Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leesha.rami.io from gravatar.com leesha.rami.io Avatar for rami from gravatar.com rami

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License 2.0)
  • Author: Raphael Michel
  • Tags csv , injection , defuse , save
Classifiers
Report project as malware

Project description

https://img.shields.io/pypi/v/defusedcsv.svg https://travis-ci.org/raphaelm/defusedcsv.svg?branch=master https://codecov.io/gh/raphaelm/defusedcsv/branch/master/graph/badge.svg

If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS Excel or LibreOffice).

This library tries to mitigate that by prepending all cells starting with @, +, -, =, | or % with an apostrophe ' and additionally replacing all | characters in these cells with \|. This will of course change the resulting CSV files, but Excel will not display the ' character to the user.

Tested with Python 3.9 to 3.13.

Usage

This library acts as a drop-in replacement for the standard library’s csv module. You can use it by just replacing import csv with from defusedcsv import csv in your code.

License

The code in this repository is published under the terms of the Apache License. See the LICENSE file for the complete license text.

This project is maintained by Raphael Michel <mail@raphaelmichel.de>. See the AUTHORS file for a list of all the awesome folks who contributed to this project.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leesha.rami.io from gravatar.com leesha.rami.io Avatar for rami from gravatar.com rami

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License 2.0)
  • Author: Raphael Michel
  • Tags csv , injection , defuse , save
Classifiers

Release history Release notifications | RSS feed

This version

3.0.0

2.0.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

defusedcsv-3.0.0.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

defusedcsv-3.0.0-py3-none-any.whl (8.0 kB view details)

Uploaded Python 3

File details

Details for the file defusedcsv-3.0.0.tar.gz.

File metadata

  • Download URL: defusedcsv-3.0.0.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.5

File hashes

Hashes for defusedcsv-3.0.0.tar.gz
Algorithm Hash digest
SHA256 018678533bc375f3bf2f70f9721e48daf3800a88320dc325c1dac67ee09e2a45
MD5 3a0139aec488434437d1ef348fb878e0
BLAKE2b-256 1d1d0c17ea5e5f8e456515e3368aa8821fbdf094ed29ac886f0b2f0f3779ab34

See more details on using hashes here.

File details

Details for the file defusedcsv-3.0.0-py3-none-any.whl.

File metadata

  • Download URL: defusedcsv-3.0.0-py3-none-any.whl
  • Upload date:
  • Size: 8.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.5

File hashes

Hashes for defusedcsv-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5e5f2e940cefb5ac60580c8009388bfb154b7853784d34a8f0ff3a52c6130e87
MD5 fff15b75932edb2619f24f036f9760fa
BLAKE2b-256 79aba2b9f4a1edc0828414fa4063fabe2f456e705e548dd530e0c8bc76d017e4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page