Created
March 1, 2021 13:54
-
-
Save klezVirus/9bebca0bba3db7d0e9d63e116d56289d to your computer and use it in GitHub Desktop.
Simple CSV Injection Check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import csv | |
import sys | |
import os | |
import argparse | |
def check(args): | |
csv_injection = ["=", "@", "+", "-"] | |
end = "\n [-] Finished!" | |
novuln = " No Vulnerability found." | |
found = False | |
# Checking file existence | |
if not os.path.isfile(args.file): | |
print("[-] CSV file not found") | |
sys.exit(1) | |
# Checking file extension | |
f, ext = os.path.splitext(args.file) | |
if not ext == ".csv": | |
print(" [-] Do not seem a valid CSV file") | |
if not args.ignore_erros: | |
sys.exit(1) | |
try: | |
with open(args.file, newline='') as csvfile: | |
reader = csv.reader(csvfile, delimiter=args.delimiter, quotechar=args.quote_char) | |
for row in reader: | |
for col in row: | |
if len(col) == 0: | |
continue | |
elif col[0] in csv_injection: | |
print(" [+] CSV Injection Found!") | |
print(f" [>] Injection: {col}") | |
found = True | |
print(end if found else end + novuln) | |
except: | |
print(" [-] Error parsing the file") | |
print(f" [>] Exception: {e}") | |
def getargs(): | |
parser = argparse.ArgumentParser(description='EffortCalculator: A deterministic way to scope SCR projects') | |
parser.add_argument( | |
'-d', '--delimiter', required=False, type=str, default=",", help='CSV column separator character') | |
parser.add_argument( | |
'-q', '--quote-char', required=False, type=str, default='"', help='CSV quote character') | |
parser.add_argument( | |
'-f', '--ignore-errors', required=False, action='store_true', default=False, help='Ignore errors') | |
parser.add_argument( | |
'file', help='CSV File to analyze') | |
return parser.parse_args() | |
def print_header(): | |
msg = """ | |
____________ ______ ________ __ | |
/ ____/ ___/ | / / _/ / ____/ /_ ___ _____/ /_____ _____ | |
/ / \__ \| | / // /_____/ / / __ \/ _ \/ ___/ //_/ _ \/ ___/ | |
/ /___ ___/ /| |/ // /_____/ /___/ / / / __/ /__/ ,< / __/ / | |
\____//____/ |___/___/ \____/_/ /_/\___/\___/_/|_|\___/_/ d3adc0de | |
------------------------------------------------------------------------- | |
""" | |
print(msg) | |
def main(): | |
print_header() | |
args = getargs() | |
check(args) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment