Skip to content

Potential fix for code scanning alert no. 22: Use of externally-controlled format string #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Potential fix for code scanning alert no. 22: Use of externally-controlled format string #11

wants to merge 1 commit into from

Conversation

@Ninido
Copy link

@Ninido Ninido commented Oct 30, 2025

Potential fix for https://github.com/SolidifyDemo/demo-ghas-verademo/security/code-scanning/22 from the december goal security campaign.

To fix the problem, we need to ensure that the username is not used directly in the format string. Instead, we should use a placeholder (%s) for the username and pass it as an argument to String.format. This way, any format specifiers in the username will not be interpreted by String.format.

  • Modify the formatString to use %s as a placeholder for the username.
  • Pass the username as an argument to String.format.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@Ninido @github-advanced-security
Potential fix for code scanning alert no. 22: Use of externally-contr…
a0ae3bf 
…olled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ninido