From bd00d079a421643a6a488a43ecb51fcde598fa47 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 9 Jan 2026 13:45:49 -0600
Subject: [PATCH] Fix Non-constant format string issues

* Fixes https://github.com/OpenSCAP/openscap/security/code-scanning/1204
* Fixes https://github.com/OpenSCAP/openscap/security/code-scanning/1203
---
 src/OVAL/probes/independent/filehash58_probe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/OVAL/probes/independent/filehash58_probe.c b/src/OVAL/probes/independent/filehash58_probe.c
index 25e5ec24aa..3431c5118b 100644
--- a/src/OVAL/probes/independent/filehash58_probe.c
+++ b/src/OVAL/probes/independent/filehash58_probe.c
@@ -194,14 +194,14 @@ static int filehash58_cb(const char *prefix, const char *p, const char *f, const
 	hash_type = oscap_string_to_enum(CRAPI_ALG_MAP, h);
 	if (hash_type == 0) {
 		char *msg = oscap_sprintf("This version of OpenSCAP doesn't support the '%s' hash algorithm.", h);
-		dW(msg);
+		dW("%s", msg);
 		itm = probe_item_create (OVAL_INDEPENDENT_FILE_HASH58, NULL,
 			"filepath", OVAL_DATATYPE_STRING, pbuf,
 			"path", OVAL_DATATYPE_STRING, p,
 			"filename", OVAL_DATATYPE_STRING, f,
 			"hash_type", OVAL_DATATYPE_STRING, h,
 			NULL);
-		probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, msg);
+		probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "%s", msg);
 		free(msg);
 		probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR);
 		probe_item_collect(ctx, itm);