fix vulnerability (#5098)

* safe * add get cookie * fix * fix * fix
2025-10-18 09:24:03 +00:00 · 2025-06-27 14:35:38 +08:00
parent 1cc86f9eb7
commit b6a258d494
9 changed files with 101 additions and 22 deletions
--- a/packages/service/common/file/csv.ts
+++ b/packages/service/common/file/csv.ts
@@ -1,4 +1,33 @@
+// Function to escape CSV fields to prevent injection attacks
+export const sanitizeCsvField = (field: String): string => {
+  if (field == null) return '';
+
+  let fieldStr = String(field);
+
+  // Check for dangerous starting characters that could cause CSV injection
+  if (fieldStr.match(/^[\=\+\-\@\|]/)) {
+    // Add prefix to neutralize potential formula injection
+    fieldStr = `'${fieldStr}`;
+  }
+
+  // Handle special characters that need escaping in CSV
+  if (
+    fieldStr.includes(',') ||
+    fieldStr.includes('"') ||
+    fieldStr.includes('\n') ||
+    fieldStr.includes('\r')
+  ) {
+    // Escape quotes and wrap field in quotes
+    fieldStr = `"${fieldStr.replace(/"/g, '""')}"`;
+  }
+
+  return fieldStr;
+};
+
 export const generateCsv = (headers: string[], data: string[][]) => {
-  const csv = [headers.join(','), ...data.map((row) => row.join(','))].join('\n');
+  const sanitizedHeaders = headers.map((header) => sanitizeCsvField(header));
+  const sanitizedData = data.map((row) => row.map((cell) => sanitizeCsvField(cell)));
+
+  const csv = [sanitizedHeaders.join(','), ...sanitizedData.map((row) => row.join(','))].join('\n');
  return csv;
 };