fix: ensure csv log export is encoded safely

bitfocus · Aug 10, 2023 · 91d1590 · 91d1590
1 parent a71bc56
commit 91d1590
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/lib/Data/ImportExport.js b/lib/Data/ImportExport.js
@@ -29,6 +29,7 @@ import { nanoid } from 'nanoid'
 import { VisitorReferencesUpdater } from '../Util/Visitors/ReferencesUpdater.js'
 import path from 'path'
 import fs from 'fs'
+import { stringify as csvStringify } from 'csv-stringify/sync'
 
 /**
  * Default buttons on fresh pages
@@ -264,13 +265,12 @@ class DataImportExport extends CoreBase {
 				'Content-Disposition': `attachment; filename="${filename}"`,
 			})
 
-			let out = `"Date","Module","Type","Log"\r\n`
+			const csvOut = csvStringify([
+				['Date', 'Module', 'Type', 'Log'],
+				...logs.map((line) => [new Date(line.time).toISOString(), line.source, line.level, line.message]),
+			])
 
-			for (const line of logs) {
-				out += `${new Date(line.time).toISOString()},"${line.source}","${line.level}","${line.message}"\r\n`
-			}
-
-			res.end(out)
+			res.end(csvOut)
 		})
 
 		this.registry.api_router.get('/export/support', (req, res, next) => {

diff --git a/package.json b/package.json
@@ -64,6 +64,7 @@
 		"body-parser": "^1.20.2",
 		"bufferutil": "^4.0.7",
 		"commander": "^10.0.1",
+		"csv-stringify": "^6.4.0",
 		"debounce-fn": "^5.1.2",
 		"ejson": "^2.2.3",
 		"emberplus-connection": "^0.1.2",

diff --git a/yarn.lock b/yarn.lock
@@ -2292,6 +2292,11 @@ cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+csv-stringify@^6.4.0:
+  version "6.4.0"
+  resolved "https://registry.yarnpkg.com/csv-stringify/-/csv-stringify-6.4.0.tgz#6d006dca9194700e44f9fbc541bee8bbbd4f459c"
+  integrity sha512-HQsw0QXiN5fdlO+R8/JzCZnR3Fqp8E87YVnhHlaPtNGJjt6ffbV0LpOkieIb1x6V1+xt878IYq77SpXHWAqKkA==
+
 data-uri-to-buffer@^4.0.0:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz#d8feb2b2881e6a4f58c2e08acfd0e2834e26222e"