Add ReDoS validation for SpamRule.pattern field (FRE-4512)

- Create regex-validation utility with ReDoS detection (nested quantifiers, overlapping alternations, complexity limits) - Add @db.VarChar(500) constraint on pattern field in Prisma schema - Integrate validation in rule-engine at load time and evaluation time - Add 46 unit tests covering syntax, ReDoS patterns, complexity, edge cases Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-02 07:23:39 -04:00
parent e580a693c7
commit b01b79d02a
4 changed files with 620 additions and 12 deletions
--- a/packages/db/prisma/schema.prisma
+++ b/packages/db/prisma/schema.prisma
@@ -309,7 +309,7 @@ model SpamCallAnalysis {
 model SpamRule {
  id          String       @id @default(uuid())
  name        String       @unique
-  pattern     String // Regex pattern - needs ReDoS validation
+  pattern     String       @db.VarChar(500) // Regex pattern - validated for ReDoS at application layer
  decision    SpamDecision
  description String?
  isActive    Boolean      @default(true)