Printf
with dynamic first argument and no further arguments SCC-SA1006133
134 // TODO: Blend extraInfo into ValidationError and remove this hack
135 if err, extraInfo := appConfig.ValidateGroups(ctx, lo.Keys(args.ProcessGroups)); err != nil {
136 fmt.Fprintf(iostreams.FromContext(ctx).ErrOut, extraInfo)137 tracing.RecordError(span, err, "failed to validate process groups")
138 return nil, err
139 }
32 }
33
34 if customPrompt != "" {
35 fmt.Fprintf(io.Out, customPrompt) 36 } else {
37 fmt.Fprintf(io.Out, "Configuration changes to be applied to machine: %s (%s)\n", colorize.Bold(machine.ID), colorize.Bold(machine.Name))
38 }
Using fmt.Printf
with a dynamic first argument can lead to unexpected output.
The first argument is a format string, where certain character combinations have
special meaning.
Forming the first parameter via string
concatenation with user input should be
avoided for the same reason. When printing user input, either use a variant of
fmt.Print
, or use the %s
Printf
verb and pass the string
as an argument.
s := "Interest rate: 5%"
fmt.Printf(s) // Prints: Interest rate: 5%!(NOVERB)
s := "Interest rate: 5%"
fmt.Print(s) // Prints: Interest rate: 5%
s := "Interest rate: 5%"
fmt.Printf("%s", s) // Prints: Interest rate: 5%