Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21

2026-04-28 02:05:14 +02:00 · 2026-03-06 16:20:36 +01:00
parent 13ce515aab 84bef5d4bc
commit 3b9eba2afc
846 changed files with 87321 additions and 58588 deletions
--- a/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md
+++ b/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
--- a/swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift
+++ b/swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift
@@ -203,7 +203,7 @@ func taintThroughInterpolatedStrings() {

  sink(arg: try! NSString(contentsOfFile: sourceString(), encoding: 0)) // $ tainted=204
  sink(arg: try! NSString(contentsOfFile: sourceString(), usedEncoding: nil)) // $ tainted=205
-  sink(arg: try! NSString(contentsOf: sourceURL(), encoding: 0)) // $: tainted=206
+  sink(arg: try! NSString(contentsOf: sourceURL(), encoding: 0)) // $ tainted=206
  sink(arg: try! NSString(contentsOf: URL(string: sourceString())!, encoding: 0)) // $ tainted=207
  sink(arg: try! NSString(contentsOf: sourceURL(), usedEncoding: nil)) // $ tainted=208
  sink(arg: try! NSString(contentsOf: URL(string: sourceString())!, usedEncoding: nil)) // $ tainted=209