rspec/rules/S3997/rule.adoc

== Why is this an issue?

String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The ``++System.Uri++`` class is a safe alternative and should be preferred.

This rule raises an issue when two overloads differ only by the string / ``++Uri++`` parameter and the string overload doesn't call the ``++Uri++`` overload. It is assumed that the string parameter represents a URI because of the exact match besides that parameter type. It stands to reason that the safer overload should be used.


=== Noncompliant code example

[source,text]
----
using System;

namespace MyLibrary
{
   public class MyClass
   {
      public void FetchResource(string uriString) // Noncompliant
      {
         // No calls to FetResource(Uri)
      }

      public void FetchResource(Uri uri) { }
   }
}
----


=== Compliant solution

[source,text]
----
using System;

namespace MyLibrary
{
   public class MyClass
   {
      public void FetchResource(string uriString)
      {
          FetchResource(new Uri(uriString));
      }

      public void FetchResource(Uri uri) { }
   }
}
----
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The ``++System.Uri++`` class is a safe alternative and should be preferred.
Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule raises an issue when two overloads differ only by the string / ``++Uri++`` parameter and the string overload doesn't call the ``++Uri++`` overload. It is assumed that the string parameter represents a URI because of the exact match besides that parameter type. It stands to reason that the safer overload should be used.
Add rules 3000-3999 2020-06-30 12:48:39 +02:00

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 3000-3999 2020-06-30 12:48:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`
			`public void FetchResource(string uriString) // Noncompliant`
			`{`
			`// No calls to FetResource(Uri)`
			`}`

			`public void FetchResource(Uri uri) { }`
			`}`
			`}`
			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add rules 3000-3999 2020-06-30 12:48:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`
			`public void FetchResource(string uriString)`
			`{`
			`FetchResource(new Uri(uriString));`
			`}`

			`public void FetchResource(Uri uri) { }`
			`}`
			`}`
			`----`