Merge pull request #35176 from dimagi/autofix/alert-392-488405f6f1

Fix code scanning alert no. 392: Regular expression injection
dimagi · Oct 11, 2024 · 2fcc2ea · 2fcc2ea
2 parents 2a47549 + 08c45c3
commit 2fcc2ea
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/corehq/apps/sms/views.py b/corehq/apps/sms/views.py
@@ -752,8 +752,7 @@ def chat_contact_list(request, domain):
     total_records = len(data)
 
     if sSearch:
-        regex = re.compile('^.*%s.*$' % sSearch)
-        data = [row for row in data if regex.match(row[0]) or regex.match(row[2])]
+        data = [row for row in data if sSearch in row[0] or sSearch in row[2]]
     filtered_records = len(data)
 
     data.sort(key=lambda row: row[0])