Merge pull request #21038 from github/path-combine-name-desc-update

Clarify Path.Combine call behavior

csharp/ql/src/Bad Practices/PathCombine.ql

@@ -1,6 +1,7 @@
 /**
- * @name Call to System.IO.Path.Combine
- * @description Finds calls to System.IO.Path's Combine method
+ * @name Call to 'System.IO.Path.Combine' may silently drop its earlier arguments
+ * @description 'Path.Combine' may silently drop its earlier arguments
+ *              if its later arguments are absolute paths.
  * @kind problem
  * @problem.severity recommendation
  * @precision very-high
@@ -15,4 +16,4 @@ import semmle.code.csharp.frameworks.System
 
 from MethodCall call
 where call.getTarget().hasFullyQualifiedName("System.IO", "Path", "Combine")
-select call, "Call to 'System.IO.Path.Combine'."
+select call, "Call to 'System.IO.Path.Combine' may silently drop its earlier arguments."

csharp/ql/src/change-notes/2025-12-16-path-combine-metadata.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.

csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.expected

@@ -1 +1 @@
-| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine'. |
+| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine' may silently drop its earlier arguments. |