False positive: S1075 URIs should not be hardcoded triggers for XML Namespace names

  • What language is this for?

C# - but probably any .Net language.

  • Which rule?

S1075 URIs should not be hardcoded

  • Why do you believe it’s a false-positive/false-negative?

This reports if URI are passed as parameters to methods. There are some exclusions. My case is that I think XmlNamespaceManager.AddNamespace should be added to the list of exclusions. See below for code that triggers this rule. The namespaces are not accessing the internet, they are used for interpreting XML that is already downloaded or read from a file. Also, they are largely set in stone. Once defined, XML documents using them become invalid if they are changed.

  • Are you using
    • SonarCloud? - NO
    • SonarQube - * Enterprise Edition Version 9.9.3
    • SonarLint - Visual Studio Enterprise Edition 17.9.2 - SonarLint for Visual Studio
      • in connected mode with SonarQube? Yes
  • How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
using System.Xml;

// ...

private static XmlNamespaceManager CreateNamespaceManager()
    var namespaceManager = new XmlNamespaceManager(new NameTable());
    namespaceManager.AddNamespace("ffc", "http://www.redacted.com/namespaces/ffc");
    namespaceManager.AddNamespace("dex", "http://www.redacted.com/namespaces/dex");
    return namespaceManager;

Hello @mgbrown,

thanks a lot for reporting this. I confirm this is a false positive. I opened an issue (you can follow here) and added it to our backlog, to tackle in one of our future sprints.