Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leesha.rami.io from gravatar.com leesha.rami.io Avatar for rami from gravatar.com rami

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License 2.0)
  • Author: Raphael Michel
  • Tags csv, injection, defuse, save
Classifiers

Project description

https://img.shields.io/pypi/v/defusedcsv.svg https://travis-ci.org/raphaelm/defusedcsv.svg?branch=master https://codecov.io/gh/raphaelm/defusedcsv/branch/master/graph/badge.svg

If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS Excel or LibreOffice).

This library tries to mitigate that by prepending all cells starting with @, +, -, =, | or % with an apostrophe ' and additionally replacing all | characters in these cells with \|. This will of course change the resulting CSV files, but Excel will not display the ' character to the user.

Tested with Python 3.8 to 3.10.

Usage

This library acts as a drop-in replacement for the standard library’s csv module. You can use it by just replacing import csv with from defusedcsv import csv in your code.

License

The code in this repository is published under the terms of the Apache License. See the LICENSE file for the complete license text.

This project is maintained by Raphael Michel <mail@raphaelmichel.de>. See the AUTHORS file for a list of all the awesome folks who contributed to this project.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leesha.rami.io from gravatar.com leesha.rami.io Avatar for rami from gravatar.com rami

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License 2.0)
  • Author: Raphael Michel
  • Tags csv, injection, defuse, save
Classifiers

Release history Release notifications | RSS feed

This version

2.0.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

defusedcsv-2.0.0.tar.gz (7.5 kB view details)

Uploaded Source

Built Distribution

defusedcsv-2.0.0-py3-none-any.whl (7.8 kB view details)

Uploaded Python 3

File details

Details for the file defusedcsv-2.0.0.tar.gz.

File metadata

  • Download URL: defusedcsv-2.0.0.tar.gz
  • Upload date:
  • Size: 7.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.12

File hashes

Hashes for defusedcsv-2.0.0.tar.gz
Algorithm Hash digest
SHA256 7612228e54ef1690a19f7aef526709010608e987f9998c89588ef05d9ecfe4d6
MD5 bae0807cee5a14b74b7c36f4851f0c3e
BLAKE2b-256 0971b315ee2dde73f37cc8245c5f31034e790ef72fa31b431f4bd534d9c0a19b

See more details on using hashes here.

File details

Details for the file defusedcsv-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: defusedcsv-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 7.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.12

File hashes

Hashes for defusedcsv-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a7bc3b1ac1ce4f8c6c1e8740466b1b5789b51ca18d918b0099313dc0cdf2cef4
MD5 732c4ecc827904667919310d293d8270
BLAKE2b-256 2d75660d4242fa044f48d7155ad29aa9f2c91a69218cf2e061f0abc7896da7d7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page