From 34f34e058b5d2928c928a9e3571ea835ae103a7a Mon Sep 17 00:00:00 2001
From: Rodrigo Toshiaki Horie <rodrigo.horie@hotmail.com>
Date: Mon, 15 Jun 2026 17:41:53 -0300
Subject: [PATCH] AAP-79142 fix: resolve SonarCloud security rating C (#16503)

fix: resolve SonarCloud security rating C (AAP-79142)

Replace regex-based substring checks with plain `in` operator in awxkit
page.py to eliminate ReDoS vulnerability (python:S5852). Remove stray
empty Pipfile that triggered missing lockfile warning (text:S8565).

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 awx/api/urls/Pipfile            |  0
 awxkit/awxkit/api/pages/page.py | 21 ++++++++++-----------
 2 files changed, 10 insertions(+), 11 deletions(-)
 delete mode 100644 awx/api/urls/Pipfile

diff --git a/awx/api/urls/Pipfile b/awx/api/urls/Pipfile
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/awxkit/awxkit/api/pages/page.py b/awxkit/awxkit/api/pages/page.py
index 88c058e2e0..aa3c5534ff 100644
--- a/awxkit/awxkit/api/pages/page.py
+++ b/awxkit/awxkit/api/pages/page.py
@@ -2,7 +2,6 @@ from contextlib import suppress
 import inspect
 import logging
 import json
-import re
 
 from requests import Response
 import http.client as http
@@ -23,31 +22,31 @@ get_registered_page = _page_registry.get
 
 
 def is_license_invalid(response):
-    if re.match(r".*Invalid license.*", response.text):
+    if "Invalid license" in response.text:
         return True
-    if re.match(r".*Missing 'eula_accepted' property.*", response.text):
+    if "Missing 'eula_accepted' property" in response.text:
         return True
-    if re.match(r".*'eula_accepted' must be True.*", response.text):
+    if "'eula_accepted' must be True" in response.text:
         return True
-    if re.match(r".*Invalid license data.*", response.text):
+    if "Invalid license data" in response.text:
         return True
 
 
 def is_license_exceeded(response):
-    if re.match(r".*license range of.*instances has been exceeded.*", response.text):
+    if "license range of" in response.text and "instances has been exceeded" in response.text:
         return True
-    if re.match(r".*License count of.*instances has been reached.*", response.text):
+    if "License count of" in response.text and "instances has been reached" in response.text:
         return True
-    if re.match(r".*License count of.*instances has been exceeded.*", response.text):
+    if "License count of" in response.text and "instances has been exceeded" in response.text:
         return True
-    if re.match(r".*License has expired.*", response.text):
+    if "License has expired" in response.text:
         return True
-    if re.match(r".*License is missing.*", response.text):
+    if "License is missing" in response.text:
         return True
 
 
 def is_duplicate_error(response):
-    if re.match(r".*already exists.*", response.text):
+    if "already exists" in response.text:
         return True