fix: replace lazy quantifier with greedy to prevent ReDoS backtracking

Replace lazy quantifier +? with greedy quantifier + in regex patterns
to prevent catastrophic backtracking and ReDoS attacks.

The pattern ([^+\n]+?)(?=\n|$) uses a lazy quantifier that can cause
super-linear runtime when the lookahead fails, leading to backtracking.
Using a greedy quantifier ([^+\n]+)(?=\n|$) matches as much as possible
first, then verifies with the lookahead, preventing excessive backtracking.

Fixed patterns:
- Invoice Date patterns (2 regexes): Changed +? to +
- Due Date patterns (2 regexes): Changed +? to +
- Service patterns (2 regexes): Changed +? to +

The greedy quantifier is safer because it doesn't backtrack through
multiple positions when the lookahead fails, making the regex linear
in complexity rather than quadratic or exponential.

Author: T-DevH

src/ui/web/src/pages/DocumentExtraction.tsx

@@ -1056,21 +1056,22 @@ const DocumentExtraction: React.FC = () => {
                       if (orderNumMatch) parsedFields.order_number = { value: orderNumMatch[1] };
 
                       // Invoice Date patterns
-                      // Use positive lookahead (?=\n|$) instead of non-capturing group to prevent ReDoS
-                      const invoiceDateMatch = extractedText.match(/Invoice Date:\s*([^+\n]+?)(?=\n|$)/i) ||
-                                             extractedText.match(/Date:\s*([^+\n]+?)(?=\n|$)/i);
+                      // Use greedy quantifier + instead of lazy +? to prevent ReDoS backtracking
+                      // The greedy quantifier matches as much as possible, then lookahead verifies newline/end
+                      const invoiceDateMatch = extractedText.match(/Invoice Date:\s*([^+\n]+)(?=\n|$)/i) ||
+                                             extractedText.match(/Date:\s*([^+\n]+)(?=\n|$)/i);
                       if (invoiceDateMatch) parsedFields.invoice_date = { value: invoiceDateMatch[1].trim() };
 
                       // Due Date patterns
-                      // Use positive lookahead (?=\n|$) instead of non-capturing group to prevent ReDoS
-                      const dueDateMatch = extractedText.match(/Due Date:\s*([^+\n]+?)(?=\n|$)/i) ||
-                                         extractedText.match(/Payment Due:\s*([^+\n]+?)(?=\n|$)/i);
+                      // Use greedy quantifier + instead of lazy +? to prevent ReDoS backtracking
+                      const dueDateMatch = extractedText.match(/Due Date:\s*([^+\n]+)(?=\n|$)/i) ||
+                                         extractedText.match(/Payment Due:\s*([^+\n]+)(?=\n|$)/i);
                       if (dueDateMatch) parsedFields.due_date = { value: dueDateMatch[1].trim() };
 
                       // Service patterns
-                      // Use positive lookahead (?=\n|$) instead of non-capturing group to prevent ReDoS
-                      const serviceMatch = extractedText.match(/Service:\s*([^+\n]+?)(?=\n|$)/i) ||
-                                         extractedText.match(/Description:\s*([^+\n]+?)(?=\n|$)/i);
+                      // Use greedy quantifier + instead of lazy +? to prevent ReDoS backtracking
+                      const serviceMatch = extractedText.match(/Service:\s*([^+\n]+)(?=\n|$)/i) ||
+                                         extractedText.match(/Description:\s*([^+\n]+)(?=\n|$)/i);
                       if (serviceMatch) parsedFields.service = { value: serviceMatch[1].trim() };
 
                       // Rate/Price patterns