Formatting string mixes implicitly and explicitly numbered fields¶
ID: py/str-format/mixed-fieldsKind: problemSecurity severity: Severity: errorPrecision: highTags: - quality - reliability - correctnessQuery suites: - python-security-and-quality.qls
Click to see the query in the CodeQL repository
A formatting expression, that is an expression of the formthe_format.format(args) orformat(the_format,args), can use explicitly numbered fields, like{1}, or implicitly numbered fields, such as{}, but it cannot use both. Doing so will raise aValueError.
Recommendation¶
Use either explicitly numbered fields or implicitly numbered fields, but be consistent.
Example¶
In the following example the formatting uses both implicit,{}, and explicit,{1}, numbering for fields, which is illegal.
defillegal_format():"{}{1}".format("spam","eggs")
References¶
Python Library Reference:String Formatting.