From 29ffd87bf86ca60f58d77a806c0a06d600d276a7 Mon Sep 17 00:00:00 2001
From: Kristen Newbury <knewbury01@github.com>
Date: Thu, 14 May 2026 12:58:20 -0400
Subject: [PATCH] Add full stop to alert messages in UntrustedCheckoutHigh and
 UntrustedCheckoutCritical

---
 actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +-
 actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
index cbf38e2e371..1097d581ee0 100644
--- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
+++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
@@ -52,5 +52,5 @@ where
   not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout")) and
   not exists(ControlCheck check | check.protects(poisonable, event, "untrusted-checkout"))
 select poisonable, checkout, poisonable,
-  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@)",
+  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@).",
   event, event.getName()
diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
index 50274a249d4..982cf6ada8f 100644
--- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
+++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
@@ -43,5 +43,5 @@ where
     not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout"))
   )
 select checkout,
-  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@)",
+  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@).",
   event, event.getName()