Potential fix for code scanning alert no. 4: Regular expression injection

meenu155 · github-advanced-security[bot] · web-flow · commit f97ce715b2cb · 2025-11-05T19:46:35.000+05:30
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/bin/lib/logs.js b/bin/lib/logs.js
@@ -2,6 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { spawn } from 'node:child_process';
 import chalk from 'chalk';
+import _ from 'lodash';
 
 // Log levels and their colors
 const LOG_LEVELS = {
@@ -121,7 +122,8 @@ async function readLogsFromFile(filePath, options = {}) {
   }
   
   if (options.filter) {
-    const regex = new RegExp(options.filter, 'i');
+    const safeFilter = _.escapeRegExp(options.filter);
+    const regex = new RegExp(safeFilter, 'i');
     logs = logs.filter(log => regex.test(log.message) || regex.test(log.raw));
   }
   
diff --git a/package.json b/package.json
@@ -53,7 +53,8 @@
     "degit": "^2.8.4",
     "fs-extra": "^11.3.2",
     "prompts": "^2.4.2",
-    "execa": "^9.6.0"
+    "execa": "^9.6.0",
+    "lodash": "^4.17.21"
   },
   "devDependencies": {
     "vitepress": "^1.3.3",

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import fs from 'fs';`
`2`	`2`	`import path from 'path';`
`3`	`3`	`import { spawn } from 'node:child_process';`
`4`	`4`	`import chalk from 'chalk';`
	`5`	`+import _ from 'lodash';`
`5`	`6`
`6`	`7`	`// Log levels and their colors`
`7`	`8`	`const LOG_LEVELS = {`
`@@ -121,7 +122,8 @@ async function readLogsFromFile(filePath, options = {}) {`
`121`	`122`	`}`
`122`	`123`
`123`	`124`	`if (options.filter) {`
`124`		`- const regex = new RegExp(options.filter, 'i');`
	`125`	`+ const safeFilter = _.escapeRegExp(options.filter);`
	`126`	`+ const regex = new RegExp(safeFilter, 'i');`
`125`	`127`	`logs = logs.filter(log => regex.test(log.message) \|\| regex.test(log.raw));`
`126`	`128`	`}`
`127`	`129`