Closed edufuga closed 1 month ago
Bugfix: CSV Injection
This PR adds a sanitizer for CSV rows. It deals with the causes for CSV Injection, as documented in https://owasp.org/www-community/attacks/CSV_Injection.
The CsvParser from Univocity can't be extended (it's final) in a "sanitizing subclass of CsvParser", so the solution simply maps over the cells and converts them explicitly.
CsvParser
final
Bugfix: CSV Injection
This PR adds a sanitizer for CSV rows. It deals with the causes for CSV Injection, as documented in https://owasp.org/www-community/attacks/CSV_Injection.
The
CsvParserfrom Univocity can't be extended (it'sfinal) in a "sanitizing subclass of CsvParser", so the solution simply maps over the cells and converts them explicitly.