Add MA0183: Detect string.Format without placeholders or formatting arguments

[Copilot]

Implementation Plan for string.Format Analyzer

• 1. Add new rule identifier MA0183 to RuleIdentifiers.cs
• 2. Create StringFormatShouldBeConstantAnalyzer.cs in src/Meziantou.Analyzer/Rules/
• 3. Implement analyzer to detect:
  • string.Format with no formatting arguments (regardless of format string type)
  • string.Format with constant format string that has no placeholders
  • string.Format with constant format string that has only escaped placeholders (e.g., {{0}})
• 4. Create StringFormatShouldBeConstantAnalyzerTests.cs in tests/Meziantou.Analyzer.Test/Rules/
• 5. Add comprehensive test cases covering all scenarios (29 tests)
• 6. Build the analyzer project
• 7. Run tests to validate implementation (29/29 tests passing)
• 8. Update documentation by running dotnet run --project src/DocumentationGenerator
• 9. Perform code review and address feedback
• 10. Run CodeQL security check (0 vulnerabilities found)
• 11. Final verification (all tests passing, Release build successful)

Summary

Successfully implemented MA0183 analyzer that detects string.Format calls without placeholders or formatting arguments:

Invalid cases detected:

• string.Format("value without argument"); - no formatting arguments
• string.Format(format); - non-constant format with no formatting arguments
• string.Format("value with argument", 123); - no placeholders in constant format string
• string.Format("value with argument {{0}}", 123); - only escaped braces, no actual placeholders
• string.Format(CultureInfo.InvariantCulture, "", CultureInfo.InvariantCulture); - IFormatProvider but no placeholders
• string.Format("{٠}", 123); - unicode digit (not ASCII 0-9)

Valid cases (no diagnostic):

• string.Format("value with argument {0}", 123); - has valid placeholder
• string.Format(format, 123); - non-constant format with arguments (placeholders cannot be verified)
• string.Format(CultureInfo.InvariantCulture, "{0}", CultureInfo.InvariantCulture); - IFormatProvider with valid placeholder

Implementation details:

• Analyzer properly handles both string.Format(string, ...) and string.Format(IFormatProvider, string, ...) overloads
• Detects calls with no formatting arguments regardless of whether the format string is constant or variable
• Optimized to only check arguments after the format string (no need to skip IFormatProvider)
• Uses IOperation for analysis following project conventions
• Properly handles implicit params arguments
• Includes optimized placeholder detection using IndexOf for better performance (vectorization)
• Uses explicit ASCII digit check with pattern matching (is >= '0' and <= '9') for cleaner syntax
• Proper handling of escaped braces
• Robust handling of malformed format strings without crashing (tested with edge cases)
• Diagnostic spans cover the full invocation for better error reporting
• Comprehensive documentation and 29 passing test cases including edge cases for:
  • Valid escaped braces: abc{{, abc}}
  • Malformed format strings: abc{, abc{0, abc{abc, abc}, abc{a{, abc{0{, abc{0:
  • IFormatProvider edge cases
  • Unicode digit that is not a valid placeholder: {٠}
• Zero security vulnerabilities
• All existing tests continue to pass

Original prompt

Can you add a new rule that detect string.Format that doesn't have any parameter

Not valid
string.Format("value without argument");
string.Format("value with argument", 123); // constant format without placeholder
string.Format("value with argument {{0}}", 123); // constant format without placeholder

Valid:
string.Format("value with argument {0}", 123);
string.Format(SR.Value, 123);

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.