShouldNotBeStrings.
public string SomeUri
get { return someUri; }
set { someUri = value; }
// Violates rule UriParametersShouldNotBeStrings.
public void AddToHistory(string uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
public string GetRefererUri(string httpHeader)
return "";
public class SaferWay
Uri someUri;
// To retrieve a string, call SomeUri.ToString().
// To set using a string, call SomeUri = new Uri(string).
public Uri SomeUri
get { return someUri; }
set { someUri = value; }
public void AddToHistory(string uriString)
// Check for UriFormatException.
AddToHistory(new Uri(uriString));
public void AddToHistory(Uri uriType) { }
public Uri GetRefererUri(string httpHeader)
return new Uri("");
#using <system.dll>
using namespace System;
namespace DesignLibrary
public ref class ErrorProne
// Violates rule UriPropertiesShouldNotBeStrings.
property String^ SomeUri;
// Violates rule UriParametersShouldNotBeStrings.
void AddToHistory(String^ uriString) { }
// Violates rule UriReturnValuesShouldNotBeStrings.
String^ GetRefererUri(String^ httpHeader)
return "";
public ref class SaferWay
// To retrieve a string, call SomeUri()->ToString().
// To set using a string, call SomeUri(gcnew Uri(string)).
property Uri^ SomeUri;
void AddToHistory(String^ uriString)
// Check for UriFormatException.
AddToHistory(gcnew Uri(uriString));
void AddToHistory(Uri^ uriType) { }
Uri^ GetRefererUri(String^ httpHeader)
return gcnew Uri("");