Skip to content

Percy doctor#2118

Draft
rishigupta1599 wants to merge 2 commits intomasterfrom
percy-doctor
Draft

Percy doctor#2118
rishigupta1599 wants to merge 2 commits intomasterfrom
percy-doctor

Conversation

@rishigupta1599
Copy link
Contributor

@rishigupta1599 rishigupta1599 commented Feb 26, 2026

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 26, 2026
View reviewed changes
packages/cli-doctor/src/checks/pac.js
myIpAddress: () => '127.0.0.1',
dnsDomainLevels: h => (h.match(/\./g) || []).length,
shExpMatch: (str, shexp) => {
const re = new RegExp('^' + shexp.replace(/\./g, '\\.').replace(/\*/g, '.*').replace(/\?/g, '.') + '$');

Check failure

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Copilot Autofix

AI 1 day ago

In general, to fix this kind of problem you should not hand-roll escaping with a couple of replace calls. Instead, first escape all regular expression metacharacters in the input pattern, then translate only the intended wildcard characters (* and ?) into their regex equivalents, and finally compile the resulting string with new RegExp using the desired flags.

For this file, the best fix is to rewrite the construction of re in shExpMatch to:

  1. Escape all regex metacharacters in shexp, including backslash.
  2. Replace the escaped * and ? with .* and . respectively.
  3. Wrap the final string with ^ and $ as before.

We can implement this directly inside _runPacScript’s sandbox.shExpMatch function without changing its external behavior or adding new imports. A common pattern is:

const escaped = shexp.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
const pattern = '^' + escaped.replace(/\\\*/g, '.*').replace(/\\\?/g, '.') + '$';
const re = new RegExp(pattern);

This ensures that backslashes and all other regex meta-characters are safely escaped while still giving * and ? their wildcard semantics. Only the body of shExpMatch (lines around 364–366) in packages/cli-doctor/src/checks/pac.js needs to be changed.

Suggested changeset 1
packages/cli-doctor/src/checks/pac.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/cli-doctor/src/checks/pac.js b/packages/cli-doctor/src/checks/pac.js
--- a/packages/cli-doctor/src/checks/pac.js
+++ b/packages/cli-doctor/src/checks/pac.js
@@ -362,7 +362,10 @@
     myIpAddress: () => '127.0.0.1',
     dnsDomainLevels: h => (h.match(/\./g) || []).length,
     shExpMatch: (str, shexp) => {
-      const re = new RegExp('^' + shexp.replace(/\./g, '\\.').replace(/\*/g, '.*').replace(/\?/g, '.') + '$');
+      // Escape all regex metacharacters, then translate wildcard * and ? to regex
+      const escaped = shexp.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const pattern = '^' + escaped.replace(/\\\*/g, '.*').replace(/\\\?/g, '.') + '$';
+      const re = new RegExp(pattern);
       return re.test(str);
     },
     weekdayRange: () => true,
EOF
@@ -362,7 +362,10 @@
myIpAddress: () => '127.0.0.1',
dnsDomainLevels: h => (h.match(/\./g) || []).length,
shExpMatch: (str, shexp) => {
const re = new RegExp('^' + shexp.replace(/\./g, '\\.').replace(/\*/g, '.*').replace(/\?/g, '.') + '$');
// Escape all regex metacharacters, then translate wildcard * and ? to regex
const escaped = shexp.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
const pattern = '^' + escaped.replace(/\\\*/g, '.*').replace(/\\\?/g, '.') + '$';
const re = new RegExp(pattern);
return re.test(str);
},
weekdayRange: () => true,
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rishigupta1599