Technical Documentation

Version 1.0.0 • Last updated: 2026-01-07

Installation & SmartScreen
Security Model
Type Inference Rules
Excel Formatting

Installation & SmartScreen

SterileCSV is a portable Windows executable. No administrator rights are required.

First Run Notice: Because SterileCSV is a specialized offline tool, Microsoft Defender SmartScreen may flag it as "unrecognized". This is expected behavior for non-EV signed software.

To run: Click More info → Run anyway.

Security Model

SterileCSV prevents CSV Injection (Formula Injection) attacks by sanitizing every cell before it touches the Excel workbook.

Neutralization Rules

If a cell starts with any of the following characters, it is treated as a string and the prefix is preserved but neutralized:

= (Equals)
+ (Plus)
- (Minus)
@ (At symbol)

This ensures that malicious payloads like =cmd|' /C calc'!A0 are rendered as harmless text.

Type Inference Rules

The engine uses a deterministic multi-pass approach to infer data types while preserving crucial text data.

Numeric ID Preservation

Unlike standard Excel import, SterileCSV detects "Numeric IDs" (e.g., Zip Codes, SKUs) and forces them to be stored as Text to preserve leading zeros.

Input:  "0123456"
Excel:  123456 (Number)
Sterile: "0123456" (Text - Preserved)

Date Detection

Supported formats are automatically cast to Excel Date objects:

ISO 8601: YYYY-MM-DD
Common notations: DD/MM/YYYY, MM/DD/YYYY (Locale dependent)

Excel Formatting

The output .xlsx file is generated with professional defaults:

Frozen Header: Row 1 is frozen (Split at A2).
Auto-Width: Column widths are calculated based on the 95th percentile of content length.
Summary Sheet: A separate tab containing file statistics and a SHA-256 hash for auditability.