binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[SECUR-105] fix: csv injection vulnerability sanitization #8611

Browse source
This commit is contained in:
Sangeetha 2026-02-13 15:37:13 +05:30 committed by GitHub
parent a8d81656fc
commit cd613e5f8f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 46 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apps/api/plane/utils/porters/formatters.py
View file

@ -18,6 +18,10 @@ from typing import Any, Dict, List, Union
from openpyxl import Workbook, load_workbook
# Module imports
from plane.utils.csv_utils import sanitize_csv_row, sanitize_csv_value
class BaseFormatter(ABC):
@abstractmethod
def encode(self, data: List[Dict]) -> Union[str, bytes]:
@ -128,11 +132,12 @@ class CSVFormatter(BaseFormatter):
# Write data rows in the same field order
for row in data:
writer.writerow([row.get(key, "") for key in fieldnames])
writer.writerow(sanitize_csv_row([row.get(key, "") for key in fieldnames]))
else:
writer = csv.DictWriter(output, fieldnames=fieldnames, delimiter=self.delimiter)
writer.writeheader()
writer.writerows(data)
for row in data:
writer.writerow({k: sanitize_csv_value(row.get(k, "")) for k in fieldnames})
return output.getvalue()