bschoening commented on code in PR #4856: URL: https://github.com/apache/cassandra/pull/4856#discussion_r3343182295
########## doc/modules/cassandra/pages/managing/tools/cqlsh.adoc: ########## @@ -461,6 +461,19 @@ value `STDOUT` (without single quotes) to print the CSV to stdout. See `shared-copy-options` for options that apply to both `COPY TO` and `COPY FROM`. +[NOTE] +==== +`COPY TO` only supports printable characters in text column values, in +accordance with RFC 4180. Text columns containing control characters +such as newlines (`\n`), carriage returns (`\r`), null bytes (`\x00`), +or other non-printable characters cannot be reliably exported — values +will be corrupted on re-import via `COPY FROM`. Beyond data integrity, +non-printable characters in CSV output can pose security risks, including +CSV injection and other forms of malicious data embedding. If your data Review Comment: Yes, I would ignore this Co-pilot suggestion. Certainly malicious data embedding -- null characters, backspaces, etc could be a concern. We don't want to provide a security tutorial, just want to give a brief mention of the concerns. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
