From 66b13f6bf1cd72a03a0859bd5593e4f7764b1d72 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 8 Jul 2026 16:38:36 +0300 Subject: [PATCH] Reference the supplied format arguments (CodeQL java/unused-format-argument) Ten format/log calls passed arguments that the format string never referenced, so the values were silently dropped from the message. Add the missing placeholders so the arguments actually appear: - SLF4JErrorReporter.warning/error: the format string was empty ("") while five values (message, sourceName, line, lineSource, lineOffset) were passed, so nothing about the script error was logged. Use a message with five {} placeholders. - Util.rangeCheck (int/long/float): the "Value must be between %d and %d, inclusive: " message ended after the colon and dropped the offending value. Append the matching specifier so the value is shown. - FieldStorageSchemeImpl.fieldMatches: three logger.error calls had no {} placeholder, dropping the stored field (and, on the two-arg calls, keeping the exception as the trailing throwable). Add a {} for the stored field. - OpenAMSessionModule.onValidateSuccess/onUserResponse: two LOG.error calls dropped the non-2xx response body. Add a {} so the body is logged. Behaviour is otherwise unchanged; only the previously discarded values now reach the message. --- .../jaspi/modules/session/openam/OpenAMSessionModule.java | 4 ++-- .../selfservice/core/crypto/FieldStorageSchemeImpl.java | 7 ++++--- persistit/core/src/main/java/com/persistit/util/Util.java | 7 ++++--- .../forgerock/script/javascript/SLF4JErrorReporter.java | 6 ++++-- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/commons/auth-filters/authn-filter/jaspi-modules/openam-session-module/src/main/java/org/forgerock/jaspi/modules/session/openam/OpenAMSessionModule.java b/commons/auth-filters/authn-filter/jaspi-modules/openam-session-module/src/main/java/org/forgerock/jaspi/modules/session/openam/OpenAMSessionModule.java index 3a45371c85..577b1d4511 100644 --- a/commons/auth-filters/authn-filter/jaspi-modules/openam-session-module/src/main/java/org/forgerock/jaspi/modules/session/openam/OpenAMSessionModule.java +++ b/commons/auth-filters/authn-filter/jaspi-modules/openam-session-module/src/main/java/org/forgerock/jaspi/modules/session/openam/OpenAMSessionModule.java @@ -314,7 +314,7 @@ private AsyncFunction onValidateS public Promise apply(Response response) { try { if (!response.getStatus().isSuccessful()) { - LOG.error("REST validation call returned non HTTP 200 response", + LOG.error("REST validation call returned non HTTP 200 response: {}", response.getEntity().getString()); return newResultPromise(SEND_FAILURE); } @@ -365,7 +365,7 @@ private Function onUserResponse(f public AuthStatus apply(Response response) throws AuthenticationException { if (!response.getStatus().isSuccessful()) { try { - LOG.error("REST validation call returned non HTTP 200 response", + LOG.error("REST validation call returned non HTTP 200 response: {}", response.getEntity().getString()); return SEND_FAILURE; } catch (IOException e) { diff --git a/commons/selfservice/core/src/main/java/org/forgerock/selfservice/core/crypto/FieldStorageSchemeImpl.java b/commons/selfservice/core/src/main/java/org/forgerock/selfservice/core/crypto/FieldStorageSchemeImpl.java index 79dd65e899..6afbc54dc3 100644 --- a/commons/selfservice/core/src/main/java/org/forgerock/selfservice/core/crypto/FieldStorageSchemeImpl.java +++ b/commons/selfservice/core/src/main/java/org/forgerock/selfservice/core/crypto/FieldStorageSchemeImpl.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2015 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems, LLC */ package org.forgerock.selfservice.core.crypto; @@ -121,14 +122,14 @@ public boolean fieldMatches(String plaintextfield, String storedField) { saltLength = decodedBytes.length - digestSize; if (saltLength <= 0) { - logger.error("Invalid decoded stored field", storedField); + logger.error("Invalid decoded stored field: {}", storedField); return false; } saltBytes = new byte[saltLength]; System.arraycopy(decodedBytes, 0, digestBytes, 0, digestSize); System.arraycopy(decodedBytes, digestSize, saltBytes, 0, saltLength); } catch (Exception e) { - logger.error("Cannot decode stored field", storedField, e); + logger.error("Cannot decode stored field: {}", storedField, e); return false; } @@ -145,7 +146,7 @@ public boolean fieldMatches(String plaintextfield, String storedField) { try { userDigestBytes = messageDigest.digest(plainPlusSalt); } catch (Exception e) { - logger.error("Cannot encode field", storedField, e); + logger.error("Cannot encode field: {}", storedField, e); return false; } finally { Arrays.fill(plainPlusSalt, (byte) 0); diff --git a/persistit/core/src/main/java/com/persistit/util/Util.java b/persistit/core/src/main/java/com/persistit/util/Util.java index 390cd79e87..b94de030a9 100644 --- a/persistit/core/src/main/java/com/persistit/util/Util.java +++ b/persistit/core/src/main/java/com/persistit/util/Util.java @@ -12,6 +12,7 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * Portions Copyrighted 2026 3A Systems, LLC */ package com.persistit.util; @@ -581,7 +582,7 @@ public static int rangeCheck(final int value, final int min, final int max) { throw new IllegalArgumentException(String.format("Value must be greater than or equal to %,d: %,d", min, value)); } else { - throw new IllegalArgumentException(String.format("Value must be between %d and %d, inclusive: ", min, max, + throw new IllegalArgumentException(String.format("Value must be between %d and %d, inclusive: %d", min, max, value)); } } @@ -598,7 +599,7 @@ public static long rangeCheck(final long value, final long min, final long max) throw new IllegalArgumentException(String.format("Value must be greater than or equal to %,d: %,d", min, value)); } else { - throw new IllegalArgumentException(String.format("Value must be between %d and %d, inclusive: ", min, max, + throw new IllegalArgumentException(String.format("Value must be between %d and %d, inclusive: %d", min, max, value)); } } @@ -615,7 +616,7 @@ public static float rangeCheck(final float value, final float min, final float m throw new IllegalArgumentException(String.format("Value must be greater than or equal to %,f: %,f", min, value)); } else { - throw new IllegalArgumentException(String.format("Value must be between %f and %f, inclusive: ", min, max, + throw new IllegalArgumentException(String.format("Value must be between %f and %f, inclusive: %f", min, max, value)); } } diff --git a/script/javascript/src/main/java/org/forgerock/script/javascript/SLF4JErrorReporter.java b/script/javascript/src/main/java/org/forgerock/script/javascript/SLF4JErrorReporter.java index 9091a6e5c1..dd6020afe3 100644 --- a/script/javascript/src/main/java/org/forgerock/script/javascript/SLF4JErrorReporter.java +++ b/script/javascript/src/main/java/org/forgerock/script/javascript/SLF4JErrorReporter.java @@ -20,6 +20,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems, LLC */ package org.forgerock.script.javascript; @@ -49,14 +51,14 @@ public SLF4JErrorReporter(ErrorReporter chainedReporter) { public void warning(String message, String sourceName, int line, String lineSource, int lineOffset) { - logger.warn("", new Object[] { message, sourceName, line, lineSource, lineOffset }); + logger.warn("{} ({}#{}): {} [offset {}]", new Object[] { message, sourceName, line, lineSource, lineOffset }); if (chainedReporter != null) { chainedReporter.warning(message, sourceName, line, lineSource, lineOffset); } } public void error(String message, String sourceName, int line, String lineSource, int lineOffset) { - logger.error("", new Object[] { message, sourceName, line, lineSource, lineOffset }); + logger.error("{} ({}#{}): {} [offset {}]", new Object[] { message, sourceName, line, lineSource, lineOffset }); if (chainedReporter != null) { chainedReporter.error(message, sourceName, line, lineSource, lineOffset); } else {