[metadata]
id = "FIO47-C"
type = "recommendation"
category = "FIO"
number = 47
title = "Use valid format strings"
description = """
The formatted output functions (fprintf()and related functions) convert, format,
and print their arguments under control of aformatstring. The C Standard,
7.23.6.1, paragraph 3 [ISO/IEC 9899:2024], specifies Eachconversion
specificationis introduced by the%character followed (in order) by Common
mistakes in creating format strings include
"""
severity = "High"
likelihood = "Unlikely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Oct 29, 2025"
[rules.cert_c.FIO47-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/FIO47-C.+Use+valid+format+strings"
cwe = ["CWE-686", "CWE-685", "CWE-134"]