Unused format argument¶
ID: java/unused-format-argumentKind: problemSecurity severity: Severity: warningPrecision: very-highTags: - quality - maintainability - useless-code - external/cwe/cwe-685Query suites: - java-security-and-quality.qls
Click to see the query in the CodeQL repository
When formatting strings usingprintf-style format strings, one must ensure that the number of supplied arguments matches the number of arguments referenced by the format string. Additional arguments will be thrown away silently, which may not be the intended behavior, and too few arguments will cause anIllegalFormatException.
Format strings are used by theformat method on the classesString,Formatter,Console,PrintWriter, andPrintStream. Several of these classes also supply the method aliasprintf. The classConsole has two additional methods,readLine andreadPassword, that also use format strings.
Recommendation¶
Change the format string to use all the arguments, or remove the unnecessary arguments.
Example¶
The following example supplies three arguments to be formatted, but the format string only refers to two arguments, so this will silently ignore the third argument.
System.out.format("First string: %s Second string: %s","Hello","world","!");
References¶
Java API Specification:Format string syntax,Class String,Class Formatter,Class Console,Class PrintWriter,Class PrintStream.
SLF4J library:org.slf4j.Logger.
Common Weakness Enumeration:CWE-685.