Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule S3997: String URI overloads should call "System.Uri" overloads #271

Closed
valhristov opened this issue May 3, 2017 · 0 comments
Closed

Rule S3997: String URI overloads should call "System.Uri" overloads #271

valhristov opened this issue May 3, 2017 · 0 comments
Assignees
@michalb-sonar
Labels
Type: New Feature This hasn't been here before.
Milestone
5.11

Comments

@valhristov
Copy link
Contributor

RSPEC-3997

String representations of URIs or URLs are prone to parsing and encoding errors which can lead to vulnerabilities. The System.Uri class is a safe alternative and should be preferred.

This rule raises an issue when two overloads differ only by the string / Uri parameter and the string overload doesn't call the Uri overload. It is assumed that the string parameter represents a URI because of the exact match besides that parameter type. It does stand to reason that the safer overload should be used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michalb-sonar michalb-sonar

Labels
Type: New Feature This hasn't been here before.
Projects
None yet
Milestone
5.11
Development

No branches or pull requests
2 participants
@valhristov @michalb-sonar