Unused format argument¶

ID: java/unused-format-argument
Kind: problem
Security severity: 
Severity: warning
Precision: very-high
Tags:
   - quality
   - maintainability
   - useless-code
   - external/cwe/cwe-685
Query suites:
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

When formatting strings using printf-style format strings, one must ensure that the number of supplied arguments matches the number of arguments referenced by the format string. Additional arguments will be thrown away silently, which may not be the intended behavior, and too few arguments will cause an IllegalFormatException.

Format strings are used by the format method on the classes String, Formatter, Console, PrintWriter, and PrintStream. Several of these classes also supply the method alias printf. The class Console has two additional methods, readLine and readPassword, that also use format strings.

Recommendation¶

Change the format string to use all the arguments, or remove the unnecessary arguments.

Example¶

The following example supplies three arguments to be formatted, but the format string only refers to two arguments, so this will silently ignore the third argument.

System.out.format("First string: %s Second string: %s", "Hello", "world", "!");

References¶

Java API Specification: Format string syntax, Class String, Class Formatter, Class Console, Class PrintWriter, Class PrintStream.
SLF4J library: org.slf4j.Logger.
Common Weakness Enumeration: CWE-685.

© GitHub, Inc.
Terms
Privacy

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Unused format argument¶

Recommendation¶

Example¶

References¶

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.