Pass System.Uri objects instead of strings
Pass System.Uri objects instead of strings
Microsoft docsDescription
A parameter name is split into tokens based on the camel casing convention, and then each token is checked to see whether it equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the parameter is assumed to represent a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner. When there is a choice between two overloads that differ only regarding the representation of a URI, the user should choose the overload that takes a System.Uri argument.
Cause
A call is made to a method that has a string parameter whose name contains "uri", "Uri", "urn", "Urn", "url", or "Url" and the declaring type of the method contains a corresponding method overload that has a System.Uri parameter.
By default, this rule only looks at externally visible methods and types, but this is configurable.
How to fix violations
To fix a violation of this rule, call the overload that takes the System.Uri argument.
Example
#pragma warning disable CA2234
// The code that's violating the rule is on this line.
#pragma warning restore CA2234When to suppress
It is safe to suppress a warning from this rule if the string parameter does not represent a URI.