From ebea29ad2fa5cffb77e10b742a0c8afb53cc9ca5 Mon Sep 17 00:00:00 2001
From: Leonid Romanov <romanov.leonid@gmail.com>
Date: Tue, 17 Dec 2024 14:43:46 +0200
Subject: [PATCH] fix: fix Regular expression injection

---
 packages/ui/scripts/utils/fuzzyMatch.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/ui/scripts/utils/fuzzyMatch.ts b/packages/ui/scripts/utils/fuzzyMatch.ts
index 748171198..c01e5a6dd 100644
--- a/packages/ui/scripts/utils/fuzzyMatch.ts
+++ b/packages/ui/scripts/utils/fuzzyMatch.ts
@@ -1,9 +1,13 @@
+import { escapeRegExp } from 'lodash-es';
+
 export function fuzzyMatch(partials: string[], total: string[], includeAll = false) {
   const matched: string[] = [];
 
   partials.forEach((partial) => {
+    const safePartial = escapeRegExp(partial);
+
     for (const target of total) {
-      if (target.match(partial)) {
+      if (target.match(safePartial)) {
         matched.push(target);
 
         if (!includeAll) {