• Home
• org.sonarsource.dotnet
• sonar-csharp-plugin
• 9.28.0.94264
• source code
• S3994.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.plugins.csharp.S3994.html Maven / Gradle / Ivy

Why is this an issue?
String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The System.Uri
class is a safe alternative and should be preferred. At minimum, an overload of the method taking a System.Uri as a parameter should be
provided in each class that contains a method with an apparent Uri passed as a string.
This rule raises issues when a method has a string parameter with a name containing "uri", "Uri", "urn", "Urn", "url" or "Url", and the type
doesn’t declare a corresponding overload taking an System.Uri parameter instead.
Noncompliant code example
using System;

namespace MyLibrary
{
   public class MyClass
   {

      public void FetchResource(string uriString) { } // Noncompliant
   }
}

Compliant solution
using System;

namespace MyLibrary
{
   public class MyClass
   {

      public void FetchResource(string uriString)
      {
          FetchResource(new Uri(uriString));
      }

      public void FetchResource(Uri uri) { }
   }
}