Reports non-constant string concatenations used as a format string argument.

While occasionally intended, this is usually a misuse of a formatting method and may even cause security issues if the variables used in the concatenated string contain special characters like %.

Also, sometimes this could be the result of mistakenly concatenating a string format argument by typing a + when a , was meant.

Example:


  static String formatGreeting(String userName) {
    return String.format("Hello, " + userName);
  }

Here, the userName will be interpreted as a part of format string, which may result in IllegalFormatException (for example, if userName is "%") or in using an enormous amount of memory (for example, if userName is "%2000000000%"). The call should be probably replaced with String.format("Hello, %s", userName);.

This inspection checks calls to formatting methods on java.util.Formatter, java.lang.String, java.io.PrintWriter, or java.io.PrintStream.