rspec/rules/S3995/rule.adoc

String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The ``++System.Uri++`` class is a safe alternative and should be preferred.


This rule raises an issue when a method has a ``++string++`` return type and its name contains "Uri", "Urn", or "Url" or begins with  "uri", "urn", or "url".


== Noncompliant Code Example

----
using System;

namespace MyLibrary
{
   public class MyClass
   {
      public string GetParentUri() // Noncompliant
      {
         return "http://www.mysite.com";
      }
   }
}
----


== Compliant Solution

----
using System;

namespace MyLibrary
{
   public class MyClass
   {

      public Uri GetParentUri() 
      {
         return new URI("http://www.mysite.com");
      }
   }
}
----
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The ``++System.Uri++`` class is a safe alternative and should be preferred.
Add rules 3000-3999 2020-06-30 12:48:39 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule raises an issue when a method has a ``++string++`` return type and its name contains "Uri", "Urn", or "Url" or begins with "uri", "urn", or "url".
Add rules 3000-3999 2020-06-30 12:48:39 +02:00

			`== Noncompliant Code Example`

			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`
			`public string GetParentUri() // Noncompliant`
			`{`
			`return "http://www.mysite.com";`
			`}`
			`}`
			`}`
			`----`


			`== Compliant Solution`

			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`

			`public Uri GetParentUri()`
			`{`
			`return new URI("http://www.mysite.com");`
			`}`
			`}`
			`}`
			`----`