fix: race conditions in lock pop, CSV formula injection, serialize_finding None leak, consolidate plans, update docs

2026-05-11 22:31:41 +03:00
parent 3f44de1d98
commit 56786c7aef
11 changed files with 251 additions and 488 deletions
--- a/guarddog_nexus/routes/api_scans.py
+++ b/guarddog_nexus/routes/api_scans.py
@@ -21,6 +21,13 @@ from ..db.models import Scan
 from ..db.queries import build_scan_list_query, get_dashboard_stats
 from ..schemas import ScanDetailOut, ScanListResponse, StatsResponse, serialize_finding

+
+def _csv_safe(value: str) -> str:
+    if value and value[0] in "=+-@":
+        return "'" + value
+    return value
+
+
 router = APIRouter(prefix="/api/v1/scans", tags=["scans"])


@@ -112,8 +119,8 @@ async def export_scans_csv(
        writer.writerow(
            [
                s.id,
-                s.package_name,
-                s.package_version,
+                _csv_safe(s.package_name),
+                _csv_safe(s.package_version),
                s.ecosystem,
                s.repository,
                s.status,
@@ -121,7 +128,7 @@ async def export_scans_csv(
                s.flagged,
                s.started_at.isoformat() if s.started_at else "",
                s.finished_at.isoformat() if s.finished_at else "",
-                s.error_message or "",
+                _csv_safe(s.error_message or ""),
                s.sha256 or "",
            ]
        )