Add initial test data for problem query

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/analyses-results.json

@@ -0,0 +1,154 @@
+[
+  {
+    "nwo": "github/codeql",
+    "status": "Completed",
+    "interpretedResults": [
+      {
+        "message": {
+          "tokens": [
+            {
+              "t": "text",
+              "text": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'."
+            }
+          ]
+        },
+        "shortDescription": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'.",
+        "fileLink": {
+          "fileLinkPrefix": "https://github.com/github/codeql/blob/d094bbc06d063d0da8d0303676943c345e61de53",
+          "filePath": "javascript/extractor/tests/regexp/input/multipart.js"
+        },
+        "severity": "Warning",
+        "codeSnippet": {
+          "startLine": 15,
+          "endLine": 22,
+          "text": "\nvar bad95 = new RegExp(\n    \"(a\" + \n    \"|\" + \n    \"aa)*\" + \n    \"b$\"\n);\n\n"
+        },
+        "highlightedRegion": {
+          "startLine": 17,
+          "startColumn": 6,
+          "endLine": 20,
+          "endColumn": 6
+        },
+        "codeFlows": []
+      }
+    ]
+  },
+  {
+    "nwo": "meteor/meteor",
+    "status": "Completed",
+    "interpretedResults": [
+      {
+        "message": {
+          "tokens": [
+            {
+              "t": "text",
+              "text": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'."
+            }
+          ]
+        },
+        "shortDescription": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.",
+        "fileLink": {
+          "fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
+          "filePath": "packages/deprecated/markdown/showdown.js"
+        },
+        "severity": "Warning",
+        "codeSnippet": {
+          "startLine": 413,
+          "endLine": 417,
+          "text": "\t\t/g,hashElement);\n\t*/\n\ttext = text.replace(/(\\n\\n[ ]{0,3}<!(--[^\\r]*?--\\s*)+>[ \\t]*(?=\\n{2,}))/g,hashElement);\n\n\t// PHP and ASP-style processor instructions (<?...?> and <%...%>)\n"
+        },
+        "highlightedRegion": {
+          "startLine": 415,
+          "startColumn": 41,
+          "endLine": 415,
+          "endColumn": 48
+        },
+        "codeFlows": []
+      },
+      {
+        "message": {
+          "tokens": [
+            {
+              "t": "text",
+              "text": "This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'."
+            }
+          ]
+        },
+        "shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'.",
+        "fileLink": {
+          "fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
+          "filePath": "packages/deprecated/markdown/showdown.js"
+        },
+        "severity": "Warning",
+        "codeSnippet": {
+          "startLine": 521,
+          "endLine": 525,
+          "text": "\t// Build a regex to find HTML tags and comments.  See Friedl's\n\t// \"Mastering Regular Expressions\", 2nd Ed., pp. 200-201.\n\tvar regex = /(<[a-z\\/!$](\"[^\"]*\"|'[^']*'|[^'\">])*>|<!(--.*?--\\s*)+>)/gi;\n\n\ttext = text.replace(regex, function(wholeMatch) {\n"
+        },
+        "highlightedRegion": {
+          "startLine": 523,
+          "startColumn": 58,
+          "endLine": 523,
+          "endColumn": 61
+        },
+        "codeFlows": []
+      },
+      {
+        "message": {
+          "tokens": [
+            {
+              "t": "text",
+              "text": "This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\\&'."
+            }
+          ]
+        },
+        "shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\\&'.",
+        "fileLink": {
+          "fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
+          "filePath": "tools/tests/apps/modules/imports/links/acorn/src/parseutil.js"
+        },
+        "severity": "Warning",
+        "codeSnippet": {
+          "startLine": 7,
+          "endLine": 11,
+          "text": "// ## Parser utilities\n\nconst literal = /^(?:'((?:\\\\.|[^'])*?)'|\"((?:\\\\.|[^\"])*?)\")/\npp.strictDirective = function(start) {\n  for (;;) {\n"
+        },
+        "highlightedRegion": {
+          "startLine": 9,
+          "startColumn": 24,
+          "endLine": 9,
+          "endColumn": 38
+        },
+        "codeFlows": []
+      },
+      {
+        "message": {
+          "tokens": [
+            {
+              "t": "text",
+              "text": "This part of the regular expression may cause exponential backtracking on strings starting with '\"' and containing many repetitions of '\\!'."
+            }
+          ]
+        },
+        "shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with '\"' and containing many repetitions of '\\!'.",
+        "fileLink": {
+          "fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
+          "filePath": "tools/tests/apps/modules/imports/links/acorn/src/parseutil.js"
+        },
+        "severity": "Warning",
+        "codeSnippet": {
+          "startLine": 7,
+          "endLine": 11,
+          "text": "// ## Parser utilities\n\nconst literal = /^(?:'((?:\\\\.|[^'])*?)'|\"((?:\\\\.|[^\"])*?)\")/\npp.strictDirective = function(start) {\n  for (;;) {\n"
+        },
+        "highlightedRegion": {
+          "startLine": 9,
+          "startColumn": 43,
+          "endLine": 9,
+          "endColumn": 57
+        },
+        "codeFlows": []
+      }
+    ]
+  }
+]

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/problem-query.json

@@ -0,0 +1,12 @@
+{
+  "queryName": "Inefficient regular expression",
+  "queryFilePath": "c:\\git-repo\\vscode-codeql-starter\\ql\\javascript\\ql\\src\\Performance\\ReDoS.ql",
+  "queryText": "/**\n * @name Inefficient regular expression\n * @description A regular expression that requires exponential time to match certain inputs\n *              can be a performance bottleneck, and may be vulnerable to denial-of-service\n *              attacks.\n * @kind problem\n * @problem.severity error\n * @security-severity 7.5\n * @precision high\n * @id js/redos\n * @tags security\n *       external/cwe/cwe-1333\n *       external/cwe/cwe-730\n *       external/cwe/cwe-400\n */\n\nimport javascript\nimport semmle.javascript.security.performance.ReDoSUtil\nimport semmle.javascript.security.performance.ExponentialBackTracking\n\nfrom RegExpTerm t, string pump, State s, string prefixMsg\nwhere hasReDoSResult(t, pump, s, prefixMsg)\nselect t,\n  \"This part of the regular expression may cause exponential backtracking on strings \" + prefixMsg +\n    \"containing many repetitions of '\" + pump + \"'.\"\n",
+  "language": "javascript",
+  "controllerRepository": {
+    "owner": "dsp-testing",
+    "name": "qc-controller"
+  },
+  "executionStartTime": 1650464389790,
+  "actionsWorkflowRunId": 2196289254
+}

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/results-repo1.md

@@ -0,0 +1,19 @@
+### github/codeql
+
+[javascript/extractor/tests/regexp/input/multipart.js](https://github.com/github/codeql/blob/d094bbc06d063d0da8d0303676943c345e61de53/javascript/extractor/tests/regexp/input/multipart.js#L17-L20)
+
+<pre><code class="javascript">
+
+var bad95 = new RegExp(
+    "<strong>(a" + </strong>
+<strong>    "|" + </strong>
+<strong>    "aa)*" + </strong>
+<strong>    "</strong>b$"
+);
+
+
+</code></pre>
+
+*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'.*
+
+----------------------------------------

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/results-repo2.md

@@ -0,0 +1,61 @@
+### meteor/meteor
+
+[packages/deprecated/markdown/showdown.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/packages/deprecated/markdown/showdown.js#L415-L415)
+
+<pre><code class="javascript">
+		/g,hashElement);
+	*/
+	text = text.replace(/(\n\n[ ]{0,3}<!(--<strong>[^\r]*?</strong>--\s*)+>[ \t]*(?=\n{2,}))/g,hashElement);
+
+	// PHP and ASP-style processor instructions (<?...?> and <%...%>)
+
+</code></pre>
+
+*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.*
+
+----------------------------------------
+
+[packages/deprecated/markdown/showdown.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/packages/deprecated/markdown/showdown.js#L523-L523)
+
+<pre><code class="javascript">
+	// Build a regex to find HTML tags and comments.  See Friedl's
+	// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
+	var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--<strong>.*?</strong>--\s*)+>)/gi;
+
+	text = text.replace(regex, function(wholeMatch) {
+
+</code></pre>
+
+*This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'.*
+
+----------------------------------------
+
+[tools/tests/apps/modules/imports/links/acorn/src/parseutil.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/tools/tests/apps/modules/imports/links/acorn/src/parseutil.js#L9-L9)
+
+<pre><code class="javascript">
+// ## Parser utilities
+
+const literal = /^(?:'(<strong>(?:\\.|[^'])*?</strong>)'|"((?:\\.|[^"])*?)")/
+pp.strictDirective = function(start) {
+  for (;;) {
+
+</code></pre>
+
+*This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\&'.*
+
+----------------------------------------
+
+[tools/tests/apps/modules/imports/links/acorn/src/parseutil.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/tools/tests/apps/modules/imports/links/acorn/src/parseutil.js#L9-L9)
+
+<pre><code class="javascript">
+// ## Parser utilities
+
+const literal = /^(?:'((?:\\.|[^'])*?)'|"(<strong>(?:\\.|[^"])*?</strong>)")/
+pp.strictDirective = function(start) {
+  for (;;) {
+
+</code></pre>
+
+*This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '\!'.*
+
+----------------------------------------

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/summary.md

@@ -0,0 +1,44 @@
+### Results for "Inefficient regular expression"
+
+<details>
+<summary>Query</summary>
+
+```ql
+/**
+ * @name Inefficient regular expression
+ * @description A regular expression that requires exponential time to match certain inputs
+ *              can be a performance bottleneck, and may be vulnerable to denial-of-service
+ *              attacks.
+ * @kind problem
+ * @problem.severity error
+ * @security-severity 7.5
+ * @precision high
+ * @id js/redos
+ * @tags security
+ *       external/cwe/cwe-1333
+ *       external/cwe/cwe-730
+ *       external/cwe/cwe-400
+ */
+
+import javascript
+import semmle.javascript.security.performance.ReDoSUtil
+import semmle.javascript.security.performance.ExponentialBackTracking
+
+from RegExpTerm t, string pump, State s, string prefixMsg
+where hasReDoSResult(t, pump, s, prefixMsg)
+select t,
+  "This part of the regular expression may cause exponential backtracking on strings " + prefixMsg +
+    "containing many repetitions of '" + pump + "'."
+
+```
+
+</details>
+
+<br />
+
+### Summary
+
+| Repository | Results |
+| --- | --- |
+| github/codeql | [1 result(s)](#file-github-codeql-md) |
+| meteor/meteor | [4 result(s)](#file-meteor-meteor-md) |

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/markdown-generation.test.ts

@@ -30,6 +30,33 @@ describe('markdown generation', async function() {
     expect(markdownFile1.join('\n')).to.equal(expectedTestOutput1);
     expect(markdownFile2.join('\n')).to.equal(expectedTestOutput2);
   });
+
+  it('for problem-query: should generate markdown file for each repo with results', async function() {
+    const problemQuery = JSON.parse(
+      await fs.readFile(path.join(__dirname, 'data/interpreted-results/problem/problem-query.json'), 'utf8')
+    );
+
+    const analysesResults = JSON.parse(
+      await fs.readFile(path.join(__dirname, 'data/interpreted-results/problem/analyses-results.json'), 'utf8')
+    );
+    const markdownFiles = generateMarkdown(problemQuery, analysesResults);
+
+    // Check that query has results for two repositories, plus a summary file
+    expect(markdownFiles.length).to.equal(3);
+
+    const markdownFile0 = markdownFiles[0]; // summary file
+    const markdownFile1 = markdownFiles[1]; // results for github/codeql repo
+    const markdownFile2 = markdownFiles[2]; // results for meteor/meteor repo
+
+    const expectedSummaryFile = await readTestOutputFile('data/interpreted-results/problem/summary.md');
+    const expectedTestOutput1 = await readTestOutputFile('data/interpreted-results/problem/results-repo1.md');
+    const expectedTestOutput2 = await readTestOutputFile('data/interpreted-results/problem/results-repo2.md');
+
+    // Check that markdown output is correct, after making line endings consistent
+    expect(markdownFile0.join('\n')).to.equal(expectedSummaryFile);
+    expect(markdownFile1.join('\n')).to.equal(expectedTestOutput1);
+    expect(markdownFile2.join('\n')).to.equal(expectedTestOutput2);
+  });
 });
 
 /**