rspec/rules/S2615/rule.adoc

== Why is this an issue?

Using an unsanitized, externally-provided format string could lead to errors at runtime and open the door to attackers. This rule raises an issue when an externally-provided format string is used.


=== Noncompliant code example

[source,text]
----
public void formattedLog(String format, String message) {
  String logLine = String.format(format, message);  // Noncompliant
  LOGGER.info(logLine);
}
----
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`Using an unsanitized, externally-provided format string could lead to errors at runtime and open the door to attackers. This rule raises an issue when an externally-provided format string is used.`


			`=== Noncompliant code example`

			`[source,text]`
			`----`
			`public void formattedLog(String format, String message) {`
			`String logLine = String.format(format, message); // Noncompliant`
			`LOGGER.info(logLine);`
			`}`
			`----`