From 9893360415d92325275a4cba7efa73eada50e011 Mon Sep 17 00:00:00 2001
From: koalaman <vidar@vidarholen.net>
Date: Sat, 8 Feb 2014 11:06:04 -0800
Subject: [PATCH] Created SC2059 (markdown)

---
 SC2059.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 SC2059.md

diff --git a/SC2059.md b/SC2059.md
new file mode 100644
index 0000000..3de0b63
--- /dev/null
+++ b/SC2059.md
@@ -0,0 +1,30 @@
+# Don't use variables in the printf format string. Use printf "..%s.." "$foo".
+
+### Problematic code:
+
+    printf "Hello, $NAME\n"
+
+### Correct code:
+
+    printf "Hello, %s\n" "$NAME"
+
+### Rationale:
+
+`printf` interprets escape sequences and format specifiers in the format string. If variables are included, any escape sequences or format specifiers in the data will be interpreted too, when you most likely wanted to treat it as data. Example:
+
+    coverage='96%'
+    printf "Unit test coverage: %s\n" "$coverage"
+    printf "Unit test coverage: $coverage\n"
+
+The first printf writes `Unit test coverage: 96%`. 
+
+The second writes ``bash: printf: `\': invalid format character``
+
+### Contraindications
+
+Sometimes you may actually want to interpret data as a format string, like in:
+
+    hexToAscii() { printf "\x$1"; }
+    hexToAscii 21
+
+Like all warnings, you can selectively silence this warning with a [directive]. 
\ No newline at end of file