Can we remove use of eval in math.ts?

[colinlin-stripe]

Are we making use of eval in this math library anywhere in librechat?

I see it being used in
banViolation.js
cacheConfig.js

seems like it can be replaced by parseInt or parseFloat

@danny-avila
is math being used anywhere else in the codebase?

We would like to avoid use of eval as it opens up the risk of injection attacks

[Anonymous941]

Only AI would come up with using eval to parse math expressions and have a whitelist of allowed characters, rather then just using an algebraic notation library... Here's the part of the code that does this, this just looks like a security vulnerability waiting to happen, there could be a weird edge case in the JS spec that lets you run arbitrary code using only these characters

 const validStr = /^[+\-\d.\s*/%()]+$/.test(str);

  if (!validStr) {
    if (fallback) {
      return fallbackValue;
    }
    throw new Error('Invalid characters in string');
  }

  const value = eval(str);