----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75303/#review227149 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java Lines 4654 (patched) <https://reviews.apache.org/r/75303/#comment315420> Need to escape tab and carriage return charaters. Pattern.compile("^[=+\-@\t\r]").matcher(value).find(); Refer - https://owasp.org/www-community/attacks/CSV_Injection - Mugdha Varadkar On Dec. 11, 2024, 2:39 p.m., Rakesh Gupta wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75303/ > ----------------------------------------------------------- > > (Updated Dec. 11, 2024, 2:39 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-5015 > https://issues.apache.org/jira/browse/RANGER-5015 > > > Repository: ranger > > > Description > ------- > > Best Practices for Safe and Optimized CSV and Excel Exports > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > a21b8c8d2 > > > Diff: https://reviews.apache.org/r/75303/diff/1/ > > > Testing > ------- > > Tested and verified that the "/plugins/policies/downloadExcel" and > "/plugins/policies/csv" APIs implement best practices for exporting CSV and > Excel files. > > > Thanks, > > Rakesh Gupta > >
