Closed edufuga closed 1 month ago
Bugfix: CSV Injection
This PR adds a sanitizer for CSV rows. It deals with the causes for CSV Injection, as documented in https://owasp.org/www-community/attacks/CSV_Injection.
The CsvParser from Univocity can't be extended (it's final) in a "sanitizing subclass of CsvParser", so the solution simply maps over the cells and converts them explicitly.
CsvParser
final
Bugfix: CSV Injection
This PR adds a sanitizer for CSV rows. It deals with the causes for CSV Injection, as documented in https://owasp.org/www-community/attacks/CSV_Injection.
The
CsvParser
from Univocity can't be extended (it'sfinal
) in a "sanitizing subclass of CsvParser", so the solution simply maps over the cells and converts them explicitly.