From 96dc6d545842410744e8be28d94ae09cc17c4a74 Mon Sep 17 00:00:00 2001
From: Erik Schultink <eschultink@users.noreply.github.com>
Date: Mon, 9 Feb 2026 14:44:38 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 1: Regular
 expression injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 index.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 3e677ea..9166012 100644
--- a/index.js
+++ b/index.js
@@ -140,9 +140,10 @@ program
     let bucket = getBackupBucket(program, projectId, frequency);
 
     let bucketPrefix = `gs://${bucket}/`;
+    let escapedBucketPrefix = _.escapeRegExp(bucketPrefix);
     let files = child_process.execSync('gsutil ls ' + bucketPrefix).toString('utf8');
     files = files.replace(/\n/g, '\n\t');
-    files = files.replace(new RegExp(bucketPrefix,  'g'), '');
+    files = files.replace(new RegExp(escapedBucketPrefix, 'g'), '');
     console.log(projectId + ': \r\n\t' + files);
   });