2nd attempt to fix github-advanced-security rule violation: js/polynomial-redos (Polynomial regular expression used on uncontrolled data)

Author: hkong-mitre

src/search/SearchRequest.ts

@@ -419,7 +419,7 @@ export class SearchRequest {
   static extractQuotedStrings = (searchText: string): string[] => {
     // based on code generated by gemini
     // Regex to find tokens: quoted strings with escaped quotes, or unquoted words.
-    const regex = /"(?:[^"\\]|\\.)+"|[\S]+/g
+    const regex = /"[^"\\]*(?:\\.[^"\\]*)*"|[\S]+/g;
     // const regex = /"([^"]*)"/g;
     const matches = searchText.match(regex);
     return matches ?? [];

src/search/test_cases/search_exactPhrase.test.e2e.ts

@@ -37,13 +37,13 @@ describe('Wildcard Searches', () => {
       // phrase with unequal quotes (edge cases)
       { input: `"microsoft office`, expected: [`"microsoft`, `office`] },
       { input: `"\\"abc\\"`, expected: [`"abc\\`] },
-      { input: `"""`, expected: [`"`] },
+      { input: `"""`, expected: [``, ``] },
       { input: `a"b`, expected: [`a"b`] },
       { input: `a\"b`, expected: [`a"b`] },
       // very edge cases
       { input: `\"a\"b`, expected: [`a`, `b`] }, // because it's "a"b
       { input: `\"a\" b`, expected: [`a`, `b`] }, // because it's "a" b
-      { input: `\"\"a \"b\"`, expected: [`""a`, `b`] },
+      { input: `\"\"a \"b\"`, expected: [``, `a`, `b`] },
       { input: `"'"`, expected: [`'`] },
       { input: `'"'`, expected: [`'"'`] },
       { input: `'""'`, expected: [`'""'`] },
@@ -52,7 +52,7 @@ describe('Wildcard Searches', () => {
     ];
 
     testCases.forEach(({ input, expected }) => {
-      it(`should correctly tokenize "${input}" into ${JSON.stringify(expected)}`, () => {
+      it(`should correctly tokenize '${input}' into ${JSON.stringify(expected)}`, () => {
         const result = SearchRequest.tokenizeSearchText(input);
         expect(result).toEqual(expected);
       });