Input validation missing on import csv functionality #554
Assignees
Labels
enhancement
New feature or request
good first issue
Good for newcomers
GSOC
this feature is a potential Google Summer of Code candidate
Comments
filipposfwt
changed the title
northdpole
added
enhancement
|
Hi ,@northdpole , @filipposfwt I have reviewed the issue and identified the missing input validation in the CSV import functionality. I plan to implement validation checks for headers, data formats, and security measures (such as preventing CSV injection). I will also ensure proper error handling and testing before submitting a fix. Please assign this issue to me so I can start working on it. Let me know if you have any specific requirements or suggestions. Thanks! |
|
@Hardik301002 just assigned |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue
When importing a new standard, no validation is performed on the imported csv file, a generic non-descriptive "500 - Internal Server Error" is returned or new CREs are wrongfully injected.
More specifically, in the outlined case, if the format of "CRE 0" column is XX-XXX| instead of XXX-XXX|, a non-descriptive error is returned. Also, I noticed that if in the "<standard_name>|name" column the requirement's text is enclosed between three double quotes '"""', the csv is treated as valid and the whole row is entered as a new root CRE.
The text was updated successfully, but these errors were encountered: