for issue #3

Author: bitsofinfo

README.md

@@ -13,15 +13,15 @@ It is important to note, that despite the use-case described below for this proj
 * [Security](#security)
 * [Related Tools](#related)
 
-###<a id="Origin"></a> Origin 
+###<a id="Origin"></a> Origin
 
-This project originated out of the need to execute various Powershell commands (at fairly high volume and frequency) against services within Office365/Azure bridged via a custom node.js implemented REST API; this was due to the lack of certain features in the REST GraphAPI for Azure/o365, that are available only in Powershell. 
+This project originated out of the need to execute various Powershell commands (at fairly high volume and frequency) against services within Office365/Azure bridged via a custom node.js implemented REST API; this was due to the lack of certain features in the REST GraphAPI for Azure/o365, that are available only in Powershell.
 
 If you have done any work with Powershell and o365, then you know that there is considerable overhead in both establishing a remote session and importing and downloading various needed cmdlets. This is an expensive operation and there is a lot of value in being able to keep this remote session open for longer periods of time rather than repeating this entire process for every single command that needs to be executed and then tearing everything down.
 
 Simply doing an child_process.**exec** per command to launch an external process, run the command, and then killing the process is not really an option under such scenarios, as it is expensive and very singular in nature; no state can be maintained if need be. We also tried using [edge.js with powershell](https://github.com/tjanczuk/edge#how-to-script-powershell-in-a-nodejs-application) and this simply would not work with o365 exchange commands and heavy session cmdlet imports (the entire node.js process would crash). Using this module gives you full un-fettered access to the externally connected child_process, with no restrictions other than what uid/gid (permissions) the spawned process is running under (which you **really** have to consider from security standpoint!)
 
-The diagram below should conceptually give you an idea of what this module does. 
+The diagram below should conceptually give you an idea of what this module does.
 
 **The local user that the node process runs as should have virtually zero rights! Also be sure to properly configure a restricted UID/GID when instatiating a new instance of this. See security notes below.**
 
@@ -42,75 +42,76 @@ mocha test/all.js
 
 ```
 v1.0-beta.3 - 2014-01-26
-    - New options for command blacklisting regex matching and interval 
+    - New options for command blacklisting regex matching and interval
       based self auto-invalidation of ProcessProxy instances
-    
+
 v1.0-beta.2 - 2014-01-21
     - New return types for executeCommands - is now an array
-    
+
 v1.0-beta.1 - 2014-01-17
     - Initial version
 ```
 
-###<a id="usage"></a> Usage 
+###<a id="usage"></a> Usage
 
 To use StatefulProcessCommandProxy the constructor takes one parameter which is a configuration object who's properties are described below. Please refer to the example (following) and the unit-test for more details.
 
 ```
     name:           The name of this instance, arbitrary
-    
+
     max:               maximum number of processes to maintain
-    
+
     min:               minimum number of processes to maintain
-    
+
     idleTimeoutMS:     idle in milliseconds by which a process will be destroyed
-    
+
     processCommand: full path to the actual process to be spawned (i.e. /bin/bash)
-    
+
     processArgs:    arguments to pass to the process command
-    
+
     processRetainMaxCmdHistory: for each process spawned, the maximum number
                                 of command history objects to retain in memory
                                 (useful for debugging), default 0
-                                
+
     processInvalidateOnRegex: optional config of regex patterns who if match
                               their respective type, will flag the process as invalid
                                           {
-                                         'any' : ['regex1', ....],
-                                         'stdout' : ['regex1', ....],
-                                         'stderr' : ['regex1', ....]
+                                         'any' :    [ {regex:'regex1',flags:'ig'}, ....],
+                                         'stdout' : [ {regex:'regex1',flags:'m'}, ....],
+                                         'stderr' : [ {regex:'regex1',flags:'ig'}, ....]
                                          }
-                                         
+
    processCmdBlacklistRegex: optional config array regex patterns who if match the
                              command requested to be executed will be rejected
                              with an error
-                                     [ 'regex1', 'regex2'...]
-                                     
+                                     [ {regex:'regex1',flags:'ig'},
+                                       {regex:'regex2',flags:'ig'}...]
+
     processCwd:    optional current working directory for the processes to be spawned
-    
+
     processEnvMap: optional hash/object of key-value pairs for environment variables
                    to set for the spawned processes
-                   
+
     processUid:    optional uid to launch the processes as
-    
+
     processGid:    optional gid to launch the processes as
-    
+
     logFunction:    optional function that should have the signature
                     (severity,origin,message), where log messages will
                     be sent to. If null, logs will just go to console
-                    
+
     initCommands:   optional array of actual commands to execute on each newly
                     spawned ProcessProxy in the pool before it is made available
-                    
+
     preDestroyCommands: optional array of actual commands to execute on a process
                         before it is killed/destroyed on shutdown or being invalid
-                        
+
     validateFunction:  optional function that should have the signature to accept
                        a ProcessProxy object, and should return true/false if the
                        process is valid or not, at a minimum this should call
                        ProcessProxy.isValid(). If the function is not provided
                        the default behavior is to only check ProcessProxy.isValid()
-                       
+
     autoInvalidationConfig optional configuration that will run the specified
                            commands in the background on the given interval,
                            and if the given regexes match/do-not-match for each command the
@@ -122,22 +123,22 @@ To use StatefulProcessCommandProxy the constructor takes one parameter which is
            commands:
               [
                { command:'cmd1toRun',
-               
+
                  // OPTIONAL: because you can configure multiple commands
                  // where the first ones doe some prep, then the last one's
                  // output needs to be evaluated hence 'regexes'  may not
                  // always be present, (but your LAST command must have a
                  // regexes config to eval prior work, otherwise whats the point
-                 
+
                  regexes: {
                         // at least one key must be specified
                         // 'any' means either stdout or stderr
                         // for each regex, the 'on' property dictates
                         // if the process will be flagged invalid based
                         // on the results of the regex evaluation
-                       'any' :    [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-                       'stdout' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-                       'stderr' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....]
+                       'any' :    [ {regex:'regex1', flags:'m', invalidOn:'match | noMatch'}, ....],
+                       'stdout' : [ {regex:'regex1', flags:'ig', invalidOn:'match | noMatch'}, ....],
+                       'stderr' : [ {regex:'regex1', flags:'i', invalidOn:'match | noMatch'}, ....]
                   }
               },...
             ]
@@ -146,9 +147,9 @@ To use StatefulProcessCommandProxy the constructor takes one parameter which is
 
 Its highly recommended you check out the unit-tests for some examples in addition to the below:
 
-###<a id="example"></a> Example 
+###<a id="example"></a> Example
 
-Note this example is for a machine w/ bash in the typical location. Windows (or other) can adjust the below as necessary to run). 
+Note this example is for a machine w/ bash in the typical location. Windows (or other) can adjust the below as necessary to run).
 
 ```
 var Promise = require('promise');
@@ -205,7 +206,7 @@ statefulProcessCommandProxy.executeCommand('echo testInitVar')
   }).catch(function(error) {
       console.log("Error: " + error);
   });
-  
+
 // test that our invalidation regex above traps and destroys this process instance
 statefulProcessCommandProxy.executeCommand('echo "this command has an error and will be '+
                 ' destroyed after check-in because it matches our invalidation regex"')
@@ -239,19 +240,19 @@ setTimeout(function() {
 },10000);
 
 ```
-  
-###<a id="security"></a> Security 
+
+###<a id="security"></a> Security
 
 Obviously this module can expose you to some insecure situations depending on how you use it... you are providing a gateway to an external process via Node on your host os! (likely a shell in most use-cases). Here are some tips; ultimately its your responsibility to secure your system.
 
 * Ensure that the node process is running as a user with very limited rights
 * Make use of the uid/gid configuration appropriately to further limit the processes
-* Never expose calls to this module directly, instead you should write a wrapper layer around StatefulProcessCommandProxy that protects, analyzes and sanitizes external input that can materialize in a `command` statement. 
+* Never expose calls to this module directly, instead you should write a wrapper layer around StatefulProcessCommandProxy that protects, analyzes and sanitizes external input that can materialize in a `command` statement.
 * All commands you pass to `execute` should be sanitized to protect from injection attacks
-  
+
 ###<a id="related"></a> Related Tools
 
 Have a look at these related projects which build on top of this module to provide some higher level functionality
 
-* https://github.com/bitsofinfo/powershell-command-executor - Introduces a higher level "registry" of powershell commands which can be generated, have arguments applied to them (and sanitized), then executed. 
+* https://github.com/bitsofinfo/powershell-command-executor - Introduces a higher level "registry" of powershell commands which can be generated, have arguments applied to them (and sanitized), then executed.
 * https://github.com/bitsofinfo/powershell-command-executor-ui - Builds on top of powershell-command-executor to provide a simple Node REST API and AngularJS interface for testing the execution of commands in the registry

processProxy.js

@@ -43,9 +43,9 @@ fifo.prototype.toArray = function () {
 * @param invalidateOnRegex optional regex pattern config object in the format:
 *
 *                           {
-*                           'any' : ['regex1', ....],
-*                           'stdout' : ['regex1', ....],
-*                           'stderr' : ['regex1', ....]
+*                           'any' :    [ {regex:'regex1',flags:'ig'}, ....],
+*                           'stdout' : [ {regex:'regex1',flags:'ig'}, ....],
+*                           'stderr' : [ {regex:'regex1',flags:'m'}, ....]
 *                           }
 *
 *                          where on Command.finish() if the regex matches the
@@ -68,7 +68,8 @@ fifo.prototype.toArray = function () {
 *                                command requested to be executed will be rejected
 *                                with an error.
 *
-*                                [ 'regex1', 'regex2'...]
+*                                [ '{regex:'regex1',flags:'ig'},
+*                                   {regex:'regex2',flags:'m'}...]
 *
 *
 * @param autoInvalidationConfig optional configuration that will run the specified
@@ -96,9 +97,9 @@ fifo.prototype.toArray = function () {
 *                         // for each regex, the 'on' property dictates
 *                         // if the process will be flagged invalid based
 *                         // on the results of the regex evaluation
-*                        'any' :    [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-*                        'stdout' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-*                        'stderr' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....]
+*                        'any' :    [ {regex:'regex1', flags:'i', invalidOn:'match | noMatch'}, ....],
+*                        'stdout' : [ {regex:'regex1', flags:'i', invalidOn:'match | noMatch'}, ....],
+*                        'stderr' : [ {regex:'regex1', flags:'i', invalidOn:'match | noMatch'}, ....]
 *                   }
 *               },...
 *             ]
@@ -221,7 +222,6 @@ ProcessProxy.prototype._buildAutoInvalidationConfig = function(autoInvalidationC
 
             // this is optional...
             if (typeof(cmdConf.regexes)!=='undefined') {
-
                 this._parseRegexConfigs(cmdConf.regexes['any']);
                 this._parseRegexConfigs(cmdConf.regexes['stdout']);
                 this._parseRegexConfigs(cmdConf.regexes['stderr']);
@@ -273,16 +273,23 @@ ProcessProxy.prototype._parseRegexes = function(regexesToParse, regexpsToAppendT
         // parse all 'any' regexes to RegExp objects
         for (var i=0; i<regexesToParse.length; i++) {
 
-            var regexStr = regexesToParse[i];
+            var regexConf = regexesToParse[i];
             try {
-                var parsed = new RegExp(regexStr);
+                var parsed = null;
+
+                if (typeof(regexConf.flags) != 'undefined') {
+                    parsed = new RegExp(regexConf.regex,regexConf.flags);
+                } else {
+                    parsed = new RegExp(regexConf.regex);
+                }
+
                 for (var j=0; j<regexpsToAppendTo.length; j++) {
                     regexpsToAppendTo[j].push(parsed);
                 }
 
             } catch(exception) {
                 this._log('error',"Error parsing invalidation regex: "
-                    + regexStr + " err:"+exception + ' ' + exception.stack);
+                    + JSON.stringify(regexConf) + " err:"+exception + ' ' + exception.stack);
             }
         }
     }
@@ -307,14 +314,19 @@ ProcessProxy.prototype._parseRegexConfigs = function(regexConfigsToConvert) {
         var regexConf = regexConfigsToConvert[j];
 
         try {
-            regexConf.regexStr = regexConf.regex; // retain as string
-            var parsed = new RegExp(regexConf.regex);
-            regexConf.regex = parsed; // replace as obj
+
+            if (typeof(regexConf.flags) != 'undefined') {
+              console.log(regexConf.regex);
+                parsed = new RegExp(regexConf.regex,regexConf.flags);
+            } else {
+                parsed = new RegExp(regexConf.regex);
+            }
+
+            regexConf.regExpObj = parsed; // set as obj
 
         } catch(exception) {
-            delete regexConf.regex;
             this._log('error',"Error parsing regex: "
-                + regexStr + " err:"+exception + ' ' + exception.stack);
+                + JSON.stringify(regexConf) + " err:"+exception + ' ' + exception.stack);
         }
     }
 }
@@ -696,8 +708,8 @@ ProcessProxy.prototype._evalRegexConfigs = function(regexConfs, dataToEval) {
     for (var i=0; i<regexConfs.length; i++) {
         var regexConf = regexConfs[i];
 
-        if (regexConf.hasOwnProperty('regex')) {
-            var matches = regexConf.regex.exec(dataToEval);
+        if (regexConf.hasOwnProperty('regExpObj')) {
+            var matches = regexConf.regExpObj.exec(dataToEval);
 
             if (matches && regexConf.invalidOn == 'match' ||
                 !matches && regexConf.invalidOn == 'noMatch') {

statefulProcessCommandProxy.js

@@ -31,16 +31,17 @@ var Promise = require('promise');
                               their respective type, will flag the process as invalid
 
                                           {
-                                         'any' : ['regex1', ....],
-                                         'stdout' : ['regex1', ....],
-                                         'stderr' : ['regex1', ....]
+                                         'any' :    [ {regex:'regex1',flags:'ig'}, ....],
+                                         'stdout' : [ {regex:'regex1',flags:'ig'}, ....],
+                                         'stderr' : [ {regex:'regex1',flags:'ig'}, ....]
                                          }
 
    processCmdBlacklistRegex: optional config array regex patterns who if match the
                              command requested to be executed will be rejected
                              with an error
 
-                                     [ 'regex1', 'regex2'...]
+                                     [ {regex:'regex1',flags:'ig'},
+                                       {regex:'regex2',flags:'m'}...]
 
 
     processCwd:    optional current working directory for the processes to be spawned
@@ -96,9 +97,9 @@ var Promise = require('promise');
                         // if the process will be flagged invalid based
                         // on the results of the regex evaluation
 
-                       'any' :    [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-                       'stdout' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....],
-                       'stderr' : [ {regex:'regex1', invalidOn:'match | noMatch'}, ....]
+                       'any' :    [ {regex:'regex1', flags:'im', invalidOn:'match | noMatch'}, ....],
+                       'stdout' : [ {regex:'regex1', flags:'g', invalidOn:'match | noMatch'}, ....],
+                       'stderr' : [ {regex:'regex1', flags:'i', invalidOn:'match | noMatch'}, ....]
                   }
               },...
             ]

test/all.js

@@ -27,7 +27,7 @@ var configs = {
                 { 'command': '$INVALIDATION_VAR="iShouldSetupInvalidation"'},
                 { 'command': 'echo $INVALIDATION_VAR',
                   'regexes': {
-                    'any' : [ {'regex':'.*Invalid.*', 'invalidOn':'match'}]
+                    'any' : [ {'regex':'.*Invalid.*', 'flags':'i', 'invalidOn':'match'}]
                   }
                 }
             ]
@@ -58,7 +58,7 @@ var configs = {
                 { 'command': 'INVALIDATION_VAR=iShouldSetupInvalidation'},
                 { 'command': 'echo $INVALIDATION_VAR',
                   'regexes': {
-                    'any' : [ {'regex':'.*Invalid.*', 'invalidOn':'match'}]
+                    'any' : [ {'regex':'.*Invalid.*', 'flags':'i', 'invalidOn':'match'}]
                   }
                 }
             ]
@@ -115,12 +115,12 @@ var getStatefulProcessCommandProxyForTests = function(config,max,min,setAutoVali
 
             processRetainMaxCmdHistory : 10,
             processInvalidateOnRegex : {
-                'any':['.*nomatch.*'],
-                'stdout':['.*nomatch.*'],
-                'stderr':['.*nomatch.*']
+                'any':[{'regex':'.*nomatch.*'}],
+                'stdout':[{'regex':'.*nomatch.*'}],
+                'stderr':[{'regex':'.*nomatch.*', 'flags':'i'}]
             },
 
-            processCmdBlacklistRegex: ['.*blacklisted.*'],
+            processCmdBlacklistRegex: [ {'regex':'.*blacklisted.*'} ],
 
             processCwd : null,
             processEnvMap : {"testenvvar":"value1"},