dgryski.semgrep-go.mail-address.sprintf-mail-address
dgryskiAuthor
581
Download Count*
License
use net/mail Address.String() instead of fmt.Sprintf()
Run Locally
Run in CI
Defintion
rules:
- id: sprintf-mail-address
pattern-either:
- pattern: fmt.Sprintf(`"%s" <%s>`, $NAME, $EMAIL)
- pattern: fmt.Sprintf(`"%s"<%s>`, $NAME, $EMAIL)
- pattern: fmt.Sprintf("\"%s\"<%s>", $NAME, $EMAIL)
- pattern: fmt.Sprintf("\"%s\" <%s>", $NAME, $EMAIL)
- pattern: fmt.Sprintf("%s<%s>", $NAME, $EMAIL)
- pattern: fmt.Sprintf("%s <%s>", $NAME, $EMAIL)
message: use net/mail Address.String() instead of fmt.Sprintf()
fix: (&mail.Address{Name:$NAME, Address:$EMAIL}).String()
languages:
- go
severity: ERROR
metadata:
license: MIT
Short Link: https://sg.run/KlNP