From 41ca024150a025d758225fd9bfedf1ba422391de Mon Sep 17 00:00:00 2001
From: "Charles S. Givre" <cgivre@apache.org>
Date: Fri, 13 Mar 2026 10:35:41 -0400
Subject: [PATCH] Potential fix for code scanning alert no. 22: Use of
 externally-controlled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../apache/drill/common/exceptions/UserException.java  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/common/src/main/java/org/apache/drill/common/exceptions/UserException.java b/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
index 550d2899cbb..fd0a3d9e230 100644
--- a/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
+++ b/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
@@ -23,6 +23,7 @@
 import java.io.File;
 import java.io.FileWriter;
 import java.lang.management.ManagementFactory;
+import java.util.Arrays;
 
 import org.apache.drill.exec.proto.CoordinationProtos;
 import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
@@ -507,9 +508,16 @@ public Builder message(final String format, final Object... args) {
       // we can't replace the message of a user exception
       if (uex == null && format != null) {
         if (args.length == 0) {
+          // No arguments: treat the provided text as the full message.
           message = format;
         } else {
-          message = String.format(format, args);
+          // Avoid treating user-controlled input as a format string. Instead,
+          // append the argument values in a simple, predictable way.
+          StringBuilder sb = new StringBuilder(format);
+          sb.append(" [");
+          sb.append(Arrays.toString(args));
+          sb.append(']');
+          message = sb.toString();
         }
       }
       return this;