From 84d07e946c189d5713f507d094ea7360cd9b8192 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Mon, 11 Sep 2023 15:45:32 +0530 Subject: [PATCH 1/2] fix: sanitized entries before writing them to file --- .../src/util/index.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/contentstack-export-to-csv/src/util/index.js b/packages/contentstack-export-to-csv/src/util/index.js index 73a232f0dc..daeee46058 100644 --- a/packages/contentstack-export-to-csv/src/util/index.js +++ b/packages/contentstack-export-to-csv/src/util/index.js @@ -371,6 +371,22 @@ function exitProgram() { process.exit(); } +function sanitizeEntries(flatEntry) { + // sanitize against CSV Injections + const CSVRegex = /^[\\+\\=@\\-]/ + for (key in flatEntry) { + if (typeof flatEntry[key] === 'string' && flatEntry[key].match(CSVRegex)) { + flatEntry[key] = flatEntry[key].replace(/\"/g, "\"\""); + flatEntry[key] = `"'${flatEntry[key]}"` + } else if (typeof flatEntry[key] === 'object') { + // convert any objects or arrays to string + // to store this data correctly in csv + flatEntry[key] = JSON.stringify(flatEntry[key]); + } + } + return flatEntry; +} + function cleanEntries(entries, language, environments, contentTypeUid) { const filteredEntries = entries.filter((entry) => { return entry['locale'] === language; @@ -393,6 +409,7 @@ function cleanEntries(entries, language, environments, contentTypeUid) { } } entry = flatten(entry); + entry = sanitizeEntries(entry); entry['publish_details'] = envArr; entry['_workflow'] = workflow; entry['ACL'] = JSON.stringify({}); // setting ACL to empty obj @@ -409,7 +426,6 @@ function cleanEntries(entries, language, environments, contentTypeUid) { delete entry.publishRequest; return entry; }); - console.log(filteredEntries.length); } function getDateTime() { From 0344fac02a4b9645548e6cbd3ece175a9364dbe5 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Mon, 11 Sep 2023 15:48:05 +0530 Subject: [PATCH 2/2] fix: updated package.json and lock files --- package-lock.json | 6 +++--- packages/contentstack-export-to-csv/package.json | 2 +- packages/contentstack/package.json | 2 +- pnpm-lock.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index e382f98027..2172dd5314 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20307,7 +20307,7 @@ "@contentstack/cli-cm-bulk-publish": "~1.3.11", "@contentstack/cli-cm-clone": "~1.4.16", "@contentstack/cli-cm-export": "~1.8.1", - "@contentstack/cli-cm-export-to-csv": "~1.4.1", + "@contentstack/cli-cm-export-to-csv": "~1.4.2", "@contentstack/cli-cm-import": "~1.8.3", "@contentstack/cli-cm-migrate-rte": "~1.4.11", "@contentstack/cli-cm-seed": "~1.4.15", @@ -21072,7 +21072,7 @@ }, "packages/contentstack-export-to-csv": { "name": "@contentstack/cli-cm-export-to-csv", - "version": "1.4.1", + "version": "1.4.2", "license": "MIT", "dependencies": { "@contentstack/cli-command": "~1.2.12", @@ -23721,7 +23721,7 @@ "@contentstack/cli-cm-bulk-publish": "~1.3.11", "@contentstack/cli-cm-clone": "~1.4.16", "@contentstack/cli-cm-export": "~1.8.1", - "@contentstack/cli-cm-export-to-csv": "~1.4.1", + "@contentstack/cli-cm-export-to-csv": "~1.4.2", "@contentstack/cli-cm-import": "~1.8.3", "@contentstack/cli-cm-migrate-rte": "~1.4.11", "@contentstack/cli-cm-seed": "~1.4.15", diff --git a/packages/contentstack-export-to-csv/package.json b/packages/contentstack-export-to-csv/package.json index 082157f604..a18250c162 100644 --- a/packages/contentstack-export-to-csv/package.json +++ b/packages/contentstack-export-to-csv/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-export-to-csv", "description": "Export entities to csv", - "version": "1.4.1", + "version": "1.4.2", "author": "Abhinav Gupta @abhinav-from-contentstack", "bugs": "https://github.com/contentstack/cli/issues", "dependencies": { diff --git a/packages/contentstack/package.json b/packages/contentstack/package.json index 558b60b6fe..9fc2859112 100755 --- a/packages/contentstack/package.json +++ b/packages/contentstack/package.json @@ -27,7 +27,7 @@ "@contentstack/cli-cm-bulk-publish": "~1.3.11", "@contentstack/cli-cm-clone": "~1.4.16", "@contentstack/cli-cm-export": "~1.8.1", - "@contentstack/cli-cm-export-to-csv": "~1.4.1", + "@contentstack/cli-cm-export-to-csv": "~1.4.2", "@contentstack/cli-cm-import": "~1.8.3", "@contentstack/cli-cm-migrate-rte": "~1.4.11", "@contentstack/cli-cm-seed": "~1.4.15", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6b5dfb1c31..acf4bfd90d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -16,7 +16,7 @@ importers: '@contentstack/cli-cm-bulk-publish': ~1.3.11 '@contentstack/cli-cm-clone': ~1.4.16 '@contentstack/cli-cm-export': ~1.8.1 - '@contentstack/cli-cm-export-to-csv': ~1.4.1 + '@contentstack/cli-cm-export-to-csv': ~1.4.2 '@contentstack/cli-cm-import': ~1.8.3 '@contentstack/cli-cm-migrate-rte': ~1.4.11 '@contentstack/cli-cm-seed': ~1.4.15