Replace 65+ Regex::new().unwrap() calls with three once_cell::sync::Lazy
static collections:
- DANGEROUS_PATTERNS: 60+ XSS/SQL/command injection regexes
- ROOM_NAME_REGEX: room name character validation
- TOXIC_PATTERNS: 5 toxicity detection regexes
All patterns are compiled once at startup with .ok() filter for safety.
ContentFilter, ToxicityDetector now clone from the statics.
Also adds pub mod security_legacy to lib.rs so the module is compiled
and checked during CI builds.
Addresses audit finding D9: .unwrap() on Regex::new() in legacy code.
Co-authored-by: Cursor <cursoragent@cursor.com>
3cc8c36a2c