fix(agentflow): implement regex operation in Condition node

[kaigritun]

Summary

Fixes #5650

The Condition node's frontend UI offers a 'Regex' operation for string comparisons, but the backend was missing the corresponding handler in compareOperationFunctions. This caused the runtime error:

compareOperationFunctions[operation] is not a function

Changes

Added the regex handler to the compareOperationFunctions map that:

• Takes value1 as the string to test
• Takes value2 as the regex pattern
• Returns true if value1 matches the regex pattern
• Returns false for invalid regex patterns (graceful fallback with try/catch)

Testing

To verify the fix:

1. Create an Agentflow with a Condition node
2. Add a condition with Type: String
3. Select Operation: "Regex"
4. Set Value 1 to any string variable (e.g., hello world)
5. Set Value 2 to a regex pattern (e.g., ^hello)
6. Run the flow
7. The condition should now evaluate correctly instead of throwing an error

[gemini-code-assist]

Summary of Changes

Hello @kaigritun, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical runtime error in the Agentflow Condition node by implementing the missing backend logic for the "Regex" comparison operation. Previously, while the frontend allowed users to select "Regex" for string comparisons, the backend lacked the corresponding handler, leading to failures. The changes ensure that regular expression-based conditions now execute correctly and gracefully handle malformed regex patterns.

Highlights

• Regex Operation Implementation: Implemented a regex operation handler within the Condition node's compareOperationFunctions to resolve a backend functionality gap.
• Correct Evaluation: The new handler correctly evaluates if a given string (value1) matches a provided regular expression pattern (value2).
• Robust Error Handling: Incorporated robust error handling for invalid regex patterns, ensuring the node returns false instead of throwing a runtime error.

Changelog

• packages/components/nodes/agentflow/Condition/Condition.ts
  • Added a new regex function to the compareOperationFunctions object.
  • The regex function takes two values, converts them to strings, and uses new RegExp() to create a regular expression from the second value, then test() to check against the first value.
  • Implemented a try-catch block around the regex creation and testing to prevent errors from invalid regex patterns, returning false in such cases.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly implements the regex operation for the Condition node, which was missing in the backend. The implementation is straightforward and handles invalid regex patterns gracefully by returning false. However, I've identified a significant security vulnerability (ReDoS) that needs to be addressed before this can be merged. My review includes a detailed comment on this issue.

[gemini-code-assist]

The implementation of the regex operation is vulnerable to Regular Expression Denial of Service (ReDoS). Since the regex pattern is user-configurable, a malicious user could provide a pattern that leads to catastrophic backtracking, causing the service to hang by consuming 100% of CPU.

For example, a pattern like /(a+)+b/ combined with an input string like 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaac' would trigger this vulnerability.

It is highly recommended to validate the regex pattern against ReDoS before using it. You can use a library like safe-regex or re-recheck to check if a regex is safe. The check should be performed before new RegExp() is called.

[kaigritun]

Good catch on the ReDoS concern! I'll add safe-regex validation to protect against catastrophic backtracking. Pushing a fix shortly.

[kaigritun]

✅ ReDoS vulnerability fixed!

I've addressed the security concern by adding safe-regex2 validation:

Changes made:

• Added safe-regex2 library as a dependency
• Replaced manual ReDoS pattern check with safeRegex(pattern) validation
• Regex pattern is now validated before new RegExp() is called

The safe-regex2 library performs comprehensive checks for catastrophic backtracking patterns, providing more robust protection than the previous manual approach.

Commit: 404b5a1

@gemini-code-assist This should resolve the ReDoS vulnerability you identified. The pattern is now validated using a well-tested library before regex execution.

[gemini-code-assist]

Thank you for the update, @kaigritun! I appreciate your quick action in addressing the ReDoS vulnerability. The integration of safe-regex2 is an excellent and robust solution to prevent catastrophic backtracking patterns, and it effectively mitigates the security concern. Great work!

[HenryHengZJ]

#5651