Fix indentation in exported markdown results

extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts

@@ -205,6 +205,7 @@ function generateMarkdownForPathResults(
     const stepCount = codeFlow.threadFlows.length;
     const title = `Path with ${stepCount} steps`;
     for (let i = 0; i < stepCount; i++) {
+      const listNumber = i + 1;
       const threadFlow = codeFlow.threadFlows[i];
       const link = createMarkdownRemoteFileRef(
         threadFlow.fileLink,
@@ -217,8 +218,9 @@ function generateMarkdownForPathResults(
         threadFlow.highlightedRegion
       );
       // Indent the snippet to fit with the numbered list.
-      const codeSnippetIndented = codeSnippet.map((line) => `    ${line}`);
-      pathLines.push(`${i + 1}. ${link}`, ...codeSnippetIndented);
+      // The indentation is "n + 2" where the list number is an n-digit number.
+      const codeSnippetIndented = codeSnippet.map(line => ' '.repeat(listNumber.toString().length + 2) + line);
+      pathLines.push(`${listNumber}. ${link}`, ...codeSnippetIndented);
     }
     lines.push(
       ...buildExpandableMarkdownSection(title, pathLines)

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/analyses-results.json

@@ -600,6 +600,74 @@
                   "endColumn": 52
                 }
               },
+              {
+                "fileLink": {
+                  "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+                  "filePath": "npm-packages/meteor-installer/install.js"
+                },
+                "codeSnippet": {
+                  "startLine": 257,
+                  "endLine": 261,
+                  "text": "  if (isWindows()) {\n    //set for the current session and beyond\n    child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n    return;\n  }\n"
+                },
+                "highlightedRegion": {
+                  "startLine": 259,
+                  "startColumn": 42,
+                  "endLine": 259,
+                  "endColumn": 52
+                }
+              },
+              {
+                "fileLink": {
+                  "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+                  "filePath": "npm-packages/meteor-installer/install.js"
+                },
+                "codeSnippet": {
+                  "startLine": 257,
+                  "endLine": 261,
+                  "text": "  if (isWindows()) {\n    //set for the current session and beyond\n    child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n    return;\n  }\n"
+                },
+                "highlightedRegion": {
+                  "startLine": 259,
+                  "startColumn": 42,
+                  "endLine": 259,
+                  "endColumn": 52
+                }
+              },
+              {
+                "fileLink": {
+                  "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+                  "filePath": "npm-packages/meteor-installer/install.js"
+                },
+                "codeSnippet": {
+                  "startLine": 257,
+                  "endLine": 261,
+                  "text": "  if (isWindows()) {\n    //set for the current session and beyond\n    child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n    return;\n  }\n"
+                },
+                "highlightedRegion": {
+                  "startLine": 259,
+                  "startColumn": 42,
+                  "endLine": 259,
+                  "endColumn": 52
+                }
+              },
+              {
+                "fileLink": {
+                  "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",
+                  "filePath": "npm-packages/meteor-installer/install.js"
+                },
+                "codeSnippet": {
+                  "startLine": 257,
+                  "endLine": 261,
+                  "text": "  if (isWindows()) {\n    //set for the current session and beyond\n    child_process.execSync(`setx path \"${meteorPath}/;%path%`);\n    return;\n  }\n"
+                },
+                "highlightedRegion": {
+                  "startLine": 259,
+                  "startColumn": 42,
+                  "endLine": 259,
+                  "endColumn": 52
+                }
+              },
               {
                 "fileLink": {
                   "fileLinkPrefix": "https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec",

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/expected/github-codeql.md

@@ -16,44 +16,44 @@
 <summary>Path with 5 steps</summary>
 
 1. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
-    <pre><code class="javascript">  path = require("path");
-    function cleanupTemp() {
-      let cmd = "rm -rf " + path.join(<strong>__dirname</strong>, "temp");
-      cp.execSync(cmd); // BAD
-    }
-    </code></pre>
-    
+   <pre><code class="javascript">  path = require("path");
+   function cleanupTemp() {
+     let cmd = "rm -rf " + path.join(<strong>__dirname</strong>, "temp");
+     cp.execSync(cmd); // BAD
+   }
+   </code></pre>
+
 2. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
-    <pre><code class="javascript">  path = require("path");
-    function cleanupTemp() {
-      let cmd = "rm -rf " + <strong>path.join(__dirname, "temp")</strong>;
-      cp.execSync(cmd); // BAD
-    }
-    </code></pre>
-    
+   <pre><code class="javascript">  path = require("path");
+   function cleanupTemp() {
+     let cmd = "rm -rf " + <strong>path.join(__dirname, "temp")</strong>;
+     cp.execSync(cmd); // BAD
+   }
+   </code></pre>
+
 3. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
-    <pre><code class="javascript">  path = require("path");
-    function cleanupTemp() {
-      let cmd = <strong>"rm -rf " + path.join(__dirname, "temp")</strong>;
-      cp.execSync(cmd); // BAD
-    }
-    </code></pre>
-    
+   <pre><code class="javascript">  path = require("path");
+   function cleanupTemp() {
+     let cmd = <strong>"rm -rf " + path.join(__dirname, "temp")</strong>;
+     cp.execSync(cmd); // BAD
+   }
+   </code></pre>
+
 4. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
-    <pre><code class="javascript">  path = require("path");
-    function cleanupTemp() {
-      let <strong>cmd = "rm -rf " + path.join(__dirname, "temp")</strong>;
-      cp.execSync(cmd); // BAD
-    }
-    </code></pre>
-    
+   <pre><code class="javascript">  path = require("path");
+   function cleanupTemp() {
+     let <strong>cmd = "rm -rf " + path.join(__dirname, "temp")</strong>;
+     cp.execSync(cmd); // BAD
+   }
+   </code></pre>
+
 5. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L5-L5)
-    <pre><code class="javascript">function cleanupTemp() {
-      let cmd = "rm -rf " + path.join(__dirname, "temp");
-      cp.execSync(<strong>cmd</strong>); // BAD
-    }
-    </code></pre>
-    
+   <pre><code class="javascript">function cleanupTemp() {
+     let cmd = "rm -rf " + path.join(__dirname, "temp");
+     cp.execSync(<strong>cmd</strong>); // BAD
+   }
+   </code></pre>
+
 
 </details>
 
@@ -76,29 +76,29 @@
 <summary>Path with 3 steps</summary>
 
 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
-    <pre><code class="javascript">(function() {
-    	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
-    	cp.execSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // BAD
-    
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    </code></pre>
-    
+   <pre><code class="javascript">(function() {
+   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
+   	cp.execSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // BAD
+
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   </code></pre>
+
 2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
-    <pre><code class="javascript">(function() {
-    	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
-    	cp.execSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // BAD
-    
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    </code></pre>
-    
+   <pre><code class="javascript">(function() {
+   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
+   	cp.execSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // BAD
+
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   </code></pre>
+
 3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
-    <pre><code class="javascript">(function() {
-    	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
-    	cp.execSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // BAD
-    
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    </code></pre>
-    
+   <pre><code class="javascript">(function() {
+   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
+   	cp.execSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // BAD
+
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   </code></pre>
+
 
 </details>
 
@@ -121,29 +121,29 @@
 <summary>Path with 3 steps</summary>
 
 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
-    <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-    
-    	execa.shell('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
-    	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    
-    </code></pre>
-    
+   <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+   	execa.shell('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
+   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+   </code></pre>
+
 2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
-    <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-    
-    	execa.shell('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
-    	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    
-    </code></pre>
-    
+   <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+   	execa.shell('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
+   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+   </code></pre>
+
 3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
-    <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
-    
-    	execa.shell(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
-    	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    
-    </code></pre>
-    
+   <pre><code class="javascript">	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
+
+   	execa.shell(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
+   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+
+   </code></pre>
+
 
 </details>
 
@@ -166,29 +166,29 @@
 <summary>Path with 3 steps</summary>
 
 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-    <pre><code class="javascript">
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    	execa.shellSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
-    
-    	const safe = "\"" + path.join(__dirname, "temp") + "\"";
-    </code></pre>
-    
+   <pre><code class="javascript">
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   	execa.shellSync('rm -rf ' + path.join(<strong>__dirname</strong>, "temp")); // NOT OK
+
+   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
+   </code></pre>
+
 2. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-    <pre><code class="javascript">
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    	execa.shellSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
-    
-    	const safe = "\"" + path.join(__dirname, "temp") + "\"";
-    </code></pre>
-    
+   <pre><code class="javascript">
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   	execa.shellSync('rm -rf ' + <strong>path.join(__dirname, "temp")</strong>); // NOT OK
+
+   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
+   </code></pre>
+
 3. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
-    <pre><code class="javascript">
-    	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
-    	execa.shellSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
-    
-    	const safe = "\"" + path.join(__dirname, "temp") + "\"";
-    </code></pre>
-    
+   <pre><code class="javascript">
+   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
+   	execa.shellSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
+
+   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
+   </code></pre>
+
 
 </details>