Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zvory/csv-safe

Decorate the ruby CSV library to sanitize output CSV against CSV injection attacks.
https://github.com/zvory/csv-safe

csv csv-export csv-files csv-import injection-attacks ruby ruby-gem security

Last synced: 1 day ago
JSON representation

Decorate the ruby CSV library to sanitize output CSV against CSV injection attacks.

Host: GitHub
URL: https://github.com/zvory/csv-safe
Owner: zvory
License: mit
Created: 2018-07-27T23:02:25.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-07-25T12:20:52.000Z (6 months ago)
Last Synced: 2025-01-22T11:02:53.210Z (9 days ago)
Topics: csv, csv-export, csv-files, csv-import, injection-attacks, ruby, ruby-gem, security
Language: Ruby
Homepage:
Size: 26.4 KB
Stars: 40
Watchers: 2
Forks: 13
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Security: SECURITY.md

Awesome Lists containing this project

README

# csv-safe

[![Gem Version](https://badge.fury.io/rb/csv-safe.svg)](https://badge.fury.io/rb/csv-safe)

Also hosted on [RubyGems.org](https://rubygems.org/gems/csv-safe).

This gem decorates the built in CSV library to prevent CSV injection attacks. Wherever you would use `CSV` in your code, use `CSVSafe`. The gem will encode your fields in UTF-8.

What this gem does specifically:
- Override `CSV#<<` to sanitize incoming rows.
- Override `CSV#initialize` to add a converter that will sanitize fields being read.

A description of CSV injection attacks on [OWASP](https://owasp.org/www-community/attacks/CSV_Injection)

Made while working at [Influitive](https://influitive.com/). We kept writing similar code to sanitize CSV output, and I couldn't find a gem to do this for us, so I wrote this.

## Installation

Add this line to your application's Gemfile:

```ruby
gem 'csv-safe'
```

And then execute:

$ bundle

Or install it yourself as:

$ gem install csv-safe

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `csv-safe.gemspec`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

## License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).