Crash in Teams Webhook Handler (Undefined Property Access)

[CodeLoopdroid]

@waleedlatif1

Describe the bug

• The formatTeamsGraphNotification function in apps/sim/lib/webhooks/utils.server.ts assumes that body.value always contains at least one element. If the array is empty or undefined, the handler throws a TypeError when accessing notification.changeType, causing the webhook worker to crash instead of handling the input safely.

To Reproduce Steps to reproduce the behavior:

1. Call formatTeamsGraphNotification with the following payload - { "value": [] }
2. The function attempts to access body.value[0]
3. A runtime error occurs when reading changeType from undefined

Expected behavior

• The handler should validate the incoming payload and gracefully handle empty or malformed notification arrays without crashing the server. Ideally, it should log a warning and safely return null or an appropriate error response.

Actual behavior

Error: Cannot read properties of undefined (reading 'changeType')

Additional context

Vulnerable Code - Line 84

const notification = body.value[0]

Proposed Fix:

const notification = body.value?.[0] if (!notification) { logger.warn('Received empty Teams notification body') return null }

I verified the issue using a local reproduction script (repro_teams_crash.ts), which consistently crashes the handler when an empty value array is passed.