Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix export formatted csv data with special characters from tables #7048

Merged
merged 9 commits into from
Oct 2, 2024
Merged

Fix export formatted csv data with special characters from tables #7048

merged 9 commits into from
Oct 2, 2024

Conversation

Machi3mfl
Copy link
Member

@Machi3mfl Machi3mfl commented Oct 1, 2024
edited
Loading

Description

This PR, adds the data sanitation for the export data.

Resolves #7030

Tests

Preconditions

Add data to the vulnerabilities index with the following data:

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

dsadsa
newline

To do this, we need to edit the Python injector script

Screenshot 2024-10-02 at 8 33 25 AM

Screenshot 2024-10-02 at 9 05 32 AM

Steps

  • Go to the Vulnerability Detection > Inventory tab
  • Check if the data with the special characters are shown
  • Click con Export formatted button
  • Open the CSV downloaded in excel
  • Check if the columns were correctly formatted.

Before

Screenshot 2024-10-02 at 8 37 56 AM

After

Screenshot 2024-10-02 at 8 37 13 AM
Screen.Recording.2024-10-02.at.8.25.44.AM.mov

Check List

  • All tests pass
    • yarn test:jest
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@Machi3mfl Machi3mfl changed the title Sanitize CSV data on export Fix export formatted data (CSV) Oct 2, 2024
@Machi3mfl Machi3mfl changed the title Fix export formatted data (CSV) Fix export formatted csv data Oct 2, 2024
@Machi3mfl Machi3mfl changed the title Fix export formatted csv data Fix export formatted csv data from tables Oct 2, 2024
@Machi3mfl Machi3mfl changed the title Fix export formatted csv data from tables Fix export formatted csv data from tables with special characters Oct 2, 2024
@Machi3mfl Machi3mfl changed the title Fix export formatted csv data from tables with special characters Fix export formatted csv data with special characters from tables Oct 2, 2024
@Machi3mfl Machi3mfl linked an issue Oct 2, 2024 that may be closed by this pull request
Export to CSV feature doesn't sanitize values #7030
Closed
@Machi3mfl Machi3mfl marked this pull request as ready for review October 2, 2024 12:11
asteriscos
asteriscos approved these changes Oct 2, 2024
View reviewed changes
Copy link
Member

@asteriscos asteriscos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: 🟢
Test: 🟢

image

image

Tostti
Tostti approved these changes Oct 2, 2024
View reviewed changes
Copy link
Member

@Tostti Tostti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test 🟢
image

CR 🟢

LGTM

@asteriscos asteriscos merged commit 8b18817 into 4.10.0 Oct 2, 2024
5 checks passed
@asteriscos asteriscos deleted the bug/7030-sanitize-csv-data-on-export branch October 2, 2024 17:09
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2024

Wazuh Core plugin code coverage (Jest) test % values
Statements 45.5% ( 400 / 879 )
Branches 41.09% ( 157 / 382 )
Functions 43.87% ( 136 / 310 )
Lines 45.69% ( 398 / 871 )

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2024

Wazuh Check Updates plugin code coverage (Jest) test % values
Statements 76.44% ( 172 / 225 )
Branches 58.65% ( 61 / 104 )
Functions 61.7% ( 29 / 47 )
Lines 76.44% ( 172 / 225 )

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2024

Main plugin code coverage (Jest) test % values
Statements 14.09% ( 4177 / 29637 )
Branches 9.22% ( 1779 / 19293 )
Functions 13.74% ( 985 / 7166 )
Lines 14.28% ( 4075 / 28523 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asteriscos asteriscos asteriscos approved these changes

@Tostti Tostti Tostti approved these changes

Assignees

@Machi3mfl Machi3mfl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Export to CSV feature doesn't sanitize values
3 participants
@Machi3mfl @asteriscos @Tostti