EN JP CN

CS.EXPR.EQ.STR

Use String.IsNullOrEmpty to check if a string is null or empty.

This rule recommends the use of String.IsNullOrEmpty method instead of using other ways of checking for an empty string. IsNullOrEmpty is a convenience method that enables you to simultaneously test whether a String is a null reference or its value is Empty. The followings will be flagged as violations:

Comparison between a string and an empty string ("")
Comparison between a string and String.Empty
Comparison between the length of a string and zero (0)
Checking to see if the length of a string is greater than or equal to one

Vulnerability and risk

String.IsNullOrEmpty is available in .NET 2.0 and above.

There is a known problem with a compiler optimization that can cause IsNullOrEmpty (and other situations where checks are used inside a loop) to behave incorrectly when called inside a loop.

Please check https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=113102 for more information.

Vulnerable code example

1  using System.Data.SqlClient;
2  public class Violation
3  {
4  	public string Test(string s)
5  	{
6  		if (s == "") // Violation
7  		{
8  			return "is null or empty";
9  		}
10 		else
11 		{
12 			return s;
13 		}
14 	}
15 }

Fixed code example

1  public class Repair
2  {
3  	public String Test(String s)
4  	{
5  		if (String.IsNullOrEmpty(s) == true) // Fixed
6  		{
7  			return "is null or empty";
8  		}
9  		else
10 		{
11 			return s;
12 		}
13 	}
14 }