Merge pull request #18 from nfedyk/feature/updates-tests

Extended testing and sanitization

Author: bitsofinfo

Dockerfile

@@ -0,0 +1,24 @@
+FROM mcr.microsoft.com/powershell:7.4-mariner-2.0-arm64
+
+ENV APP_ROOT_DIR="/app"
+
+RUN pwsh -Command Set-PSRepository -Name PSGallery -InstallationPolicy Trusted && \
+    pwsh -Command Install-Module -Name ExchangeOnlineManagement -Scope AllUsers -RequiredVersion 3.5.0 && \
+    pwsh -Command Set-PSRepository -Name PSGallery -InstallationPolicy Untrusted 
+
+RUN yum install -y nodejs npm
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy package.json and package-lock.json
+COPY package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Command to run tests
+CMD ["npm", "run", "test-docker"]

README.md

@@ -7,6 +7,7 @@ Node.js module that provides a registry and gateway for execution of pre-defined
 * [Overview](#overview)
 * [Concepts](#concepts)
 * [Usage](#usage)
+* [Testing](#testing)
 * [History](#history)
 * [Related tools](#related)
 
@@ -54,9 +55,20 @@ Three sets of init commands are availiable as of version `1.1.0`:
 
 7) There is also a unit-test (```test\all.js```) for the command registry in ```o365Utils.js``` which gives an example of usage for all thre possible Exchange connect variations.
 
+### <a id="testing"></a>Testing 
+Project test can be executed by running `npm test` command on Windows machine. Connection to Exchange Online is required for the tests to pass.
+
+There is also option to run Docker based tests. You need to configure `environment` variables in `docker-compose.yml` file in order to define connection parameters. To run tests in Docker container, execute `docker-compose run test` command once the configuration is done.
+
+Exchange online tests will be skipped if the connection is not available.
+
+
 ### <a id="history"></a>History
 
 ```
+v1.1.4 - 2024-11-22
+    - Extended testing and fixed escaping reserved variables and special characters in commands
+
 v1.1.3 - 2024-11-14
     - Added support for [multivalued parameters](https://learn.microsoft.com/en-us/exchange/modifying-multivalued-properties-exchange-2013-help) in commands
 

docker-compose.yml

@@ -0,0 +1,13 @@
+version: '3'
+services:
+  test:
+    build: .
+    volumes:
+      - .:/app
+      - /app/node_modules
+    environment:
+      - APPLICATION_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      - TENANT=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      - CERTIFICATE_PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      - CERTIFICATE=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      - O365_TENANT_DOMAIN_NAME=sample.com

o365Utils.js

@@ -602,7 +602,13 @@ var o365CommandRegistry = {
         'return': {
             type: 'none'
         }
-    }
+    },
+    getStatus: {
+      command: 'Get-ConnectionInformation | ConvertTo-Json',
+      return: {
+        type: 'json'
+      }
+    },    
 };
 
 module.exports.o365CommandRegistry = o365CommandRegistry;

package-lock.json

@@ -1,13 +1,14 @@
 {
     "name": "powershell-command-executor",
-    "version": "1.1.3",
+    "version": "1.1.4",
     "description": "Provides a registry and gateway for execution powershell commands through long-lived established remote PSSessions via a stateful-process-command-proxy pool of powershell processes",
     "main": "psCommandService.js",
     "directories": {
         "test": "test"
     },
     "scripts": {
-        "test": "mocha test/all.js"
+        "test": "mocha test/all.js",
+        "test-docker": "mocha test/unit.js"
     },
     "keywords": [
         "command",

package.json

@@ -366,13 +366,15 @@ PSCommandService.prototype._sanitize = function (toSanitize, isQuoted) {
     .replace(/\\n/g, "\\$&") // kill string based newline attempts
     .replace(/[`#]/g, "`$&"); // escape stuff that could screw up variables
 
+  const sanitizeRegex = /[;\$\|\(\)\{\}\[\]\\]/g;    
+  const multiValuedRegex = /@\{([^}]*)\}/g;
+  
   if (isQuoted) { // if quoted, escape all quotes
     toSanitize = toSanitize.replace(/'/g, "'$&");
-  } else if (
-    !reservedVariableNames.includes(toSanitize) && // skip if this is reserved variable name
-    multiValuedRegex.test(toSanitize) // process is this is multi-valued parameter
-  ) { 
+  } else if (multiValuedRegex.test(toSanitize)) { 
+    // process is this is multi-valued parameter
     const extractParams = (str, key) => {
+      // values must be wrapped in double quotes, so we can split them by comma
       const match = str.match(new RegExp(`${key}="([^;]+)(?:";|"})`, "i"));
       return match
         ? match[1]
@@ -385,18 +387,19 @@ PSCommandService.prototype._sanitize = function (toSanitize, isQuoted) {
 
     const addItemsSanitized = extractParams(toSanitize, "Add");
     const removeItemsSanitized = extractParams(toSanitize, "Remove");
-
-    let result = "@{";
-    if (addItemsSanitized.length > 0) {
-      result += `Add="${addItemsSanitized.join('","')}"`;
-    }
-    if (removeItemsSanitized.length > 0) {
-      if (addItemsSanitized.length > 0) result += "; ";
-      result += `Remove="${removeItemsSanitized.join('","')}"`;
+    if (addItemsSanitized.length > 0 || removeItemsSanitized.length > 0) {
+      let result = "@{";
+      if (addItemsSanitized.length > 0) {
+        result += `Add="${addItemsSanitized.join('","')}"`;
+      }
+      if (removeItemsSanitized.length > 0) {
+        if (addItemsSanitized.length > 0) result += "; ";
+        result += `Remove="${removeItemsSanitized.join('","')}"`;
+      }
+      result += "}";
+      toSanitize = result;      
     }
-    result += "}";
-    toSanitize = result;
-  } else {
+  } else if (!reservedVariableNames.includes(toSanitize)) { // skip if this is reserved variable name
     toSanitize = toSanitize.replace(sanitizeRegex, "`$&");
   }
 

psCommandService.js

@@ -463,6 +463,7 @@ describe('test PSCommandService w/ o365CommandRegistry', function () {
             TENANT_ID,
             10000, 30000, 60000), o365Utils.getO365PSDestroyCommands());
     });
+    // The CertificateThumbprint parameter is supported only in Microsoft Windows.
     it('Should test all group and mail contact commands then cleanup with Certificate Thumb Print based auth', function (done) {
         this.timeout(120000);
         testRun(done, o365Utils.getO365PSInitCommands(