Merge "Sanitize data for CSV generation"

2024-05-01 16:15:17 +00:00 · 2024-05-01 16:15:17 +00:00 · 058815d1f5
commit 058815d1f5
parent 64eddcd3f5 c6bba842af
2 changed files with 6 additions and 3 deletions
--- a/horizon/utils/csvbase.py
+++ b/horizon/utils/csvbase.py
@ -57,7 +57,10 @@ class CsvDataMixin(object):
            self.writer.writerow([self.encode(col) for col in args])

    def encode(self, value):
-        return str(value)
+        data = str(value)
+        if data and data[0] in ('=', '+', '-', '@', chr(9), chr(13)):
+            return "'" + data
+        return data


 class BaseCsvResponse(CsvDataMixin, HttpResponse):
--- a/openstack_dashboard/dashboards/identity/projects/tests.py
+++ b/openstack_dashboard/dashboards/identity/projects/tests.py
@ -1227,10 +1227,10 @@ class UsageViewTests(test.BaseAdminViewTests):
        hdr = ('"Instance Name","VCPUs","RAM (MB)","Disk (GB)",'
               '"Usage (Hours)","Age (Seconds)","State"')
        self.assertContains(res, '%s\r\n' % hdr)
-        usage_1_quoted = ('"=cmd|\' /C calc\'!A0","1","512","0","122.87",'
+        usage_1_quoted = ('"\'=cmd|\' /C calc\'!A0","1","512","0","122.87",'
                          '"442321","Active"')
        self.assertContains(res, '%s\r\n' % usage_1_quoted)
-        usage_2_quoted = ('"=cmd|\' /C calc\'!A0","1","512","0","2.61",'
+        usage_2_quoted = ('"\'=cmd|\' /C calc\'!A0","1","512","0","2.61",'
                          '"9367","Active"')
        self.assertContains(res, '%s\r\n' % usage_2_quoted)