MDS/openide
1
0
Fork 0
mirror of https://gitflic.ru/project/openide/openide.git synced 2025-12-16 14:23:28 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
40795fe787fd37ab1a4626d72871627cd74cd087
openide/java/java-impl/resources/inspectionDescriptions/StringConcatenationInFormatCall.html
Leonid Shalupov 40795fe787 IJI-2422: community/java: move resources under resources root 
GitOrigin-RevId: 8b2b63fc6db476ca0c2cfe5cadd84db6c4236d0f
2025-02-05 04:43:28 +00:00

34 lines
1.3 KiB
HTML
Raw Blame History

<html>
<body>
Reports non-constant string concatenations used as a format string argument.
<p>
While occasionally intended, this is usually a misuse of a formatting method
and may even cause security issues if the variables used in the concatenated string
contain special characters like <code>%</code>.
</p>
<p>
Also, sometimes this could be the result
of mistakenly concatenating a string format argument by typing a <code>+</code> when a <code>,</code> was meant.
</p>
<p><b>Example:</b></p>
<pre><code>
static String formatGreeting(String userName) {
return String.format("Hello, " + userName);
}
</code></pre>
<p>
Here, the <code>userName</code> will be interpreted as a part of format string, which may result
in <code>IllegalFormatException</code> (for example, if <code>userName</code> is <code>"%"</code>) or
in using an enormous amount of memory (for example, if <code>userName</code> is <code>"%2000000000%"</code>).
The call should be probably replaced with <code>String.format("Hello, %s", userName);</code>.
</p>
<p>
This inspection checks calls to formatting methods on
<code>java.util.Formatter</code>,
<code>java.lang.String</code>,
<code>java.io.PrintWriter</code>,
or <code>java.io.PrintStream</code>.
</p>
<!-- tooltip end -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink