Rule Definition
A string representation of a URI is prone to parsing and encoding errors and can lead to security vulnerabilities. The Uri class provides these services in a safe and secure manner. When there is a choice between two overloads that differ only regarding the representation of a URI, the user should choose the overload that takes a Uri argument.
Remediation
To fix a violation of this rule, call the overload that takes the Uri argument.
Violation Code Sample
using System;
namespace DesignLibrary
{
class History
{
internal void AddToHistory(string uriString) {}
internal void AddToHistory(Uri uriType) {}
}
public class Browser
{
History uriHistory = new History();
public void ErrorProne()
{
uriHistory.AddToHistory("http://www.adventure-works.com");
}
}
}
Fixed Code Sample
using System;
namespace DesignLibrary
{
class History
{
internal void AddToHistory(string uriString) {}
internal void AddToHistory(Uri uriType) {}
}
public class Browser
{
History uriHistory = new History();
public void SaferWay()
{
try
{
Uri newUri = new Uri("http://www.adventure-works.com");
uriHistory.AddToHistory(newUri);
}
catch(UriFormatException uriException) {}
}
}
Reference
https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2234?view=vs-2019
Related Technologies
Technical Criterion
Secure Coding - Weak Security Features
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.