{ "info": { "author": "Raphael Michel", "author_email": "mail@raphaelmichel.de", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "Intended Audience :: Other Audience", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6" ], "description": "defusedcsv\n==========\n\n.. image:: https://img.shields.io/pypi/v/defusedcsv.svg\n :target: https://pypi.python.org/pypi/defusedcsv\n\n.. image:: https://travis-ci.org/raphaelm/defusedcsv.svg?branch=master\n :target: https://travis-ci.org/raphaelm/defusedcsv\n\n.. image:: https://codecov.io/gh/raphaelm/defusedcsv/branch/master/graph/badge.svg\n :target: https://codecov.io/gh/raphaelm/defusedcsv\n\nIf your Python application offers CSV export of user-generated data, that user-generated data might contain malicious\npayloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS\nExcel or LibreOffice).\n\nThis library tries to mitigate that by prepending all cells starting with ``@``, ``+``,\n``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all\n``|`` characters in these cells with ``\\|``. This will of course change the resulting\nCSV files, but Excel will not display the ``'`` character to the user.\n\nTested with Python 3.4 to 3.6.\n\nUsage\n-----\n\nThis library acts as a drop-in replacement for the standard library's ``csv`` module. You can use it by just replacing\n``import csv`` with ``from defusedcsv import csv`` in your code.\n\nUseful Links\n------------\n\n* https://www.owasp.org/index.php/CSV_Excel_Macro_Injection\n* https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/\n* https://blog.zsec.uk/csv-dangers-mitigations/\n\nLicense\n-------\nThe code in this repository is published under the terms of the Apache License. \nSee the LICENSE file for the complete license text.\n\nThis project is maintained by Raphael Michel . See the\nAUTHORS file for a list of all the awesome folks who contributed to this project.\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/raphaelm/defusedcsv", "keywords": "csv injection defuse save", "license": "Apache License 2.0", "maintainer": "", "maintainer_email": "", "name": "defusedcsv", "package_url": "https://pypi.org/project/defusedcsv/", "platform": "", "project_url": "https://pypi.org/project/defusedcsv/", "project_urls": { "Homepage": "https://github.com/raphaelm/defusedcsv" }, "release_url": "https://pypi.org/project/defusedcsv/1.1.0/", "requires_dist": null, "requires_python": "", "summary": "Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks", "version": "1.1.0" }, "last_serial": 5808145, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "85b3929c8302dbf5c760de22365a2f16", "sha256": "c3e33e9bcb6119b4c63ca9fbd7c0eb01f9e0ae3870bdafb1f1a2508348eb5e89" }, "downloads": -1, "filename": "defusedcsv-1.0.0-py3-none-any.whl", "has_sig": false, "md5_digest": "85b3929c8302dbf5c760de22365a2f16", "packagetype": "bdist_wheel", "python_version": "3.4", "requires_python": null, "size": 4668, "upload_time": "2017-08-07T10:07:16", "url": "https://files.pythonhosted.org/packages/64/6e/6331ece508ca13c6528a7abb57e24ee1032f55bb61cb9e0add2aae3b0943/defusedcsv-1.0.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "72640b8a562c5b86e25614f80140e4a3", "sha256": "77ccd57bd95801ca4e77ffd92d11aa6034c0d6ec244ae6695541cd979c7cf3ad" }, "downloads": -1, "filename": "defusedcsv-1.0.0.tar.gz", "has_sig": false, "md5_digest": "72640b8a562c5b86e25614f80140e4a3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3007, "upload_time": "2017-08-07T10:07:14", "url": "https://files.pythonhosted.org/packages/3d/59/bd48555b3cefa8a22630e643b8784192f3e19fff49c1725fc2b3740108dd/defusedcsv-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "c9b07d7cae82c85523d89dbfdbaa358a", "sha256": "929b1ac9bf35fa1ca9b9eedaa689bc0c535e8bde08e81665b9adb9a9e44a2f3a" }, "downloads": -1, "filename": "defusedcsv-1.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "c9b07d7cae82c85523d89dbfdbaa358a", "packagetype": "bdist_wheel", "python_version": "3.4", "requires_python": null, "size": 4695, "upload_time": "2017-08-07T11:08:42", "url": "https://files.pythonhosted.org/packages/83/8b/5f512c27ec12eadfa74e89dbca1ec78b1a98dbc6cf0e488539cf727a50b9/defusedcsv-1.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c34b923808213d03a3df65168a53a877", "sha256": "36d4b661c1472c9a60b3a7c80d0b30a42812d1584b3fbfd03ed22cecddcb3de0" }, "downloads": -1, "filename": "defusedcsv-1.0.1.tar.gz", "has_sig": false, "md5_digest": "c34b923808213d03a3df65168a53a877", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3042, "upload_time": "2017-08-07T11:08:40", "url": "https://files.pythonhosted.org/packages/d5/0b/e501b00fbc096d192e5a1c55165ffdd570ea494360afd3a9dc38a10e4553/defusedcsv-1.0.1.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "51adbb059d24f187d782e3341eccc183", "sha256": "6c623b21a03a0f0ef8caa95bdd36767de0be6c96019f85cfc2646483032127e4" }, "downloads": -1, "filename": "defusedcsv-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "51adbb059d24f187d782e3341eccc183", "packagetype": "bdist_wheel", "python_version": "3.6", "requires_python": null, "size": 7542, "upload_time": "2019-09-10T10:11:57", "url": "https://files.pythonhosted.org/packages/72/eb/438ad0ea9eb0c1aab230ef1cefd5832016f88fff800c945289339c589acc/defusedcsv-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8977acb2c9657d4fc7fe5c1261dfc793", "sha256": "ad17cd4bd85b7ac6172e7100c56e07899f41439859f02a1567b0ce5a85f864e9" }, "downloads": -1, "filename": "defusedcsv-1.1.0.tar.gz", "has_sig": false, "md5_digest": "8977acb2c9657d4fc7fe5c1261dfc793", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3059, "upload_time": "2019-09-10T10:11:54", "url": "https://files.pythonhosted.org/packages/bd/52/da3e4f4baa1b6c8d4eb6eb7f2ec664d2bb3afc3797811a3b8fef522b2c72/defusedcsv-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "51adbb059d24f187d782e3341eccc183", "sha256": "6c623b21a03a0f0ef8caa95bdd36767de0be6c96019f85cfc2646483032127e4" }, "downloads": -1, "filename": "defusedcsv-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "51adbb059d24f187d782e3341eccc183", "packagetype": "bdist_wheel", "python_version": "3.6", "requires_python": null, "size": 7542, "upload_time": "2019-09-10T10:11:57", "url": "https://files.pythonhosted.org/packages/72/eb/438ad0ea9eb0c1aab230ef1cefd5832016f88fff800c945289339c589acc/defusedcsv-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8977acb2c9657d4fc7fe5c1261dfc793", "sha256": "ad17cd4bd85b7ac6172e7100c56e07899f41439859f02a1567b0ce5a85f864e9" }, "downloads": -1, "filename": "defusedcsv-1.1.0.tar.gz", "has_sig": false, "md5_digest": "8977acb2c9657d4fc7fe5c1261dfc793", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3059, "upload_time": "2019-09-10T10:11:54", "url": "https://files.pythonhosted.org/packages/bd/52/da3e4f4baa1b6c8d4eb6eb7f2ec664d2bb3afc3797811a3b8fef522b2c72/defusedcsv-1.1.0.tar.gz" } ] }