FormatException in string.Format due to user input containing place holders

[efr15]

Describe the bug

For instance, a diagnostic is created because a VALUE assigned to a data is too big compared to the data declaration. The diagnostic mentions the value itself. It may contain some braces which are considered by string.Format as place holders (and thus leads to a FormatException).

Technical The place holders should be escaped in the user input. In Diagnostic constructor, a string.Format is possibly vulnerable when called by Violation sub-class. Fix: the message should be escaped in method Violation.ToDiagnosticMessage.

But all string.Format usages should be checked.

How to test automatically Write new tests reproducing the problems