SOLVED
Home

Query about RegEx

%3CLINGO-SUB%20id%3D%22lingo-sub-340024%22%20slang%3D%22en-US%22%3EQuery%20about%20RegEx%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-340024%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20creating%20the%20config.json%20file%2C%20one%20probably%20needs%20to%20enter%20regex%20stri%20ngs%20for%20process%20executable%20matching.%26nbsp%3B%20In%20reading%20the%20code%2C%20it%20appears%20that%20the%20code%20is%20using%20C%2B%2B%20std%20regex%20libraries%20for%20this%20purpose%2C%20rather%20than%20standard%20Json%20Regex.%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20believe%20the%20appropriate%20reference%20for%20this%20RegEx%20is%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcpp%2Fstandard-library%2Fregular-expressions-cpp%3Fview%3Dvs-2017%23grammarsummary%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcpp%2Fstandard-library%2Fregular-expressions-cpp%3Fview%3Dvs-2017%23grammarsummary%3C%2FA%3E%20and%20that%20the%20default%20syntax%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23000000%3B%20font-family%3A%20Segoe%20UI%2CSegoeUI%2CSegoe%20WP%2CHelvetica%20Neue%2CHelvetica%2CTahoma%2CArial%2Csans-serif%3B%20font-size%3A%200.87rem%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20bold%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.5%3B%20orphans%3A%202%3B%20overflow-wrap%3A%20break-word%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EECMAScript%3C%2FSPAN%3E%20is%20being%20used.%20%26nbsp%3B%3CSTRONG%3EPlease%20confirm%20this.%3C%2FSTRONG%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20we%20need%20this%20documented%20somewhere%20other%20than%20in%20the%20code.%26nbsp%3B%20Yes%2C%20this%20might%20not%20be%20the%20place%20for%20documentatin%2C%20but%20somewhere.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352248%22%20slang%3D%22en-US%22%3ERe%3A%20Query%20about%20RegEx%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352248%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20-%20I%20initially%20assumed%20it%20was%20the%20syntax%20normally%20associated%20with%20json.%26nbsp%3B%20While%20not%20substantially%20different%2C%20it%20does%20affect%20options%20on%20how%20to%20write%20the%20syntax%20for%20the%20RegEx%20string.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20anyone%20having%20an%20issue%20with%20using%20the%20RegEx%20in%20the%20config.json%2C%20the%20following%20information%20might%20be%20helpful.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20%22executable%22%20ParameterName%20under%20%22processes%22%20should%20be%20written%20as%20a%20RegEx%20string%20using%20the%20standard%20Microsoft%20implementation%20with%20ECMAScript%20syntax.%26nbsp%3B%20This%20RegEx%20string%20is%20being%20compared%20to%20the%20process%20name%2C%20but%20%3CU%3Ewithout%3C%2FU%3E%20the%20%22.exe%22%20on%20the%20tail.%20Additionally%2C%20although%20the%20examples%20imply%20that%20the%20full%20path%20for%20the%20processes%20application%20is%20used%2C%20it%20is%20not.%26nbsp%3B%20If%20one%20wishes%20to%20use%20the%20most%20exacting%20match%20(to%20prevent%20accidental%20matches%20to%20other%20exe%20files%20in%20the%20package)%2C%20then%20you%20might%20consider%20using%20a%20string%20without%20wildcards%20and%20anchoring%20at%20the%20end%20of%20the%20string.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20consider%20a%20package%20with%20the%20following%20exe%20filenames%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20Name.exe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20Name_andMore.exe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%20The_Name_InTheMiddle.exe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20FrontEndedName.exe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20match%20only%20Name.exe%2C%20you%20could%20use%20the%20RegEx%20string%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%20Name%24%3C%2FP%3E%0A%3CP%3Eand%20it%20will%20only%20match%20the%20first%20case.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKeep%20in%20mind%20that%20consideration%20might%20be%20necessary%20for%20case%20changes.%26nbsp%3B%20For%20example%2C%20the%20app%20might%20register%20the%20first%20name%20inside%20the%20registry%20as%20NAME.exe%20and%20when%20used%20by%20an%20app%20in%20the%20package%20to%20launch%20it%2C%20is%20not%20clear%20if%20PSRuntime%20would%20be%20matching%20on%20the%20filename%20(Name)%20or%20requested%20filename%20(NAME).%26nbsp%3B%20I%20think%20it%20uses%20the%20filename%2C%20but%20without%20an%20example%20to%20test%20I'm%20not%20sure.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20keep%20in%20mind%20the%20special%20RegEx%20characters%20that%20need%20to%20be%20escaped.%26nbsp%3B%20For%20example%20%22Notepad%2B%2B%22%20would%20use%20a%20RegEx%20string%20like%20%22Notepad%5C%2B%5C%2B%24%22.%26nbsp%3B%20See%20RegEx%20documentation%20for%20a%20full%20list%20of%20those%20special%20characters.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-345380%22%20slang%3D%22en-US%22%3ERe%3A%20Query%20about%20RegEx%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-345380%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Tim%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYes%2C%20this%20is%20the%20scheme%20and%20the%20default%20syntax%20(ECMA)%20we%20use.%3C%2FP%3E%0A%3CP%3EThanks%20for%20bringing%20it%20up%2C%20we%20will%20add%20it%20to%20our%20docs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%0A%3CP%3EVlad%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Tim Mangan
MVP

In creating the config.json file, one probably needs to enter regex stri ngs for process executable matching.  In reading the code, it appears that the code is using C++ std regex libraries for this purpose, rather than standard Json Regex.  

 

I believe the appropriate reference for this RegEx is https://docs.microsoft.com/en-us/cpp/standard-library/regular-expressions-cpp?view=vs-2017#grammarsu... and that the default syntax ECMAScript is being used.  Please confirm this. 

 

I think we need this documented somewhere other than in the code.  Yes, this might not be the place for documentatin, but somewhere.

 

2 Replies
Solution

Hi Tim,

 

Yes, this is the scheme and the default syntax (ECMA) we use.

Thanks for bringing it up, we will add it to our docs.

 

Thanks!

Vlad

Thanks - I initially assumed it was the syntax normally associated with json.  While not substantially different, it does affect options on how to write the syntax for the RegEx string.

 

For anyone having an issue with using the RegEx in the config.json, the following information might be helpful.

 

The "executable" ParameterName under "processes" should be written as a RegEx string using the standard Microsoft implementation with ECMAScript syntax.  This RegEx string is being compared to the process name, but without the ".exe" on the tail. Additionally, although the examples imply that the full path for the processes application is used, it is not.  If one wishes to use the most exacting match (to prevent accidental matches to other exe files in the package), then you might consider using a string without wildcards and anchoring at the end of the string.

 

For example, consider a package with the following exe filenames:

    Name.exe

    Name_andMore.exe

   The_Name_InTheMiddle.exe

    FrontEndedName.exe

 

If you want to match only Name.exe, you could use the RegEx string

   Name$

and it will only match the first case. 

 

Keep in mind that consideration might be necessary for case changes.  For example, the app might register the first name inside the registry as NAME.exe and when used by an app in the package to launch it, is not clear if PSRuntime would be matching on the filename (Name) or requested filename (NAME).  I think it uses the filename, but without an example to test I'm not sure.

 

Also keep in mind the special RegEx characters that need to be escaped.  For example "Notepad++" would use a RegEx string like "Notepad\+\+$".  See RegEx documentation for a full list of those special characters.

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies