Inspectopedia
 
2024.3

String concatenation as argument to 'format()' call

Warning
New
Last modified: 03 December 2024

Reports non-constant string concatenations used as a format string argument.

While occasionally intended, this is usually a misuse of a formatting method and may even cause security issues if the variables used in the concatenated string contain special characters like %.

Also, sometimes this could be the result of mistakenly concatenating a string format argument by typing a + when a , was meant.

Example:

Here, the userName will be interpreted as a part of format string, which may result in IllegalFormatException (for example, if userName is "%") or in using an enormous amount of memory (for example, if userName is "%2000000000%"). The call should be probably replaced with String.format("Hello, %s", userName);.

This inspection checks calls to formatting methods on java.util.Formatter, java.lang.String, java.io.PrintWriter, or java.io.PrintStream.