From d98dcbbbb8c8c592b17e85fca9cd42d61197bd69 Mon Sep 17 00:00:00 2001
From: Kadir Can Ozden <101993364+bysiber@users.noreply.github.com>
Date: Fri, 20 Feb 2026 05:12:20 +0300
Subject: [PATCH] fix: use % formatting instead of comma in exception
 constructors

Several exception raise statements across the codebase use a comma
instead of % for string formatting, e.g.:
  raise ValueError("message %s", value)
instead of:
  raise ValueError("message %s" % value)

This causes the exception to store a tuple as its message rather
than a properly formatted string, making error messages confusing
and harder to debug.
---
 tornado/concurrent.py        |  2 +-
 tornado/netutil.py           |  2 +-
 tornado/simple_httpclient.py |  2 +-
 tornado/web.py               |  8 ++++----
 tornado/websocket.py         | 12 +++++-------
 5 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/tornado/concurrent.py b/tornado/concurrent.py
index 41958ab6fa..75d77e05b6 100644
--- a/tornado/concurrent.py
+++ b/tornado/concurrent.py
@@ -131,7 +131,7 @@ def wrapper(self: Any, *args: Any, **kwargs: Any) -> Future:
     if len(args) == 1:
         return run_on_executor_decorator(args[0])
     elif len(args) != 0:
-        raise ValueError("expected 1 argument, got %d", len(args))
+        raise ValueError("expected 1 argument, got %d" % len(args))
     return run_on_executor_decorator
 
 
diff --git a/tornado/netutil.py b/tornado/netutil.py
index 3ec76af77c..6106a6dbc6 100644
--- a/tornado/netutil.py
+++ b/tornado/netutil.py
@@ -221,7 +221,7 @@ def bind_unix_socket(
                 if stat.S_ISSOCK(st.st_mode):
                     os.remove(file)
                 else:
-                    raise ValueError("File %s exists and is not a socket", file)
+                    raise ValueError("File %s exists and is not a socket" % file)
             sock.bind(file)
             os.chmod(file, mode)
         else:
diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index 5ed273db3e..aaedae7052 100644
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -390,7 +390,7 @@ async def run(self) -> None:
             if username is not None:
                 assert password is not None
                 if self.request.auth_mode not in (None, "basic"):
-                    raise ValueError("unsupported auth_mode %s", self.request.auth_mode)
+                    raise ValueError("unsupported auth_mode %s" % self.request.auth_mode)
                 self.request.headers["Authorization"] = "Basic " + _unicode(
                     base64.b64encode(
                         httputil.encode_username_password(username, password)
diff --git a/tornado/web.py b/tornado/web.py
index 2351afdbe2..b102f61262 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -438,7 +438,7 @@ def _convert_header_value(self, value: _HeaderTypes) -> str:
         # If \n is allowed into the header, it is possible to inject
         # additional headers or split the request.
         if RequestHandler._VALID_HEADER_CHARS.fullmatch(retval) is None:
-            raise ValueError("Unsafe header value %r", retval)
+            raise ValueError("Unsafe header value %r" % retval)
         return retval
 
     @overload
@@ -1562,7 +1562,7 @@ def xsrf_token(self) -> bytes:
                     ]
                 )
             else:
-                raise ValueError("unknown xsrf cookie version %d", output_version)
+                raise ValueError("unknown xsrf cookie version %d" % output_version)
             if version is None:
                 if self.current_user and "expires_days" not in cookie_kwargs:
                     cookie_kwargs["expires_days"] = 30
@@ -1999,14 +1999,14 @@ def stream_request_body(cls: Type[_RequestHandlerType]) -> Type[_RequestHandlerT
     for example usage.
     """  # noqa: E501
     if not issubclass(cls, RequestHandler):
-        raise TypeError("expected subclass of RequestHandler, got %r", cls)
+        raise TypeError("expected subclass of RequestHandler, got %r" % cls)
     cls._stream_request_body = True
     return cls
 
 
 def _has_stream_request_body(cls: Type[RequestHandler]) -> bool:
     if not issubclass(cls, RequestHandler):
-        raise TypeError("expected subclass of RequestHandler, got %r", cls)
+        raise TypeError("expected subclass of RequestHandler, got %r" % cls)
     return cls._stream_request_body
 
 
diff --git a/tornado/websocket.py b/tornado/websocket.py
index ab9b76f5e9..f516846f46 100644
--- a/tornado/websocket.py
+++ b/tornado/websocket.py
@@ -745,9 +745,8 @@ def __init__(
         # There is no symbolic constant for the minimum wbits value.
         if not (8 <= max_wbits <= zlib.MAX_WBITS):
             raise ValueError(
-                "Invalid max_wbits value %r; allowed range 8-%d",
-                max_wbits,
-                zlib.MAX_WBITS,
+                "Invalid max_wbits value %r; allowed range 8-%d"
+                % (max_wbits, zlib.MAX_WBITS)
             )
         self._max_wbits = max_wbits
 
@@ -794,9 +793,8 @@ def __init__(
             max_wbits = zlib.MAX_WBITS
         if not (8 <= max_wbits <= zlib.MAX_WBITS):
             raise ValueError(
-                "Invalid max_wbits value %r; allowed range 8-%d",
-                max_wbits,
-                zlib.MAX_WBITS,
+                "Invalid max_wbits value %r; allowed range 8-%d"
+                % (max_wbits, zlib.MAX_WBITS)
             )
         self._max_wbits = max_wbits
         if persistent:
@@ -1001,7 +999,7 @@ def _process_server_headers(
             if ext[0] == "permessage-deflate" and self._compression_options is not None:
                 self._create_compressors("client", ext[1])
             else:
-                raise ValueError("unsupported extension %r", ext)
+                raise ValueError("unsupported extension %r" % (ext,))
 
         self.selected_subprotocol = headers.get("Sec-WebSocket-Protocol", None)