mrva/vscode-codeql
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Tidy up how we display paths

Browse Source
This commit is contained in:
shati-patel
2022-04-25 16:37:06 +01:00
committed by Shati Patel
parent f55f46f95b
commit b363f77a83
3 changed files with 51 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
extensions/ql-vscode/src/remote-queries/remote-queries-markdown-generation.ts
View File

@@ -89,12 +89,18 @@ function generateMarkdownForInterpretedResult(interpretedResult: AnalysisAlert,
...generateMarkdownForCodeSnippet(codeSnippet, language, highlightedRegion), ...generateMarkdownForCodeSnippet(codeSnippet, language, highlightedRegion),
); );
} }
const alertMessageLines = buildMarkdownAlertMessage(interpretedResult, language); const alertMessage = generateMarkdownForAlertMessage(interpretedResult);
lines.push(...alertMessageLines); lines.push(alertMessage, '');
// If available, show paths
const hasPathResults = interpretedResult.codeFlows.length > 0;
if (hasPathResults) {
const pathLines = generateMarkdownForPathResults(interpretedResult, language);
lines.push(...pathLines);
}
// Padding between results // Padding between results
lines.push( lines.push(
'',
'----------------------------------------', '----------------------------------------',
'', '',
); );
@@ -142,50 +148,36 @@ function highlightCodeLines(
return `${partiallyHighlightedLine.plainSection1}<strong>${partiallyHighlightedLine.highlightedSection}</strong>${partiallyHighlightedLine.plainSection2}`; return `${partiallyHighlightedLine.plainSection1}<strong>${partiallyHighlightedLine.highlightedSection}</strong>${partiallyHighlightedLine.plainSection2}`;
} }
function buildMarkdownAlertMessage( function generateMarkdownForAlertMessage(
interpretedResult: AnalysisAlert, interpretedResult: AnalysisAlert
language: string ): string {
): string[] { let alertMessage = '';
const hasPathResults = interpretedResult.codeFlows.length > 0; for (const token of interpretedResult.message.tokens) {
if (hasPathResults) { if (token.t === 'text') {
// For path-problem queries, the "alert message" is an expandable section containing the path results. alertMessage += token.text;
return buildMarkdownPathResults(interpretedResult, language); } else if (token.t === 'location') {
} else { alertMessage += createMarkdownRemoteFileRef(
let alertMessage = ''; token.location.fileLink,
// For regular problem queries (no paths), the alert message is just a message token.location.highlightedRegion?.startLine,
// containing a link to the affected file. token.location.highlightedRegion?.endLine,
for (const token of interpretedResult.message.tokens) { token.text
if (token.t === 'text') { );
alertMessage += token.text;
} else if (token.t === 'location') {
alertMessage += createMarkdownRemoteFileRef(
token.location.fileLink,
token.location.highlightedRegion?.startLine,
token.location.highlightedRegion?.endLine,
token.text
);
}
} }
// Italicize the alert message
return [`*${alertMessage}*`];
} }
// Italicize the alert message
return `*${alertMessage}*`;
} }
function buildMarkdownPathResults( function generateMarkdownForPathResults(
interpretedResult: AnalysisAlert, interpretedResult: AnalysisAlert,
language: string language: string
): MarkdownFile { ): MarkdownFile {
let alertMessage = '';
for (const token of interpretedResult.message.tokens) {
alertMessage += token.text;
}
const pathLines: MarkdownFile = []; const pathLines: MarkdownFile = [];
pathLines.push('#### Paths', '');
for (const codeFlow of interpretedResult.codeFlows) { for (const codeFlow of interpretedResult.codeFlows) {
const stepCount = codeFlow.threadFlows.length; const stepCount = codeFlow.threadFlows.length;
pathLines.push(`Path with ${stepCount} steps`); pathLines.push(`#### Path with ${stepCount} steps`);
let index = 1; for (let i = 0; i < codeFlow.threadFlows.length; i++) {
for (const threadFlow of codeFlow.threadFlows) { const threadFlow = codeFlow.threadFlows[i];
const link = createMarkdownRemoteFileRef( const link = createMarkdownRemoteFileRef(
threadFlow.fileLink, threadFlow.fileLink,
threadFlow.highlightedRegion?.startLine, threadFlow.highlightedRegion?.startLine,
@@ -198,11 +190,10 @@ function buildMarkdownPathResults(
); );
// Indent the snippet to fit with the numbered list. // Indent the snippet to fit with the numbered list.
const codeSnippetIndented = codeSnippet.map((line) => ` ${line}`); const codeSnippetIndented = codeSnippet.map((line) => ` ${line}`);
pathLines.push(`${index}. ${link}`, ...codeSnippetIndented); pathLines.push(`${i + 1}. ${link}`, ...codeSnippetIndented);
index++;
} }
} }
return buildExpandableMarkdownSection(`<i>${alertMessage}</i>`, pathLines); return buildExpandableMarkdownSection('Show paths', pathLines);
} }
/** /**

36
extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/results-repo1.md
View File

@@ -8,12 +8,12 @@
} }
</code></pre> </code></pre>
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4).*
<details> <details>
<summary><i>This shell command depends on an uncontrolled absolute path.</i></summary> <summary>Show paths</summary>
#### Paths #### Path with 5 steps
Path with 5 steps
1. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4) 1. [javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4)
<pre><code class="javascript"> path = require("path"); <pre><code class="javascript"> path = require("path");
function cleanupTemp() { function cleanupTemp() {
@@ -56,7 +56,6 @@ Path with 5 steps
</details> </details>
---------------------------------------- ----------------------------------------
[javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6) [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
@@ -68,12 +67,12 @@ Path with 5 steps
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
</code></pre> </code></pre>
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6).*
<details> <details>
<summary><i>This shell command depends on an uncontrolled absolute path.</i></summary> <summary>Show paths</summary>
#### Paths #### Path with 3 steps
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6) 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6)
<pre><code class="javascript">(function() { <pre><code class="javascript">(function() {
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
@@ -101,7 +100,6 @@ Path with 3 steps
</details> </details>
---------------------------------------- ----------------------------------------
[javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8) [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
@@ -113,12 +111,12 @@ Path with 3 steps
</code></pre> </code></pre>
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8).*
<details> <details>
<summary><i>This shell command depends on an uncontrolled absolute path.</i></summary> <summary>Show paths</summary>
#### Paths #### Path with 3 steps
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8) 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8)
<pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD <pre><code class="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
@@ -146,7 +144,6 @@ Path with 3 steps
</details> </details>
---------------------------------------- ----------------------------------------
[javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9) [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
@@ -158,12 +155,12 @@ Path with 3 steps
const safe = "\"" + path.join(__dirname, "temp") + "\""; const safe = "\"" + path.join(__dirname, "temp") + "\"";
</code></pre> </code></pre>
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9).*
<details> <details>
<summary><i>This shell command depends on an uncontrolled absolute path.</i></summary> <summary>Show paths</summary>
#### Paths #### Path with 3 steps
Path with 3 steps
1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9) 1. [javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9)
<pre><code class="javascript"> <pre><code class="javascript">
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
@@ -191,5 +188,4 @@ Path with 3 steps
</details> </details>
---------------------------------------- ----------------------------------------

9
extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/results-repo2.md
View File

@@ -9,12 +9,12 @@
} }
</code></pre> </code></pre>
*This shell command depends on an uncontrolled [absolute path](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39).*
<details> <details>
<summary><i>This shell command depends on an uncontrolled absolute path.</i></summary> <summary>Show paths</summary>
#### Paths #### Path with 7 steps
Path with 7 steps
1. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39) 1. [npm-packages/meteor-installer/config.js](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39)
<pre><code class="javascript"> <pre><code class="javascript">
const meteorLocalFolder = '.meteor'; const meteorLocalFolder = '.meteor';
@@ -86,5 +86,4 @@ Path with 7 steps
</details> </details>
---------------------------------------- ----------------------------------------