From f81b12929bc0d4ee9a2a0e4cd0fb8a0d9eeb8ffc Mon Sep 17 00:00:00 2001
From: RinZ27 <222222878+RinZ27@users.noreply.github.com>
Date: Thu, 2 Apr 2026 22:53:30 +0700
Subject: [PATCH] fix: sanitize metadata search regex to prevent ReDoS

Signed-off-by: RinZ27 <222222878+RinZ27@users.noreply.github.com>
---
 lib/api/apiUtils/bucket/parseLikeExpression.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/api/apiUtils/bucket/parseLikeExpression.js b/lib/api/apiUtils/bucket/parseLikeExpression.js
index 0b85cfa6d8..210949eb85 100644
--- a/lib/api/apiUtils/bucket/parseLikeExpression.js
+++ b/lib/api/apiUtils/bucket/parseLikeExpression.js
@@ -13,7 +13,9 @@ function parseLikeExpression(regex) {
     }
     const pattern = split.slice(1, split.length - 1).join('/');
     const regexOpt = split[split.length - 1];
-    return { $regex: new RegExp(pattern), $options: regexOpt };
+    // Escape regex special characters to prevent ReDoS
+    const escapedPattern = pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    return { $regex: new RegExp(escapedPattern), $options: regexOpt };
 }
 
 module.exports = parseLikeExpression;