chore: Switch to csv-safe gem to avoid csv injection (#6444)

Gemfile

@@ -39,6 +39,8 @@ gem 'rack-attack'
 gem 'down', '~> 5.0'
 # authentication type to fetch and send mail over oauth2.0
 gem 'gmail_xoauth'
+# Prevent CSV injection
+gem 'csv-safe'
 
 ##-- for active storage --##
 gem 'aws-sdk-s3', require: false

Gemfile.lock

@@ -141,6 +141,7 @@ GEM
     crack (0.4.5)
       rexml
     crass (1.0.6)
+    csv-safe (3.1.1)
     cypress-on-rails (1.13.1)
       rack
     database_cleaner (2.0.1)
@@ -752,6 +753,7 @@ DEPENDENCIES
   byebug
   climate_control
   commonmarker
+  csv-safe
   cypress-on-rails (~> 1.13, >= 1.13.1)
   database_cleaner
   ddtrace

app/views/api/v2/accounts/reports/agents.csv.erb

@@ -5,8 +5,8 @@
     I18n.t('reports.agent_csv.avg_resolution_time')
   ]
 %>
-<%= CSV.generate_line headers -%>
+<%= CSVSafe.generate_line headers -%>
 <% @report_data.each do |row| %>
-<%= CSV.generate_line row -%>
+<%= CSVSafe.generate_line row -%>
 <% end %>
-<%= CSV.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>
+<%= CSVSafe.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>

app/views/api/v2/accounts/reports/inboxes.csv.erb

@@ -6,8 +6,8 @@
     I18n.t('reports.inbox_csv.avg_resolution_time')
   ]
 %>
-<%= CSV.generate_line headers -%>
+<%= CSVSafe.generate_line headers -%>
 <% @report_data.each do |row| %>
-<%= CSV.generate_line row -%>
+<%= CSVSafe.generate_line row -%>
 <% end %>
-<%= CSV.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>
+<%= CSVSafe.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>

app/views/api/v2/accounts/reports/labels.csv.erb

@@ -5,8 +5,8 @@
     I18n.t('reports.label_csv.avg_resolution_time')
   ]
 %>
-<%= CSV.generate_line headers -%>
+<%= CSVSafe.generate_line headers -%>
 <% @report_data.each do |row| %>
-<%= CSV.generate_line row -%>
+<%= CSVSafe.generate_line row -%>
 <% end %>
-<%= CSV.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>
+<%= CSVSafe.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>

app/views/api/v2/accounts/reports/teams.csv.erb

@@ -5,8 +5,8 @@
     I18n.t('reports.team_csv.avg_resolution_time')
   ]
 %>
-<%= CSV.generate_line headers -%>
+<%= CSVSafe.generate_line headers -%>
 <% @report_data.each do |row| %>
-<%= CSV.generate_line row -%>
+<%= CSVSafe.generate_line row -%>
 <% end %>
-<%= CSV.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>
+<%= CSVSafe.generate_line [I18n.t('reports.period', since: Date.strptime(params[:since], '%s'), until: Date.strptime(params[:until], '%s'))] %>