Add protections for loop-bound injections

Author: christopherholland-workday

packages/components/evaluation/EvaluationRunner.ts

@@ -89,12 +89,10 @@ export class EvaluationRunner {
     public async runEvaluations(data: ICommonObject) {
         const chatflowIds = JSON.parse(data.chatflowId)
 
-        // Validate chatflowIds is an actual array to prevent DoS attacks
         if (!Array.isArray(chatflowIds)) {
             throw new Error('chatflowId must be a valid array')
         }
 
-        // Validate dataset.rows is an actual array to prevent DoS attacks
         if (!data.dataset || !Array.isArray(data.dataset.rows)) {
             throw new Error('dataset.rows must be a valid array')
         }

packages/server/src/services/evaluations/index.ts

@@ -72,7 +72,6 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
         const row = appServer.AppDataSource.getRepository(Evaluation).create(newEval)
         row.average_metrics = JSON.stringify({})
 
-        // Parse and validate evaluator arrays to prevent DoS attacks
         const chatflowTypes = body.chatflowType ? JSON.parse(body.chatflowType) : []
         if (!Array.isArray(chatflowTypes)) {
             throw new Error('chatflowType must be a valid array')
@@ -143,7 +142,6 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
         const apiKeys: { chatflowId: string; apiKey: string }[] = []
         const chatflowIds = JSON.parse(body.chatflowId)
 
-        // Validate chatflowIds is an actual array to prevent DoS attacks
         if (!Array.isArray(chatflowIds)) {
             throw new Error('chatflowId must be a valid array')
         }