CA1056:URI attribute should not be a string

Posted by kingnutter on Tue, 22 Feb 2022 14:59:02 +0100


Rule ID




Is the repair disruptive or non disruptive



The type declaration name contains a string attribute of 'URI', 'URI', 'urn', 'urn', 'URL', or 'URL'.

By default, this rule only looks at externally visible types, but this is configurable.

Rule description

This rule splits the attribute name into tags according to Pascal case convention, and checks whether each tag is equal to "URI", "URI", "Urn", "Urn", "URL" or "URL". If there is a match, this rule assumes that the attribute represents a uniform resource identifier (URI). The string representation of URI is easy to cause analysis and coding errors, and can cause security vulnerabilities. System. The URI class provides these services in a secure way.

How to resolve conflicts

To resolve conflicts with this rule, change the property to Uri type.

When to suppress warnings

If the property does not represent a URL, it is safe to suppress warnings for this rule.

Configure code for analysis

Use the options below to configure which parts of the code base to run this rule.

Contains specific API surfaces

You can configure this option (Design) only for this rule, for all rules, or for all rules in this category. For more information, see code quality rule configuration options.

Contains specific API surfaces

Depending on the accessibility of the code base, you can configure the part for which you want to run this rule. For example, to specify that the rule should run only on non-public API surfaces, add the following key value pairs to the in the project editorconfig file:

dotnet_code_quality.CAXXXX.api_surface = private, internal


The following example shows an ErrorProne type that conflicts with this rule and a Safeway type that conforms to this rule.

public class ErrorProne
    // Violates rule UriPropertiesShouldNotBeStrings.
    public string SomeUri { get; set; }
    // Violates rule UriParametersShouldNotBeStrings.
    public void AddToHistory(string uriString) { }
    // Violates rule UriReturnValuesShouldNotBeStrings.
    public string GetRefererUri(string httpHeader)
        return "";
public class SaferWay
    // To retrieve a string, call SomeUri.ToString().
    // To set using a string, call SomeUri = new Uri(string).
    public Uri SomeUri { get; set; }
    public void AddToHistory(string uriString)
        // Check for UriFormatException.
        AddToHistory(new Uri(uriString));
    public void AddToHistory(Uri uriType) { }
    public Uri GetRefererUri(string httpHeader)
        return new Uri("");
Imports System
Namespace ca1056
    Public Class ErrorProne
        ' Violates rule UriPropertiesShouldNotBeStrings.
        Property SomeUri As String
        ' Violates rule UriParametersShouldNotBeStrings.
        Sub AddToHistory(uriString As String)
        End Sub
        ' Violates rule UriReturnValuesShouldNotBeStrings.
        Function GetRefererUri(httpHeader As String) As String
            Return ""
        End Function
    End Class
    Public Class SaferWay
        ' To retrieve a string, call SomeUri.ToString().
        ' To set using a string, call SomeUri = New Uri(string).
        Property SomeUri As Uri
        Sub AddToHistory(uriString As String)
            ' Check for UriFormatException.
            AddToHistory(New Uri(uriString))
        End Sub
        Sub AddToHistory(uriString As Uri)
        End Sub
        Function GetRefererUri(httpHeader As String) As Uri
            Return New Uri("")
        End Function
    End Class
End Namespace

Relevant rules

CA1054:URI parameter should not be a string

CA1055:URI return value should not be a string

CA2234: pass system Uri object without passing a string