Security: harden regex usage against ReDoS (S5852)

[Copilot]

SonarCloud flagged five regex hotspots (S5852) across the codebase. The content-sanitiser is the highest-priority target since it scans untrusted uploaded document text; the remainder are public auth input or admin/CI-only contexts.

Content sanitiser (services/content-sanitiser/app/main.py)

• Added MAX_SCAN_CHARS = 200_000; injection pattern scan now operates on text[:MAX_SCAN_CHARS] rather than the full raw input
• Simplified the delete-files pattern to eliminate adjacent optional \s+ groups that created ambiguous whitespace ownership:

  # Before — adjacent optional groups, potential super-linear backtracking
  r"delete\s+(?:any|all|the|these)?(?:\s+uploaded)?(?:\s+)?files?"
  # After — unambiguous, each group owns its own trailing space
  r"delete\s+(?:(?:any|all|the|these)\s+)?(?:uploaded\s+)?files?"

Content sanitiser tests

• TestReDoSAdversarialInput: 5 regression tests with wall-clock budget assertions against pathological inputs (500 k-char word-space strings, trigger phrase inside/outside scan window, repeated delete words)
• TestPromptInjectionDeleteFiles: 5 additional variant tests confirming the simplified regex still detects all intended phrasings

EmailContinueForm.tsx

• Replaced unbounded EMAIL_REGEX with explicit RFC-aligned bounds: /^[^\s@]{1,64}@[^\s@]{1,253}\.[^\s@]{1,63}$/
• Added MAX_EMAIL_LENGTH = 254, maxLength={254} on the input, and length guards in both isEmailValid and handleSubmit

BlogPostForm.tsx

• Added maxLength={200} on the title input to bound the slug derivation
• Split .replace(/^-+|-+$/g, '') into two separate anchored replaces to remove the alternation Sonar flags

check-naming-conventions.js

• Added // NOSONAR: javascript:S5852 with written justification on both flagged lines — these patterns run only against trusted repository source in CI, never against attacker-controlled input

[Copilot]

Pull request overview

This PR hardens regex usage flagged by SonarCloud S5852 across the content sanitiser, frontend forms, and a contracts CI script. The main intent is reducing ReDoS risk for untrusted uploaded text while preserving existing prompt-injection and form behavior.

Changes:

• Bounds prompt-injection regex scanning in the content sanitiser and simplifies one risky pattern.
• Adds frontend input bounds and adjusts slug/email regex handling.
• Adds regression tests for adversarial sanitiser inputs and documents CI-only regex suppressions.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
services/content-sanitiser/app/main.py	Adds bounded injection scanning and updates the delete-files regex.
services/content-sanitiser/tests/test_injection_patterns.py	Adds delete-files variants and long-input ReDoS regression tests.
apps/app-frontend/src/components/auth/EmailContinueForm.tsx	Adds email length limits and bounded validation regex.
apps/app-frontend/src/components/admin/blog/BlogPostForm.tsx	Adds title length limit and splits slug trim regex.
shared/contracts/scripts/check-naming-conventions.js	Adds Sonar suppression comments for CI-only regex checks.