Interpretation of Java format strings is stricter than in languages such as C [Seacord 2013]. The standard library implementations throw appropriate exceptions when any conversion argument fails to match the corresponding format specifier. This approach reduces opportunities for malicious exploits. Nevertheless, if malicious user input can exploit format strings and is accepted in a format string, it can cause information leaks or denial of service. As a result, strings input from an untrusted source should not be incorporated into format strings.
...
Static analysis tools that perform taint analysis can diagnose some violations of this rule.
Related Guidelines
| CERT Perl Secure Coding Standard | IDS30-PL. Exclude user input from format strings |
Injection [RST] | |
CWE-134, Uncontrolled format string |
...