URI parameters should not be strings
URI parameters should not be strings
Microsoft docsDescription
This rule splits the parameter name into tokens based on the camel casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there's a match, the rule assumes that the parameter represents a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the System.Uri class, which provides these services in a safe and secure manner.
Cause
A type declares a method with a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url", and the type does not declare a corresponding overload that takes a System.Uri parameter.
By default, this rule only looks at externally visible types, but this is configurable.
How to fix violations
To fix a violation of this rule, change the parameter to a System.Uri type; this is a breaking change. Alternately, provide an overload of the method that takes a System.Uri parameter; this is a non-breaking change.
Example
#pragma warning disable CA1054
// The code that's violating the rule is on this line.
#pragma warning restore CA1054When to suppress
It's safe to suppress a warning from this rule if the parameter doesn't represent a URI.