binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[SECUR-105] fix: csv injection vulnerability sanitization #8611

Browse source
This commit is contained in:
Sangeetha 2026-02-13 15:37:13 +05:30 committed by GitHub
parent a8d81656fc
commit cd613e5f8f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 46 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apps/api/plane/bgtasks/analytic_plot_export.py
View file

@ -24,6 +24,7 @@ from plane.license.utils.instance_value import get_email_configuration
from plane.utils.analytics_plot import build_graph_plot
from plane.utils.exception_logger import log_exception
from plane.utils.issue_filters import issue_filters
from plane.utils.csv_utils import sanitize_csv_row
row_mapping = {
"state__name": "State",
@ -180,7 +181,7 @@ def generate_csv_from_rows(rows):
"""Generate CSV buffer from rows."""
csv_buffer = io.StringIO()
writer = csv.writer(csv_buffer, delimiter=",", quoting=csv.QUOTE_ALL)
[writer.writerow(row) for row in rows]
[writer.writerow(sanitize_csv_row(row)) for row in rows]
return csv_buffer