diff --git a/extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts b/extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts
index a0998874c81..b6a71b8d482 100644
--- a/extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts
+++ b/extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts
@@ -205,6 +205,7 @@ function generateMarkdownForPathResults(
const stepCount = codeFlow.threadFlows.length;
const title = `Path with ${stepCount} steps`;
for (let i = 0; i < stepCount; i++) {
+ const listNumber = i + 1;
const threadFlow = codeFlow.threadFlows[i];
const link = createMarkdownRemoteFileRef(
threadFlow.fileLink,
@@ -217,8 +218,9 @@ function generateMarkdownForPathResults(
threadFlow.highlightedRegion
);
// Indent the snippet to fit with the numbered list.
- const codeSnippetIndented = codeSnippet.map((line) => ` ${line}`);
- pathLines.push(`${i + 1}. ${link}`, ...codeSnippetIndented);
+ // The indentation is "n + 2" where the list number is an n-digit number.
+ const codeSnippetIndented = codeSnippet.map(line => ' '.repeat(listNumber.toString().length + 2) + line);
+ pathLines.push(`${listNumber}. ${link}`, ...codeSnippetIndented);
}
lines.push(
...buildExpandableMarkdownSection(title, pathLines)
diff --git a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json
index ab10ed23712..ee8a1f759b4 100644
--- a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json
+++ b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json
@@ -600,6 +600,74 @@
"endColumn": 52
}
},
+ {
+ "fileLink": {
+ "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+ "filePath": "npm-packages/meteor-installer/install.js"
+ },
+ "codeSnippet": {
+ "startLine": 257,
+ "endLine": 261,
+ "text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
+ },
+ "highlightedRegion": {
+ "startLine": 259,
+ "startColumn": 42,
+ "endLine": 259,
+ "endColumn": 52
+ }
+ },
+ {
+ "fileLink": {
+ "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+ "filePath": "npm-packages/meteor-installer/install.js"
+ },
+ "codeSnippet": {
+ "startLine": 257,
+ "endLine": 261,
+ "text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
+ },
+ "highlightedRegion": {
+ "startLine": 259,
+ "startColumn": 42,
+ "endLine": 259,
+ "endColumn": 52
+ }
+ },
+ {
+ "fileLink": {
+ "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+ "filePath": "npm-packages/meteor-installer/install.js"
+ },
+ "codeSnippet": {
+ "startLine": 257,
+ "endLine": 261,
+ "text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
+ },
+ "highlightedRegion": {
+ "startLine": 259,
+ "startColumn": 42,
+ "endLine": 259,
+ "endColumn": 52
+ }
+ },
+ {
+ "fileLink": {
+ "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+ "filePath": "npm-packages/meteor-installer/install.js"
+ },
+ "codeSnippet": {
+ "startLine": 257,
+ "endLine": 261,
+ "text": " if (isWindows()) {\n //set for the current session and beyond\n child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n return;\n }\n"
+ },
+ "highlightedRegion": {
+ "startLine": 259,
+ "startColumn": 42,
+ "endLine": 259,
+ "endColumn": 52
+ }
+ },
{
"fileLink": {
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
diff --git a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md
index b90c363ae70..cd8eeac2807 100644
--- a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md
+++ b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md
@@ -16,44 +16,44 @@
Path with 5 steps
1. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
- path = require("path");
- function cleanupTemp() {
- let cmd = "rm -rf " + path.join(__dirname, "temp");
- cp.execSync(cmd); // BAD
- }
-
-
+ path = require("path");
+ function cleanupTemp() {
+ let cmd = "rm -rf " + path.join(__dirname, "temp");
+ cp.execSync(cmd); // BAD
+ }
+
+
2. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
- path = require("path");
- function cleanupTemp() {
- let cmd = "rm -rf " + path.join(__dirname, "temp");
- cp.execSync(cmd); // BAD
- }
-
-
+ path = require("path");
+ function cleanupTemp() {
+ let cmd = "rm -rf " + path.join(__dirname, "temp");
+ cp.execSync(cmd); // BAD
+ }
+
+
3. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
- path = require("path");
- function cleanupTemp() {
- let cmd = "rm -rf " + path.join(__dirname, "temp");
- cp.execSync(cmd); // BAD
- }
-
-
+ path = require("path");
+ function cleanupTemp() {
+ let cmd = "rm -rf " + path.join(__dirname, "temp");
+ cp.execSync(cmd); // BAD
+ }
+
+
4. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
- path = require("path");
- function cleanupTemp() {
- let cmd = "rm -rf " + path.join(__dirname, "temp");
- cp.execSync(cmd); // BAD
- }
-
-
+ path = require("path");
+ function cleanupTemp() {
+ let cmd = "rm -rf " + path.join(__dirname, "temp");
+ cp.execSync(cmd); // BAD
+ }
+
+
5. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L5-L5)
- function cleanupTemp() {
- let cmd = "rm -rf " + path.join(__dirname, "temp");
- cp.execSync(cmd); // BAD
- }
-
-
+ function cleanupTemp() {
+ let cmd = "rm -rf " + path.join(__dirname, "temp");
+ cp.execSync(cmd); // BAD
+ }
+
+
@@ -76,29 +76,29 @@
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
- (function() {
- cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
+ (function() {
+ cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
- (function() {
- cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
+ (function() {
+ cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
- (function() {
- cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
+ (function() {
+ cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
@@ -121,29 +121,29 @@
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
-
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
+
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
-
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
+
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
- cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
-
-
+ cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+
+
@@ -166,29 +166,29 @@
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
- const safe = "\"" + path.join(__dirname, "temp") + "\"";
-
-
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+ const safe = "\"" + path.join(__dirname, "temp") + "\"";
+
+
2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
- const safe = "\"" + path.join(__dirname, "temp") + "\"";
-
-
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+ const safe = "\"" + path.join(__dirname, "temp") + "\"";
+
+
3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-
- execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
- execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-
- const safe = "\"" + path.join(__dirname, "temp") + "\"";
-
-
+
+ execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+ execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+ const safe = "\"" + path.join(__dirname, "temp") + "\"";
+
+
diff --git a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/meteor-meteor.md b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/meteor-meteor.md
index 02f224f1031..6a216f144d8 100644
--- a/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/meteor-meteor.md
+++ b/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/meteor-meteor.md
@@ -14,61 +14,93 @@
#### Paths
-Path with 7 steps
+Path with 11 steps
1. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39)
-
- const meteorLocalFolder = '.meteor';
- const meteorPath = path.resolve(rootPath, meteorLocalFolder);
-
- module.exports = {
-
-
+
+ const meteorLocalFolder = '.meteor';
+ const meteorPath = path.resolve(rootPath, meteorLocalFolder);
+
+ module.exports = {
+
+
2. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39)
-
- const meteorLocalFolder = '.meteor';
- const meteorPath = path.resolve(rootPath, meteorLocalFolder);
-
- module.exports = {
-
-
+
+ const meteorLocalFolder = '.meteor';
+ const meteorPath = path.resolve(rootPath, meteorLocalFolder);
+
+ module.exports = {
+
+
3. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L44-L44)
- METEOR_LATEST_VERSION,
- extractPath: rootPath,
- meteorPath,
- release: process.env.INSTALL_METEOR_VERSION || METEOR_LATEST_VERSION,
- rootPath,
-
-
+ METEOR_LATEST_VERSION,
+ extractPath: rootPath,
+ meteorPath,
+ release: process.env.INSTALL_METEOR_VERSION || METEOR_LATEST_VERSION,
+ rootPath,
+
+
4. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L12-L12)
- const os = require('os');
- const {
- meteorPath,
- release,
- startedPath,
-
-
+ const os = require('os');
+ const {
+ meteorPath,
+ release,
+ startedPath,
+
+
5. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L11-L23)
- const tmp = require('tmp');
- const os = require('os');
- const {
- meteorPath,
- release,
- startedPath,
- extractPath,
- isWindows,
- rootPath,
- sudoUser,
- isSudo,
- isMac,
- METEOR_LATEST_VERSION,
- shouldSetupExecPath,
- } = require('./config.js');
- const { uninstall } = require('./uninstall');
- const {
-
-
+ const tmp = require('tmp');
+ const os = require('os');
+ const {
+ meteorPath,
+ release,
+ startedPath,
+ extractPath,
+ isWindows,
+ rootPath,
+ sudoUser,
+ isSudo,
+ isMac,
+ METEOR_LATEST_VERSION,
+ shouldSetupExecPath,
+ } = require('./config.js');
+ const { uninstall } = require('./uninstall');
+ const {
+
+
6. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
+ if (isWindows()) {
+ //set for the current session and beyond
+ child_process.execSync(`setx path "${meteorPath}/;%path%`);
+ return;
+ }
+
+
+7. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
+ if (isWindows()) {
+ //set for the current session and beyond
+ child_process.execSync(`setx path "${meteorPath}/;%path%`);
+ return;
+ }
+
+
+8. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
+ if (isWindows()) {
+ //set for the current session and beyond
+ child_process.execSync(`setx path "${meteorPath}/;%path%`);
+ return;
+ }
+
+
+9. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
+ if (isWindows()) {
+ //set for the current session and beyond
+ child_process.execSync(`setx path "${meteorPath}/;%path%`);
+ return;
+ }
+
+
+10. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
if (isWindows()) {
//set for the current session and beyond
child_process.execSync(`setx path "${meteorPath}/;%path%`);
@@ -76,7 +108,7 @@
}
-7. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
+11. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
if (isWindows()) {
//set for the current session and beyond
child_process.execSync(`setx path "${meteorPath}/;%path%`);
@@ -91,21 +123,21 @@
Path with 2 steps
1. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39)
-
- const meteorLocalFolder = '.meteor';
- const meteorPath = path.resolve(rootPath, meteorLocalFolder);
-
- module.exports = {
-
-
+
+ const meteorLocalFolder = '.meteor';
+ const meteorPath = path.resolve(rootPath, meteorLocalFolder);
+
+ module.exports = {
+
+
2. [npm-packages/meteor-installer/install.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/install.js#L259-L259)
- if (isWindows()) {
- //set for the current session and beyond
- child_process.execSync(`setx path "${meteorPath}/;%path%`);
- return;
- }
-
-
+ if (isWindows()) {
+ //set for the current session and beyond
+ child_process.execSync(`setx path "${meteorPath}/;%path%`);
+ return;
+ }
+
+