Swift: correct the example.

geoffw0 · geoffw0 · commit 157a7829ca37 · 2022-12-01T18:35:10.000Z
diff --git a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.qhelp b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.qhelp
@@ -13,7 +13,7 @@ Passing untrusted format strings to functions that use <code>printf</code> style
 <p>Use a string literal for the format string to prevent the possibility of data flow from
 an untrusted source. This also helps to prevent errors where the format arguments do not match the format string.</p>
 
-<p>If the format string cannot be constant, ensure that it comes from a secure data source or is compiled into the source code. If you need to include a value from the user, use the <code>%s</code> specifier in the format string and include that value as a format argument.
+<p>If the format string cannot be constant, ensure that it comes from a secure data source or is compiled into the source code. If you need to include a value from the user, use the <code>%@</code> specifier in the format string and include that value as a format argument.
 </p>
 
 </recommendation>
diff --git a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatStringGood.swift b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatStringGood.swift
@@ -1,2 +1,2 @@
 
-print(String(format: "User input: %s", inputString)) // fixed
+print(String(format: "User input: %@", inputString)) // fixed

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`
`2`		`-print(String(format: "User input: %s", inputString)) // fixed`
	`2`	`+print(String(format: "User input: %@", inputString)) // fixed`