Inspectopedia Help

String concatenation as argument to 'format()' call

Reports non-constant string concatenations used as a format string argument.

While occasionally intended, this is usually a misuse of a formatting method and may even cause security issues if the variables used in the concatenated string contain special characters like %.

Also, sometimes this could be the result of mistakenly concatenating a string format argument by typing a + when a , was meant.

Example:

static String formatGreeting(String userName) { return String.format("Hello, " + userName); }

Here, the userName will be interpreted as a part of format string, which may result in IllegalFormatException (for example, if userName is "%") or in using an enormous amount of memory (for example, if userName is "%2000000000%"). The call should be probably replaced with String.format("Hello, %s", userName);.

This inspection checks calls to formatting methods on java.util.Formatter, java.lang.String, java.io.PrintWriter, or java.io.PrintStream.

Inspection Details

Available in:

IntelliJ IDEA 2023.3, Qodana for JVM 2023.3

Plugin:

Java, 233.SNAPSHOT

Last modified: 13 July 2023
String concatenation as argument to 'MessageFormat.format()' call StringBuilder constructor call with 'char' argument