• Home
• org.sonarsource.dotnet
• sonar-csharp-plugin
• 9.29.0.95321
• source code
• S1075.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.plugins.csharp.S1075.html Maven / Gradle / Ivy

Why is this an issue?
Hard-coding a URI makes it difficult to test a program for a variety of reasons:

  
 path literals are not always portable across operating systems 
  
 a given absolute path may not exist in a specific test environment 
  
 a specified Internet URL may not be available when executing the tests 
  
 production environment filesystems usually differ from the development environment 

In addition, hard-coded URIs can contain sensitive information, like IP addresses, and they should not be stored in the code.
For all those reasons, a URI should never be hard coded. Instead, it should be replaced by a customizable parameter.
Further, even if the elements of a URI are obtained dynamically, portability can still be limited if the path delimiters are hard-coded.
This rule raises an issue when URIs or path delimiters are hard-coded.
Exceptions
This rule does not raise an issue when an ASP.NET virtual path is passed as an argument to one of the following:

  
 methods: System.Web.HttpServerUtilityBase.MapPath(), System.Web.HttpRequestBase.MapPath(),
  System.Web.HttpResponseBase.ApplyAppPathModifier(), System.Web.Mvc.UrlHelper.Content() 
  
 all methods of: System.Web.VirtualPathUtility 
  
 constructors of: Microsoft.AspNetCore.Mvc.VirtualFileResult, Microsoft.AspNetCore.Routing.VirtualPathData 

How to fix it
Code examples
Noncompliant code example
public class Foo {
  public List<User> ListUsers() {
    string userListPath = "/home/mylogin/Dev/users.txt"; // Noncompliant
    return ParseUsers(userListPath);
  }
}

Compliant solution
public class Foo {
  // Configuration is a class that returns customizable properties: it can be mocked to be injected during tests.
  private Configuration config;
  public Foo(Configuration myConfig) {
    this.config = myConfig;
  }
  public List<User> ListUsers() {
    // Find here the way to get the correct folder, in this case using the Configuration object
    string listingFolder = config.GetProperty("myApplication.listingFolder");
    // and use this parameter instead of the hard coded path
    string userListPath = Path.Combine(listingFolder, "users.txt"); // Compliant
    return ParseUsers(userListPath);
  }
}