[Security] sanitizeMimeType regex should be anchored and case-insensitive

[ekson73]

Summary

In src/media-understanding/apply.ts, the sanitizeMimeType function's regex is not anchored at the end, which could allow malicious suffixes. Additionally, MIME types are case-insensitive per RFC standards.

Impact

Severity: Medium (8/10)
Type: Security - Input validation

Current Behavior

const trimmed = value.trim().toLowerCase();
const match = trimmed.match(/^([a-z0-9!#$&^_.+-]+\/[a-z0-9!#$&^_.+-]+)/);
return match?.[1];

Suggested Fix

const trimmed = value.trim();
const match = trimmed.match(/^([a-z0-9!#$&^_.+-]+\/[a-z0-9!#$&^_.+-]+)(?:;.*)?$/i);
return match?.[1].toLowerCase();

This:

1. Anchors the regex at the end ($)
2. Makes it case-insensitive (/i)
3. Handles optional parameters ((?:;.*)?)

Source

Identified by Qodo AI code review.

Files Affected

• src/media-understanding/apply.ts (lines 96-106)

[nu-gui]

Related to #9791 — the unanchored regex is part of the same sanitization path. Fix in #10257 applies the $ anchor and NFKC normalization to both sanitizeMimeType() and normalizeMimeType().