Prefer annotated tokens (like %<foo>s</foo>
) over unannotated tokens (like %s
). Open
'OSVDB' => 'http://www.osvdb.org/%s',
- Read upRead up
- Exclude checks
Use a consistent style for named format string tokens.
Note:
unannotated
style cop only works for strings
which are passed as arguments to those methods:
sprintf
, format
, %
.
The reason is that unannotated format is very similar
to encoded URLs or Date/Time formatting strings.
Example: EnforcedStyle: annotated (default)
# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%<greeting>s', greeting: 'Hello')</greeting>
Example: EnforcedStyle: template
# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%{greeting}', greeting: 'Hello')</greeting>
Example: EnforcedStyle: unannotated
# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')
# good
format('%s', 'Hello')</greeting>
Prefer annotated tokens (like %<foo>s</foo>
) over unannotated tokens (like %s
). Open
'EDB' => 'https://www.exploit-db.com/exploits/%s',
- Read upRead up
- Exclude checks
Use a consistent style for named format string tokens.
Note:
unannotated
style cop only works for strings
which are passed as arguments to those methods:
sprintf
, format
, %
.
The reason is that unannotated format is very similar
to encoded URLs or Date/Time formatting strings.
Example: EnforcedStyle: annotated (default)
# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%<greeting>s', greeting: 'Hello')</greeting>
Example: EnforcedStyle: template
# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%{greeting}', greeting: 'Hello')</greeting>
Example: EnforcedStyle: unannotated
# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')
# good
format('%s', 'Hello')</greeting>
Prefer annotated tokens (like %<foo>s</foo>
) over unannotated tokens (like %s
). Open
'WPVDB' => 'https://wpvulndb.com/vulnerabilities/%s',
- Read upRead up
- Exclude checks
Use a consistent style for named format string tokens.
Note:
unannotated
style cop only works for strings
which are passed as arguments to those methods:
sprintf
, format
, %
.
The reason is that unannotated format is very similar
to encoded URLs or Date/Time formatting strings.
Example: EnforcedStyle: annotated (default)
# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%<greeting>s', greeting: 'Hello')</greeting>
Example: EnforcedStyle: template
# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%{greeting}', greeting: 'Hello')</greeting>
Example: EnforcedStyle: unannotated
# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')
# good
format('%s', 'Hello')</greeting>
Prefer annotated tokens (like %<foo>s</foo>
) over unannotated tokens (like %s
). Open
'URL' => '%s'
- Read upRead up
- Exclude checks
Use a consistent style for named format string tokens.
Note:
unannotated
style cop only works for strings
which are passed as arguments to those methods:
sprintf
, format
, %
.
The reason is that unannotated format is very similar
to encoded URLs or Date/Time formatting strings.
Example: EnforcedStyle: annotated (default)
# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%<greeting>s', greeting: 'Hello')</greeting>
Example: EnforcedStyle: template
# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%{greeting}', greeting: 'Hello')</greeting>
Example: EnforcedStyle: unannotated
# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')
# good
format('%s', 'Hello')</greeting>
Prefer annotated tokens (like %<foo>s</foo>
) over unannotated tokens (like %s
). Open
'CVE' => 'http://www.cvedetails.com/cve/CVE-%s',
- Read upRead up
- Exclude checks
Use a consistent style for named format string tokens.
Note:
unannotated
style cop only works for strings
which are passed as arguments to those methods:
sprintf
, format
, %
.
The reason is that unannotated format is very similar
to encoded URLs or Date/Time formatting strings.
Example: EnforcedStyle: annotated (default)
# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%<greeting>s', greeting: 'Hello')</greeting>
Example: EnforcedStyle: template
# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')
# good
format('%{greeting}', greeting: 'Hello')</greeting>
Example: EnforcedStyle: unannotated
# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')
# good
format('%s', 'Hello')</greeting>