fix(security): validate regex syntax before safety check

Move new RegExp() before safe() so invalid patterns get a proper syntax
error instead of a misleading "catastrophic backtracking" message.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/lib/guardrails/validate_regex.ts

@@ -11,29 +11,30 @@ export interface ValidationResult {
 }
 
 export function validateRegex(inputStr: string, pattern: string): ValidationResult {
+  let regex: RegExp
   try {
-    if (!safe(pattern)) {
-      return {
-        passed: false,
-        error: 'Regex pattern rejected: potentially unsafe (catastrophic backtracking)',
-      }
-    }
+    regex = new RegExp(pattern)
+  } catch (error: any) {
+    return { passed: false, error: `Invalid regex pattern: ${error.message}` }
+  }
 
-    if (inputStr.length > MAX_INPUT_LENGTH) {
-      return {
-        passed: false,
-        error: `Input exceeds maximum length of ${MAX_INPUT_LENGTH} characters`,
-      }
+  if (!safe(pattern)) {
+    return {
+      passed: false,
+      error: 'Regex pattern rejected: potentially unsafe (catastrophic backtracking)',
     }
+  }
 
-    const regex = new RegExp(pattern)
-    const match = regex.test(inputStr)
-
-    if (match) {
-      return { passed: true }
+  if (inputStr.length > MAX_INPUT_LENGTH) {
+    return {
+      passed: false,
+      error: `Input exceeds maximum length of ${MAX_INPUT_LENGTH} characters`,
     }
-    return { passed: false, error: 'Input does not match regex pattern' }
-  } catch (error: any) {
-    return { passed: false, error: `Invalid regex pattern: ${error.message}` }
   }
+
+  const match = regex.test(inputStr)
+  if (match) {
+    return { passed: true }
+  }
+  return { passed: false, error: 'Input does not match regex pattern' }
 }