simstudioai
Fix: Search Feature Vulnerable to Performance Attack via User Input in apps/sim/components/ui/search-highlight.tsx
Context and Purpose:
This PR automatically remediates a security vulnerability:
-
Description: RegExp() called with a
{ text, searchQuery, className = '' }: SearchHighlightPropsfunction argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS. - Rule ID: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp
- Severity: MEDIUM
- File: apps/sim/components/ui/search-highlight.tsx
- Lines Affected: 30 - 30
This change is necessary to protect the application from potential security risks associated with this vulnerability.
Solution Implemented:
The automated remediation process has applied the necessary changes to the affected code in apps/sim/components/ui/search-highlight.tsx to resolve the identified issue.
Please review the changes to ensure they are correct and integrate as expected.
@kira-offgrid is attempting to deploy a commit to the Sim Studio Team on Vercel.
A member of the Team first needs to authorize it.
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Skipped Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| docs | ⬜️ Skipped (Inspect) | Jul 11, 2025 3:48am |