Skip to content

fix: prevent fmt.Sprintf from mangling % characters in plan output#2616

Open
m-agahi wants to merge 2 commits intodiggerhq:developfrom
m-agahi:fix/fmt-sprintf-percent-in-plan-output
Open

fix: prevent fmt.Sprintf from mangling % characters in plan output#2616
m-agahi wants to merge 2 commits intodiggerhq:developfrom
m-agahi:fix/fmt-sprintf-percent-in-plan-output

Conversation

@m-agahi
Copy link
Copy Markdown

@m-agahi m-agahi commented Mar 18, 2026
edited
Loading

🧠 Ai UsageDetails (if applicable):

This PR was written with the assistance of Claude Code (code fix, tests, and PR description generated by Claude Code, reviewed manually).

Problem

GetTerraformOutputAsCollapsibleComment and AsCollapsibleComment embed the comment and summary strings directly into the format string passed to fmt.Sprintf. Any % characters in the content get interpreted as format verbs, producing %!(MISSING) / %!(BADWIDTH) in the output.

Real-world examples that trigger this:

  • MySQL wildcard host 10.% in mysql_user / mysql_grant resource addresses
  • override_special = "~!#%^&*()..." in random_password resources

Before (broken):

return fmt.Sprintf(`<details %v><summary>` + summary + `</summary>\n...\n` + comment + `\n...`, openTag)

After (fixed):

return fmt.Sprintf("<details %s><summary>%s</summary>\n\n```terraform\n%s\n```\n</details>", openTag, summary, comment)

Changes

  • GetTerraformOutputAsCollapsibleComment: pass summary and comment as %s arguments instead of interpolating into the format string
  • AsCollapsibleComment: same fix
  • Added regression tests for both functions covering % in comments, % in summaries, and open/closed tag behavior

GetTerraformOutputAsComment and AsComment use string concatenation (not fmt.Sprintf) so they are unaffected.

Test plan

  • go test -v ./libs/comment_utils/reporting/ — all 7 tests pass
  • Verified tests fail on the unfixed code with %!(MISSING) errors, confirming they catch the bug

m-agahi added 2 commits March 18, 2026 14:19
@m-agahi
fix: prevent fmt.Sprintf from mangling % characters in plan output
a2360c1 
GetTerraformOutputAsCollapsibleComment and AsCollapsibleComment embed
the comment and summary strings directly into the fmt.Sprintf format
string. Any % characters in the content (e.g. MySQL wildcard host
"10.%" or random_password override_special strings) get interpreted
as format verbs, producing %!(MISSING) / %!(BADWIDTH) in the output.

Fix by passing summary and comment as explicit %s arguments instead.
@m-agahi
test: add regression tests for % character handling in comment format…
3cc76fc 
…ters

Tests verify that GetTerraformOutputAsCollapsibleComment and
AsCollapsibleComment do not mangle % characters in comments or
summaries (e.g. MySQL wildcard host 10.%, override_special with %).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@m-agahi