fix: replace polynomial regex with loop to resolve CodeQL ReDoS alert

MaanavD · MaanavD · commit 5c043bb9af54 · 2026-03-10T12:41:40.000-05:00
The regex /\/+$/ used to strip trailing slashes from baseUrl was flagged
as a polynomial regular expression (ReDoS risk) by CodeQL. Replaced with
a simple while/endsWith/slice loop.
diff --git a/sdk_v2/js/src/openai/responsesClient.ts b/sdk_v2/js/src/openai/responsesClient.ts
@@ -133,8 +133,12 @@ export class ResponsesClient {
         if (!baseUrl || typeof baseUrl !== 'string' || baseUrl.trim() === '') {
             throw new Error('baseUrl must be a non-empty string.');
         }
-        // Strip trailing slash for consistent URL construction
-        this.baseUrl = baseUrl.replace(/\/+$/, '');
+        // Strip trailing slashes for consistent URL construction
+        let url = baseUrl;
+        while (url.endsWith('/')) {
+            url = url.slice(0, -1);
+        }
+        this.baseUrl = url;
         this.modelId = modelId;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -133,8 +133,12 @@ export class ResponsesClient {`
`133`	`133`	`if (!baseUrl \|\| typeof baseUrl !== 'string' \|\| baseUrl.trim() === '') {`
`134`	`134`	`throw new Error('baseUrl must be a non-empty string.');`
`135`	`135`	`}`
`136`		`- // Strip trailing slash for consistent URL construction`
`137`		`- this.baseUrl = baseUrl.replace(/\/+$/, '');`
	`136`	`+ // Strip trailing slashes for consistent URL construction`
	`137`	`+ let url = baseUrl;`
	`138`	`+ while (url.endsWith('/')) {`
	`139`	`+ url = url.slice(0, -1);`
	`140`	`+ }`
	`141`	`+ this.baseUrl = url;`
`138`	`142`	`this.modelId = modelId;`
`139`	`143`	`}`
`140`	`144`