9

SC2059

Lawrence Velázquez edited this page 2025-01-18 15:18:35 -05:00

Table of Contents

• Don't use variables in the printf format string. Use printf "..%s.." "$foo".
• Problematic code:
• Correct code:
• Rationale:
• Exceptions:
• Related resources:

Don't use variables in the printf format string. Use printf "..%s.." "$foo".

Problematic code:

printf "Hello, $NAME\n"

Correct code:

printf "Hello, %s\n" "$NAME"

Rationale:

printf interprets escape sequences and format specifiers in the format string. If variables are included, any escape sequences or format specifiers in the data will be interpreted too, when you most likely wanted to treat it as data. Example:

coverage='96%'
printf "Unit test coverage: %s\n" "$coverage"
printf "Unit test coverage: $coverage\n"

The first printf writes Unit test coverage: 96%.

The second writes bash: printf: `\': invalid format character

Sometimes you may actually want to interpret data as a format string, like in:

octToAscii() { printf "\\$1"; }
octToAscii 130

In this case, use the %b format specifier that expands escape sequences without interpreting other format specifiers:

octToAscii() { printf '%b' "\0$1"; }
octToAscii 130

Exceptions:

Sometimes you might have a pattern in a variable:

filepattern="file-%d.jpg"
printf -v filename "$filepattern" "$number"

This has no good rewrite. Please ignore the warning with a directive.

Related resources:

• https://pubs.opengroup.org/onlinepubs/9799919799/utilities/printf.html

ShellCheck

• Installation

  • CentOS6
  • More Installation Guides

• Usage

  • Directive
  • Ignore

• Integrating and extending

  • Misc. contributions
  • Azure Pipelines
  • Buildkite
  • CircleCI
  • DevGuide
  • Integration
  • JUnit
  • Phabricator
  • TravisCI
  • GitLab CI
  • Drone
  • GitHub Actions

• Severity

• Template

Each individual ShellCheck warning has its own wiki page like SC1000. Use GitHub Wiki's "Pages" feature above to find a specific one, or see Checks.