URI 属性不应是字符串

更新：2007 年 11 月

原因

某类型声明的字符串属性的名称包含“uri”、“Uri”、“urn”、“Urn”、“url”或“Url”。

规则说明

该规则根据 Pascal 大小写约定将属性名称拆分为多个标记，然后检查每个标记是否与“uri”、“Uri”、“urn”、“Urn”、“url”或“Url”相等。如果存在匹配项，则该规则假定属性表示统一资源标识符 (URI)。URI 的字符串表示形式容易导致分析和编码错误，并且可造成安全漏洞。System.Uri 类以一种安全的方式提供这些服务。

如何修复冲突

要修复与该规则的冲突，请将属性更改为 Uri 类型。

何时禁止显示警告

如果属性不表示 URI，则可以安全地禁止显示此规则发出的警告。

示例

下面的示例演示与该规则冲突的 ErrorProne 类型和满足该规则的 SaferWay 类型。

Imports System

Namespace DesignLibrary

   Public Class ErrorProne

      Dim someUriValue As String 

      ' Violates rule UriPropertiesShouldNotBeStrings.
      Property SomeUri As String
         Get 
            Return someUriValue 
         End Get
         Set 
            someUriValue = Value 
         End Set
      End Property

      ' Violates rule UriParametersShouldNotBeStrings.
      Sub AddToHistory(uriString As String)
      End Sub

      ' Violates rule UriReturnValuesShouldNotBeStrings.
      Function GetRefererUri(httpHeader As String) As String
         Return "https://www.adventure-works.com"
      End Function

   End Class

   Public Class SaferWay

      Dim someUriValue As Uri 

      ' To retrieve a string, call SomeUri.ToString().
      ' To set using a string, call SomeUri = New Uri(string).
      Property SomeUri As Uri
         Get 
            Return someUriValue 
         End Get
         Set 
            someUriValue = Value 
         End Set
      End Property

      Sub AddToHistory(uriString As String)
         ' Check for UriFormatException.
         AddToHistory(New Uri(uriString))
      End Sub

      Sub AddToHistory(uriString As Uri)
      End Sub

      Function GetRefererUri(httpHeader As String) As Uri
         Return New Uri("https://www.adventure-works.com")
      End Function

   End Class

End Namespace

using System;

namespace DesignLibrary
{
   public class ErrorProne
   {
      string someUri;

      // Violates rule UriPropertiesShouldNotBeStrings.
      public string SomeUri
      {
         get { return someUri; }
         set { someUri = value; }
      }

      // Violates rule UriParametersShouldNotBeStrings.
      public void AddToHistory(string uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      public string GetRefererUri(string httpHeader)
      {
         return "https://www.adventure-works.com";
      }
   }

   public class SaferWay
   {
      Uri someUri;

      // To retrieve a string, call SomeUri.ToString().
      // To set using a string, call SomeUri = new Uri(string).
      public Uri SomeUri
      {
         get { return someUri; }
         set { someUri = value; }
      }

      public void AddToHistory(string uriString)
      {
         // Check for UriFormatException.
         AddToHistory(new Uri(uriString));
      }

      public void AddToHistory(Uri uriType) { }

      public Uri GetRefererUri(string httpHeader)
      {
         return new Uri("https://www.adventure-works.com");
      }
   }
}

#using <system.dll>
using namespace System;

namespace DesignLibrary
{
   public ref class ErrorProne
   {
   public:
      // Violates rule UriPropertiesShouldNotBeStrings.
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings.
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
      {
         return "https://www.adventure-works.com";
      }
   };

   public ref class SaferWay
   {
   public:
      // To retrieve a string, call SomeUri()->ToString().
      // To set using a string, call SomeUri(gcnew Uri(string)).
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
      {
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));
      }

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
      {
         return gcnew Uri("https://www.adventure-works.com");
      }
   };
}

相关规则

URI 参数不应为字符串

URI 返回值不应是字符串

传递 System.Uri 对象而不是字符串

字符串 URI 重载调用 System.Uri 重载