org.sonar.plugins.csharp.S4005.html Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of sonarlint-omnisharp-plugin Show documentation

Code Analyzer based on Omnisharp

There is a newer version: 1.26.0.100277

Show newest version

Why is this an issue?
String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The System.Uri
class is a safe alternative and should be preferred.
This rule raises an issue when a called method has a string parameter with a name containing "uri", "Uri", "urn", "Urn", "url" or "Url" and the
declaring type contains a corresponding overload that takes a System.Uri as a parameter.
When there is a choice between two overloads that differ only regarding the representation of a URI, the user should choose the overload that takes
a System.Uri argument.
Noncompliant code example
using System;

namespace MyLibrary
{
   public class Foo
   {
      public void FetchResource(string uriString) { }
      public void FetchResource(Uri uri) { }

      public string ReadResource(string uriString, string name, bool isLocal) { }
      public string ReadResource(Uri uri, string name, bool isLocal) { }

      public void Main() {
        FetchResource("http://www.mysite.com"); // Noncompliant
        ReadResource("http://www.mysite.com", "foo-resource", true); // Noncompliant
      }
   }
}

Compliant solution
using System;

namespace MyLibrary
{
   public class Foo
   {
      public void FetchResource(string uriString) { }
      public void FetchResource(Uri uri) { }

      public string ReadResource(string uriString, string name, bool isLocal) { }
      public string ReadResource(Uri uri, string name, bool isLocal) { }

      public void Main() {
        FetchResource(new Uri("http://www.mysite.com"));
        ReadResource(new Uri("http://www.mysite.com"), "foo-resource", true);
      }
   }
}