From e9a301f8b3c63c212814f6d76d1b6ac39e5735f9 Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 10:01:42 +0200 Subject: [PATCH 1/9] Obsolete Uri.EscapeUriString --- src/libraries/Common/src/System/Obsoletions.cs | 3 +++ src/libraries/System.Private.Uri/src/System/Uri.cs | 2 +- src/libraries/System.Private.Uri/src/System/UriExt.cs | 1 + src/libraries/System.Runtime/ref/System.Runtime.cs | 3 ++- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs index 0fc0731ad13444..1a20e7dc51963d 100644 --- a/src/libraries/Common/src/System/Obsoletions.cs +++ b/src/libraries/Common/src/System/Obsoletions.cs @@ -42,5 +42,8 @@ internal static class Obsoletions internal const string CodeBaseMessage = "Assembly.CodeBase and Assembly.EscapedCodeBase are only included for .NET Framework compatibility. Use Assembly.Location instead."; internal const string CodeBaseDiagId = "SYSLIB0012"; + + internal const string EscapeUriStringMessage = "Uri.EscapeUriString is insecure and should not be used. Consider using Uri.EscapeDataString instead."; + internal const string EscapeUriStringDiagId = "SYSLIB0013"; } } diff --git a/src/libraries/System.Private.Uri/src/System/Uri.cs b/src/libraries/System.Private.Uri/src/System/Uri.cs index 754ac60bf5b87b..3b4cb458127578 100644 --- a/src/libraries/System.Private.Uri/src/System/Uri.cs +++ b/src/libraries/System.Private.Uri/src/System/Uri.cs @@ -5190,7 +5190,7 @@ protected virtual string Unescape(string path) return new string(dest, 0, count); } - [Obsolete("The method has been deprecated. Please use GetComponents() or static EscapeUriString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] + [Obsolete("The method has been deprecated. Please use GetComponents() or static EscapeDataString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] protected static string EscapeString(string? str) => str is null ? string.Empty : UriHelper.EscapeString(str, checkExistingEscaped: true, UriHelper.UnreservedReservedTable, '?', '#'); diff --git a/src/libraries/System.Private.Uri/src/System/UriExt.cs b/src/libraries/System.Private.Uri/src/System/UriExt.cs index ff74af22a9bd94..1491d0715c98e6 100644 --- a/src/libraries/System.Private.Uri/src/System/UriExt.cs +++ b/src/libraries/System.Private.Uri/src/System/UriExt.cs @@ -548,6 +548,7 @@ public static string UnescapeDataString(string stringToUnescape) // Where stringToEscape is intended to be a completely unescaped URI string. // This method will escape any character that is not a reserved or unreserved character, including percent signs. + [Obsolete(Obsoletions.EscapeUriStringMessage, DiagnosticId = Obsoletions.EscapeUriStringDiagId, UrlFormat = Obsoletions.SharedUrlFormat)] public static string EscapeUriString(string stringToEscape) => UriHelper.EscapeString(stringToEscape, checkExistingEscaped: false, UriHelper.UnreservedReservedTable); diff --git a/src/libraries/System.Runtime/ref/System.Runtime.cs b/src/libraries/System.Runtime/ref/System.Runtime.cs index ac82e2c50fa3b7..2bfc12af35eacf 100644 --- a/src/libraries/System.Runtime/ref/System.Runtime.cs +++ b/src/libraries/System.Runtime/ref/System.Runtime.cs @@ -4663,8 +4663,9 @@ protected virtual void CheckSecurity() { } [System.ObsoleteAttribute("The method has been deprecated. It is not used by the system. https://go.microsoft.com/fwlink/?linkid=14202")] protected virtual void Escape() { } public static string EscapeDataString(string stringToEscape) { throw null; } - [System.ObsoleteAttribute("The method has been deprecated. Please use GetComponents() or static EscapeUriString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] + [System.ObsoleteAttribute("The method has been deprecated. Please use GetComponents() or static EscapeDataString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] protected static string EscapeString(string? str) { throw null; } + [System.ObsoleteAttribute(Obsoletions.EscapeUriStringMessage, DiagnosticId = Obsoletions.EscapeUriStringDiagId, UrlFormat = Obsoletions.SharedUrlFormat)] public static string EscapeUriString(string stringToEscape) { throw null; } public static int FromHex(char digit) { throw null; } public string GetComponents(System.UriComponents components, System.UriFormat format) { throw null; } From df1c65587db6ce89e01b46e31135a8920c71e35f Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 10:52:59 +0200 Subject: [PATCH 2/9] add attribute to the ref --- src/libraries/System.Private.Uri/src/System.Private.Uri.csproj | 2 ++ src/libraries/System.Runtime/ref/System.Runtime.cs | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libraries/System.Private.Uri/src/System.Private.Uri.csproj b/src/libraries/System.Private.Uri/src/System.Private.Uri.csproj index 731f081a11eb9c..df8a1db87995b4 100644 --- a/src/libraries/System.Private.Uri/src/System.Private.Uri.csproj +++ b/src/libraries/System.Private.Uri/src/System.Private.Uri.csproj @@ -9,6 +9,8 @@ Link="Common\System\Collections\Generic\ArrayBuilder.cs" /> + diff --git a/src/libraries/System.Runtime/ref/System.Runtime.cs b/src/libraries/System.Runtime/ref/System.Runtime.cs index 2bfc12af35eacf..39d51cc4a1a9e6 100644 --- a/src/libraries/System.Runtime/ref/System.Runtime.cs +++ b/src/libraries/System.Runtime/ref/System.Runtime.cs @@ -4665,7 +4665,7 @@ protected virtual void Escape() { } public static string EscapeDataString(string stringToEscape) { throw null; } [System.ObsoleteAttribute("The method has been deprecated. Please use GetComponents() or static EscapeDataString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] protected static string EscapeString(string? str) { throw null; } - [System.ObsoleteAttribute(Obsoletions.EscapeUriStringMessage, DiagnosticId = Obsoletions.EscapeUriStringDiagId, UrlFormat = Obsoletions.SharedUrlFormat)] + [System.ObsoleteAttribute("Uri.EscapeUriString is insecure and should not be used. Consider using Uri.EscapeDataString instead.", DiagnosticId = "SYSLIB0013", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")] public static string EscapeUriString(string stringToEscape) { throw null; } public static int FromHex(char digit) { throw null; } public string GetComponents(System.UriComponents components, System.UriFormat format) { throw null; } From 64275764a48158b69df9a9fcfb9d156e6bb5cb0e Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 15:04:40 +0200 Subject: [PATCH 3/9] Fix tests --- .../FunctionalTests/System.Private.Uri.Functional.Tests.csproj | 3 ++- .../System.Reflection/tests/System.Reflection.Tests.csproj | 1 + src/libraries/System.Runtime/tests/System.Runtime.Tests.csproj | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Private.Uri/tests/FunctionalTests/System.Private.Uri.Functional.Tests.csproj b/src/libraries/System.Private.Uri/tests/FunctionalTests/System.Private.Uri.Functional.Tests.csproj index 0a9b7602b60dd4..4aa4be66cd6a76 100644 --- a/src/libraries/System.Private.Uri/tests/FunctionalTests/System.Private.Uri.Functional.Tests.csproj +++ b/src/libraries/System.Private.Uri/tests/FunctionalTests/System.Private.Uri.Functional.Tests.csproj @@ -1,6 +1,7 @@ $(NetCoreAppCurrent) + $(NoWarn),SYSLIB0013 @@ -26,4 +27,4 @@ - \ No newline at end of file + diff --git a/src/libraries/System.Reflection/tests/System.Reflection.Tests.csproj b/src/libraries/System.Reflection/tests/System.Reflection.Tests.csproj index 8db00f6e9dd484..3d22e60dfd35c5 100644 --- a/src/libraries/System.Reflection/tests/System.Reflection.Tests.csproj +++ b/src/libraries/System.Reflection/tests/System.Reflection.Tests.csproj @@ -5,6 +5,7 @@ false true + $(NoWarn),SYSLIB0013 true - $(NoWarn),1718 + $(NoWarn),1718,SYSLIB0013 true true $(NetCoreAppCurrent)-Windows_NT;$(NetCoreAppCurrent)-Unix;$(NetCoreAppCurrent)-Browser From 093db85de35e7538bd645686271d7f499496e4ae Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 15:23:59 +0200 Subject: [PATCH 4/9] change message --- src/libraries/Common/src/System/Obsoletions.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs index 1a20e7dc51963d..ea0d13d06c6ba7 100644 --- a/src/libraries/Common/src/System/Obsoletions.cs +++ b/src/libraries/Common/src/System/Obsoletions.cs @@ -43,7 +43,7 @@ internal static class Obsoletions internal const string CodeBaseMessage = "Assembly.CodeBase and Assembly.EscapedCodeBase are only included for .NET Framework compatibility. Use Assembly.Location instead."; internal const string CodeBaseDiagId = "SYSLIB0012"; - internal const string EscapeUriStringMessage = "Uri.EscapeUriString is insecure and should not be used. Consider using Uri.EscapeDataString instead."; + internal const string EscapeUriStringMessage = "Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString instead."; internal const string EscapeUriStringDiagId = "SYSLIB0013"; } } From b58b9fbd7f08316d0171afc4daccb68512284594 Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 16:46:06 +0200 Subject: [PATCH 5/9] fix the message --- src/libraries/System.Runtime/ref/System.Runtime.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Runtime/ref/System.Runtime.cs b/src/libraries/System.Runtime/ref/System.Runtime.cs index 39d51cc4a1a9e6..4a1053865ce9e0 100644 --- a/src/libraries/System.Runtime/ref/System.Runtime.cs +++ b/src/libraries/System.Runtime/ref/System.Runtime.cs @@ -4665,7 +4665,7 @@ protected virtual void Escape() { } public static string EscapeDataString(string stringToEscape) { throw null; } [System.ObsoleteAttribute("The method has been deprecated. Please use GetComponents() or static EscapeDataString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] protected static string EscapeString(string? str) { throw null; } - [System.ObsoleteAttribute("Uri.EscapeUriString is insecure and should not be used. Consider using Uri.EscapeDataString instead.", DiagnosticId = "SYSLIB0013", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")] + [System.ObsoleteAttribute("Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString instead.", DiagnosticId = "SYSLIB0013", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")] public static string EscapeUriString(string stringToEscape) { throw null; } public static int FromHex(char digit) { throw null; } public string GetComponents(System.UriComponents components, System.UriFormat format) { throw null; } From 11185dbdfa77ef972f33dd2059305e3fbf5a80ee Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Fri, 28 Aug 2020 18:39:17 +0200 Subject: [PATCH 6/9] Suppress warning for Nls test --- .../tests/NlsTests/System.Runtime.Nls.Tests.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libraries/System.Runtime/tests/NlsTests/System.Runtime.Nls.Tests.csproj b/src/libraries/System.Runtime/tests/NlsTests/System.Runtime.Nls.Tests.csproj index 25dd476280c8a2..39e883658bb354 100644 --- a/src/libraries/System.Runtime/tests/NlsTests/System.Runtime.Nls.Tests.csproj +++ b/src/libraries/System.Runtime/tests/NlsTests/System.Runtime.Nls.Tests.csproj @@ -4,6 +4,7 @@ true true $(NetCoreAppCurrent)-Windows_NT + $(NoWarn),SYSLIB0013 Date: Mon, 31 Aug 2020 13:02:11 +0200 Subject: [PATCH 7/9] Update src/libraries/Common/src/System/Obsoletions.cs Co-authored-by: Adeel Mujahid --- src/libraries/Common/src/System/Obsoletions.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs index 3880261f1f0c75..30382da4c17bf6 100644 --- a/src/libraries/Common/src/System/Obsoletions.cs +++ b/src/libraries/Common/src/System/Obsoletions.cs @@ -43,7 +43,7 @@ internal static class Obsoletions internal const string CodeBaseMessage = "Assembly.CodeBase and Assembly.EscapedCodeBase are only included for .NET Framework compatibility. Use Assembly.Location instead."; internal const string CodeBaseDiagId = "SYSLIB0012"; - internal const string EscapeUriStringMessage = "Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString instead."; + internal const string EscapeUriStringMessage = "Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString only for the query string component instead."; internal const string EscapeUriStringDiagId = "SYSLIB0013"; internal const string WebRequestMessage = "Use HttpClient instead."; From cce9037b9a9e3663762b156fdfc1f0cb09dfd6be Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Mon, 31 Aug 2020 13:17:23 +0200 Subject: [PATCH 8/9] Hopefully last message attempt --- src/libraries/Common/src/System/Obsoletions.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs index 30382da4c17bf6..1b409c7628f3cc 100644 --- a/src/libraries/Common/src/System/Obsoletions.cs +++ b/src/libraries/Common/src/System/Obsoletions.cs @@ -43,7 +43,7 @@ internal static class Obsoletions internal const string CodeBaseMessage = "Assembly.CodeBase and Assembly.EscapedCodeBase are only included for .NET Framework compatibility. Use Assembly.Location instead."; internal const string CodeBaseDiagId = "SYSLIB0012"; - internal const string EscapeUriStringMessage = "Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString only for the query string component instead."; + internal const string EscapeUriStringMessage = "Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString for query string components instead."; internal const string EscapeUriStringDiagId = "SYSLIB0013"; internal const string WebRequestMessage = "Use HttpClient instead."; From 53deba2aea6d05e8cbc39784d118d63970d6b9d2 Mon Sep 17 00:00:00 2001 From: Jan Jahoda Date: Mon, 31 Aug 2020 13:26:50 +0200 Subject: [PATCH 9/9] Hopefully last message attempt #2 --- src/libraries/System.Runtime/ref/System.Runtime.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Runtime/ref/System.Runtime.cs b/src/libraries/System.Runtime/ref/System.Runtime.cs index 4a1053865ce9e0..2f7823e9e0782a 100644 --- a/src/libraries/System.Runtime/ref/System.Runtime.cs +++ b/src/libraries/System.Runtime/ref/System.Runtime.cs @@ -4665,7 +4665,7 @@ protected virtual void Escape() { } public static string EscapeDataString(string stringToEscape) { throw null; } [System.ObsoleteAttribute("The method has been deprecated. Please use GetComponents() or static EscapeDataString() to escape a Uri component or a string. https://go.microsoft.com/fwlink/?linkid=14202")] protected static string EscapeString(string? str) { throw null; } - [System.ObsoleteAttribute("Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString instead.", DiagnosticId = "SYSLIB0013", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")] + [System.ObsoleteAttribute("Uri.EscapeUriString can corrupt the Uri string in some cases. Consider using Uri.EscapeDataString for query string components instead.", DiagnosticId = "SYSLIB0013", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")] public static string EscapeUriString(string stringToEscape) { throw null; } public static int FromHex(char digit) { throw null; } public string GetComponents(System.UriComponents components, System.UriFormat format) { throw null; }