hapi-csv
Advanced tools
Comparing version 5.1.3 to 5.1.4
@@ -10,3 +10,4 @@ 'use strict'; | ||
const internals = { | ||
routeMap: new Map() | ||
routeMap: new Map(), | ||
riskyCharacters: ["=", "+", "-", "@"] | ||
}; | ||
@@ -266,3 +267,3 @@ | ||
for (const header of headerQueryMap.keys()) { | ||
headerRow.push(`${header}`); | ||
headerRow.push(`${internals.csvInjectionProtector(header)}`); | ||
} | ||
@@ -299,5 +300,6 @@ | ||
for (const header of headerQueryMap.keys()) { | ||
const sanitizedHeader = internals.csvInjectionProtector(header); | ||
headerRow.push({ | ||
name: header, | ||
header | ||
name: sanitizedHeader, | ||
header: sanitizedHeader | ||
}); | ||
@@ -358,2 +360,5 @@ } | ||
temp = internals.dateToISOString(temp); | ||
// Sanitize values against CSV injection | ||
temp = internals.csvInjectionProtector(temp); | ||
dataRow.push(temp); | ||
@@ -401,1 +406,23 @@ } | ||
}; | ||
internals.csvInjectionProtector = (string) => { | ||
if (!string) { | ||
return ""; | ||
}; | ||
if (typeof string !== 'string' && !(string instanceof String)) { | ||
return string; | ||
} | ||
const firstCharacter = string.charAt(0); | ||
const isInjected = internals.riskyCharacters.includes(firstCharacter); | ||
if(!isInjected) { | ||
return string; | ||
} | ||
const protectedString = `'${string}`; | ||
return internals.csvInjectionProtector(protectedString); | ||
}; |
{ | ||
"name": "hapi-csv", | ||
"version": "5.1.3", | ||
"version": "5.1.4", | ||
"description": "Hapi plugin for converting a Joi response schema and dataset to csv", | ||
@@ -29,3 +29,3 @@ "main": "lib/index.js", | ||
"fast-csv": "^4.3.6", | ||
"xlsx": "^0.17.0" | ||
"xlsx": "^0.18.0" | ||
}, | ||
@@ -32,0 +32,0 @@ "devDependencies": { |
51722
7
1118
+ Addedxlsx@0.18.5(transitive)
- Removedadler-32@1.2.0(transitive)
- Removedexit-on-epipe@1.0.1(transitive)
- Removedprintj@1.1.2(transitive)
- Removedxlsx@0.17.5(transitive)
Updatedxlsx@^0.18.0