diff options
| author | Ben Wiederhake <BenWiederhake.GitHub@gmx.de> | 2021-09-09 17:06:15 +0200 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2021-09-11 15:16:26 +0100 |
| commit | 2e4ec891dadb49965f9de900082d2fd3e52a6577 (patch) | |
| tree | c56eab743ccaa2b8e643b5dc59b71c7348080bda | |
| parent | 7dfecbee4471d9e34b9a8f099479ff30f145ea4e (diff) | |
| download | serenity-2e4ec891dadb49965f9de900082d2fd3e52a6577.zip | |
Everywhere: Fix format-vulnerabilities
Command used:
grep -Pirn '(out|warn)ln\((?!["\)]|format,|stderr,|stdout,|output, ")' \
AK Kernel/ Tests/ Userland/
(Plus some manual reviewing.)
Let's pick ArgsParser as an example:
outln(file, m_general_help);
This will fail at runtime if the general help happens to contain braces.
Even if this transformation turns out to be unnecessary in a place or
two, this way the code is "more obviously" correct.
| -rw-r--r-- | Tests/LibSQL/TestSqlStatementExecution.cpp | 2 | ||||
| -rw-r--r-- | Userland/Libraries/LibCore/ArgsParser.cpp | 2 | ||||
| -rw-r--r-- | Userland/Utilities/mktemp.cpp | 2 | ||||
| -rw-r--r-- | Userland/Utilities/sql.cpp | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/Tests/LibSQL/TestSqlStatementExecution.cpp b/Tests/LibSQL/TestSqlStatementExecution.cpp index cd9a35f2d9..4f202b1270 100644 --- a/Tests/LibSQL/TestSqlStatementExecution.cpp +++ b/Tests/LibSQL/TestSqlStatementExecution.cpp @@ -24,7 +24,7 @@ RefPtr<SQL::SQLResult> execute(NonnullRefPtr<SQL::Database> database, String con auto statement = parser.next_statement(); EXPECT(!parser.has_errors()); if (parser.has_errors()) { - outln(parser.errors()[0].to_string()); + outln("{}", parser.errors()[0].to_string()); } SQL::AST::ExecutionContext context { database }; auto result = statement->execute(context); diff --git a/Userland/Libraries/LibCore/ArgsParser.cpp b/Userland/Libraries/LibCore/ArgsParser.cpp index 54a362331f..dfb027e276 100644 --- a/Userland/Libraries/LibCore/ArgsParser.cpp +++ b/Userland/Libraries/LibCore/ArgsParser.cpp @@ -201,7 +201,7 @@ void ArgsParser::print_usage(FILE* file, const char* argv0) if (m_general_help != nullptr && m_general_help[0] != '\0') { outln(file, "\nDescription:"); - outln(file, m_general_help); + outln(file, "{}", m_general_help); } if (!m_options.is_empty()) diff --git a/Userland/Utilities/mktemp.cpp b/Userland/Utilities/mktemp.cpp index 8d82e9eb76..d5a5f8fe9a 100644 --- a/Userland/Utilities/mktemp.cpp +++ b/Userland/Utilities/mktemp.cpp @@ -110,7 +110,7 @@ int main(int argc, char** argv) return 1; } - outln(final_path); + outln("{}", final_path); free(final_path); return 0; } diff --git a/Userland/Utilities/sql.cpp b/Userland/Utilities/sql.cpp index b58c7bc045..e79189bfac 100644 --- a/Userland/Utilities/sql.cpp +++ b/Userland/Utilities/sql.cpp @@ -191,7 +191,7 @@ int main() sql_client->on_next_result = [&](int, Vector<String> const& row) { StringBuilder builder; builder.join(", ", row); - outln(builder.build()); + outln("{}", builder.build()); }; sql_client->on_results_exhausted = [&](int, int total_rows) { |