Skip to content

Commit bd1f6cf

Browse files
shati-patelshati-patel
authored
Fix indentation in exported markdown results (#1693)
1 parent 78f0917 commit bd1f6cf

File tree

4 files changed

+264
-162
lines changed

4 files changed

+264
-162
lines changed

extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,7 @@ function generateMarkdownForPathResults(
205205
const stepCount = codeFlow.threadFlows.length;
206206
const title = `Path with ${stepCount} steps`;
207207
for (let i = 0; i < stepCount; i++) {
208+
const listNumber = i + 1;
208209
const threadFlow = codeFlow.threadFlows[i];
209210
const link = createMarkdownRemoteFileRef(
210211
threadFlow.fileLink,
@@ -217,8 +218,9 @@ function generateMarkdownForPathResults(
217218
threadFlow.highlightedRegion
218219
);
219220
// Indent the snippet to fit with the numbered list.
220-
const codeSnippetIndented = codeSnippet.map((line) => ` ${line}`);
221-
pathLines.push(`${i + 1}. ${link}`, ...codeSnippetIndented);
221+
// The indentation is "n + 2" where the list number is an n-digit number.
222+
const codeSnippetIndented = codeSnippet.map(line => ' '.repeat(listNumber.toString().length + 2) + line);
223+
pathLines.push(`${listNumber}. ${link}`, ...codeSnippetIndented);
222224
}
223225
lines.push(
224226
...buildExpandableMarkdownSection(title, pathLines)

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -600,6 +600,74 @@
600600
"endColumn": 52
601601
}
602602
},
603+
{
604+
"fileLink": {
605+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
606+
"filePath": "npm-packages/meteor-installer/install.js"
607+
},
608+
"codeSnippet": {
609+
"startLine": 257,
610+
"endLine": 261,
611+
"text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
612+
},
613+
"highlightedRegion": {
614+
"startLine": 259,
615+
"startColumn": 42,
616+
"endLine": 259,
617+
"endColumn": 52
618+
}
619+
},
620+
{
621+
"fileLink": {
622+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
623+
"filePath": "npm-packages/meteor-installer/install.js"
624+
},
625+
"codeSnippet": {
626+
"startLine": 257,
627+
"endLine": 261,
628+
"text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
629+
},
630+
"highlightedRegion": {
631+
"startLine": 259,
632+
"startColumn": 42,
633+
"endLine": 259,
634+
"endColumn": 52
635+
}
636+
},
637+
{
638+
"fileLink": {
639+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
640+
"filePath": "npm-packages/meteor-installer/install.js"
641+
},
642+
"codeSnippet": {
643+
"startLine": 257,
644+
"endLine": 261,
645+
"text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
646+
},
647+
"highlightedRegion": {
648+
"startLine": 259,
649+
"startColumn": 42,
650+
"endLine": 259,
651+
"endColumn": 52
652+
}
653+
},
654+
{
655+
"fileLink": {
656+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
657+
"filePath": "npm-packages/meteor-installer/install.js"
658+
},
659+
"codeSnippet": {
660+
"startLine": 257,
661+
"endLine": 261,
662+
"text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
663+
},
664+
"highlightedRegion": {
665+
"startLine": 259,
666+
"startColumn": 42,
667+
"endLine": 259,
668+
"endColumn": 52
669+
}
670+
},
603671
{
604672
"fileLink": {
605673
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md

Lines changed: 97 additions & 97 deletions
Original file line numberDiff line numberDiff line change
@@ -16,44 +16,44 @@
1616
<summary>Path with 5 steps</summary>
1717

1818
1. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
19-
<pre><code class="javascript"> path = require("path");
20-
function cleanupTemp() {
21-
let cmd = "rm -rf " + path.join(<strong>__dirname</strong>, "temp");
22-
cp.execSync(cmd); // BAD
23-
}
24-
</code></pre>
25-
19+
<pre><code class="javascript"> path = require("path");
20+
function cleanupTemp() {
21+
let cmd = "rm -rf " + path.join(<strong>__dirname</strong>, "temp");
22+
cp.execSync(cmd); // BAD
23+
}
24+
</code></pre>
25+
2626
2. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
27-
<pre><code class="javascript"> path = require("path");
28-
function cleanupTemp() {
29-
let cmd = "rm -rf " + <strong>path.join(__dirname, "temp")</strong>;
30-
cp.execSync(cmd); // BAD
31-
}
32-
</code></pre>
33-
27+
<pre><code class="javascript"> path = require("path");
28+
function cleanupTemp() {
29+
let cmd = "rm -rf " + <strong>path.join(__dirname, "temp")</strong>;
30+
cp.execSync(cmd); // BAD
31+
}
32+
</code></pre>
33+
3434
3. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
35-
<pre><code class="javascript"> path = require("path");
36-
function cleanupTemp() {
37-
let cmd = <strong>"rm -rf " + path.join(__dirname, "temp")</strong>;
38-
cp.execSync(cmd); // BAD
39-
}
40-
</code></pre>
41-
35+
<pre><code class="javascript"> path = require("path");
36+
function cleanupTemp() {
37+
let cmd = <strong>"rm -rf " + path.join(__dirname, "temp")</strong>;
38+
cp.execSync(cmd); // BAD
39+
}
40+
</code></pre>
41+
4242
4. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
43-
<pre><code class="javascript"> path = require("path");
44-
function cleanupTemp() {
45-
let <strong>cmd = "rm -rf " + path.join(__dirname, "temp")</strong>;
46-
cp.execSync(cmd); // BAD
47-
}
48-
</code></pre>
49-
43+
<pre><code class="javascript"> path = require("path");
44+
function cleanupTemp() {
45+
let <strong>cmd = "rm -rf " + path.join(__dirname, "temp")</strong>;
46+
cp.execSync(cmd); // BAD
47+
}
48+
</code></pre>
49+
5050
5. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L5-L5)
51-
<pre><code class="javascript">function cleanupTemp() {
52-
let cmd = "rm -rf " + path.join(__dirname, "temp");
53-
cp.execSync(<strong>cmd</strong>); // BAD
54-
}
55-
</code></pre>
56-
51+
<pre><code class="javascript">function cleanupTemp() {
52+
let cmd = "rm -rf " + path.join(__dirname, "temp");
53+
cp.execSync(<strong>cmd</strong>); // BAD
54+
}
55+
</code></pre>
56+
5757

5858
</details>
5959

@@ -76,29 +76,29 @@
7676
<summary>Path with 3 steps</summary>
7777

7878
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
79-
<pre><code class="javascript">(function() {
80-
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
81-
cp.execSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // BAD
82-
83-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
84-
</code></pre>
85-
79+
<pre><code class="javascript">(function() {
80+
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
81+
cp.execSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // BAD
82+
83+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
84+
</code></pre>
85+
8686
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
87-
<pre><code class="javascript">(function() {
88-
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
89-
cp.execSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // BAD
90-
91-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
92-
</code></pre>
93-
87+
<pre><code class="javascript">(function() {
88+
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
89+
cp.execSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // BAD
90+
91+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
92+
</code></pre>
93+
9494
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
95-
<pre><code class="javascript">(function() {
96-
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
97-
cp.execSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // BAD
98-
99-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
100-
</code></pre>
101-
95+
<pre><code class="javascript">(function() {
96+
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
97+
cp.execSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // BAD
98+
99+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
100+
</code></pre>
101+
102102

103103
</details>
104104

@@ -121,29 +121,29 @@
121121
<summary>Path with 3 steps</summary>
122122

123123
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
124-
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
125-
126-
execa.shell('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
127-
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
128-
129-
</code></pre>
130-
124+
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
125+
126+
execa.shell('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
127+
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
128+
129+
</code></pre>
130+
131131
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
132-
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
133-
134-
execa.shell('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
135-
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
136-
137-
</code></pre>
138-
132+
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
133+
134+
execa.shell('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
135+
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
136+
137+
</code></pre>
138+
139139
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
140-
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
141-
142-
execa.shell(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
143-
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
144-
145-
</code></pre>
146-
140+
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
141+
142+
execa.shell(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
143+
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
144+
145+
</code></pre>
146+
147147

148148
</details>
149149

@@ -166,29 +166,29 @@
166166
<summary>Path with 3 steps</summary>
167167

168168
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
169-
<pre><code class="javascript">
170-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
171-
execa.shellSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
172-
173-
const safe = "\"" + path.join(__dirname, "temp") + "\"";
174-
</code></pre>
175-
169+
<pre><code class="javascript">
170+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
171+
execa.shellSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
172+
173+
const safe = "\"" + path.join(__dirname, "temp") + "\"";
174+
</code></pre>
175+
176176
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
177-
<pre><code class="javascript">
178-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
179-
execa.shellSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
180-
181-
const safe = "\"" + path.join(__dirname, "temp") + "\"";
182-
</code></pre>
183-
177+
<pre><code class="javascript">
178+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
179+
execa.shellSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
180+
181+
const safe = "\"" + path.join(__dirname, "temp") + "\"";
182+
</code></pre>
183+
184184
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
185-
<pre><code class="javascript">
186-
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
187-
execa.shellSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
188-
189-
const safe = "\"" + path.join(__dirname, "temp") + "\"";
190-
</code></pre>
191-
185+
<pre><code class="javascript">
186+
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
187+
execa.shellSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
188+
189+
const safe = "\"" + path.join(__dirname, "temp") + "\"";
190+
</code></pre>
191+
192192

193193
</details>
194194

0 commit comments

Comments
 (0)