[Bug]: CSV Import can corrupt the database by saving invalid entries

[Shazib]

Verified issue does not already exist?

• [X] I have searched and found no existing issue

What happened?

Originally impacted a user on fly.io, discord support thread here

Importing a CSV with an invalid (huge?) number, corrupts the database, and makes actual fail to load subsequently.

Reproduce by importing the following as a CSV:

Post Date,Description,Category,Reference Number,Amount
7/22/2023,BACKERKIT.COM GLOOMHAV   PACIFIC GROVECA,Miscellaneous General Merchandise Stores,8271116503061807,-15.00

Result: "Fatal Erro" app fails to load permanantly.

Notes:

The parsing logic strips out evertything that isn't a digit with regex and has its own implementation of safeNumber?

https://github.com/actualbudget/actual/blob/master/packages/loot-core/src/shared/util.ts#L327-L353

The CSV Parser should possibly also validate that each row has the same number of columns, as the CSV had comma's in the content body.

What error did you receive?

Where are you hosting Actual?

Fly.io

What browsers are you seeing the problem on?

Firefox

Operating System

Windows 11