14 lines
393 B
Plaintext
14 lines
393 B
Plaintext
Using an unsanitized, externally-provided format string could lead to errors at runtime and open the door to attackers. This rule raises an issue when an externally-provided format string is used.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
public void formattedLog(String format, String message) {
|
|
String logLine = String.format(format, message); // Noncompliant
|
|
LOGGER.info(logLine);
|
|
}
|
|
----
|
|
|
|
|