String concatenation as argument to 'format()' call

Reports non-constant string concatenations used as a format string argument.

While occasionally intended, this is usually a misuse of a formatting method and may even cause security issues if the variables used in the concatenated string contain special characters like %.

Also, sometimes this could be the result of mistakenly concatenating a string format argument by typing a + when a , was meant.

Example:

  static String formatGreeting(String userName) {
    return String.format("Hello, " + userName);
  }

Here, the userName will be interpreted as a part of format string, which may result in IllegalFormatException (for example, if userName is "%") or in using an enormous amount of memory (for example, if userName is "%2000000000%"). The call should be probably replaced with String.format("Hello, %s", userName);.

This inspection checks calls to formatting methods on java.util.Formatter, java.lang.String, java.io.PrintWriter, or java.io.PrintStream.

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

StringConcatenationInFormatCall

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Java | Probable bugs

Inspection Details
By default bundled with:	IntelliJ IDEA 2024.2, Qodana for JVM 2024.2,
Can be installed with plugin:	Java, 242.22892

Last modified: 11 September 2024