We can not ignore Security on the Web. Security Vulnerability can impact your application and users which might eventually destroy your company!
As Web/Software Engineers, we should care about Security as much we care about our code.
There are different kinds of injection attacks available.
I was working with CSVs and then thought to use any available CSV injection protector package from npmjs. But I was surprised that I could not find what I needed.
So I thought to develop and release a package(CSV injection protector) for me and all of us.
First, let's see what is CSV injection-
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files.
To learn more about CSV Injection, please have a look here 👉OWASP doc on CSV Injection
I am presenting a tiny and useful package for protecting your application from CSV Injections called
(And it's always hard to come up with a good name I know 😉)
Why use this pacakge?
If you have any Input Field and that data goes to the Database in the backend and you generate CSV files with it, then you SHOULD think about CSV injection.
Probably, the string went to your DB is injected. They can execute any operation in the cell and also your CSV file can be corrupted and you can not open that.
It can be sanitized so that string is okay for the CSV.
How to use
npm i csv-injection-protector
Then use in your code like below:
const riskyString = "=Risky string for CSV"; const sanitizedString = csvInjectionProtector(riskyString); console.log(sanitizedString); // "Risky string for CSV"
It's super simple!
I also showed a demo of this package. Please check out the YouTube video-
Please check 👉npmjs.com/package/csv-injection-protector
Use it and let me know if you find any issues. Also if you have any suggestions, PRs are welcome 🙌
Photo by Sara Bakhshi on Unsplash