python.lang.security.unquoted-csv-writer.unquoted-csv-writer
Verifed by r2c
Community Favorite

Author
156,288
Download Count*
License
This rule is deprecated.
Run Locally
Run in CI
Defintion
rules:
- id: unquoted-csv-writer
patterns:
- pattern: a()
- pattern: b()
message: This rule is deprecated.
metadata:
cwe:
- "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
owasp: A01:2017 - Injection
references:
- https://github.com/returntocorp/semgrep-rules/issues/2351
category: security
technology:
- python
deprecated: true
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
fix-regex:
regex: (.*)\)
replacement: \1, quoting=csv.QUOTE_ALL)
languages:
- python
severity: ERROR
Examples
unquoted-csv-writer.py
import csv
csv.writer(csvfile, delimiter=',', quotechar='"')
csv.writer(csvfile, delimiter=',', quotechar='"', quoting=csv.QUOTE_ALL)
csv.writer(csvfile, delimiter=',', quotechar='"', quoting=1)
csv.writer(csvfile, dialect='unix')
csv.writer(csvfile, dialect=csv.unix_dialect)
Short Link: https://sg.run/b7vp