Data Migration: Add CSV Round-Trip and Injection-Safety Tests for export_to_csv / import_goals_from_csv

[Menjay7]

Summary

Add comprehensive test coverage for CSV export and import workflows by validating round-trip data integrity and protecting against CSV formula injection vulnerabilities.

These tests ensure goal data can be exported and re-imported without loss of information while guaranteeing that potentially dangerous spreadsheet formulas are safely handled.

Problem

Current migration tests do not fully verify CSV interoperability and security:

Exported goal data is not validated through an end-to-end import/export cycle.
Data fidelity across CSV serialization and deserialization is untested.
CSV formula injection scenarios are not explicitly covered.
Spreadsheet applications may interpret malicious cell values as executable formulas.
Future changes could introduce data corruption or weaken CSV safety guarantees.
Solution

Introduce dedicated tests for:

CSV round-trip integrity
CSV formula injection safety
Test Coverage
CSV Round-Trip Tests

Verify that exported goals can be imported back into the system without altering their contents.

Goals
↓
export_to_csv()
↓
CSV Document
↓
import_goals_from_csv()
↓
Restored Goals

Result:
✓ Same record count
✓ Same field values
✓ Same ordering
✓ No data loss
Fields Verified
Goal identifiers
Titles and descriptions
Status values
Priority metadata
Creation and update timestamps
Optional and nullable fields
Unicode and special-character content
Injection-Safety Tests

Verify that dangerous spreadsheet formulas are safely exported and imported.

Potentially Dangerous Inputs
=SUM(A1:A2)
=HYPERLINK("https://example.com")
+CMD|' /C calc'!A0
-2+3
@sum(A1:A2)
Expected Behavior
'=SUM(A1:A2)
'+CMD|' /C calc'!A0
'@sum(A1:A2)

Result:

Spreadsheet applications treat values as plain text.
No formulas are executed.
Imported values remain safe and deterministic.
Implementation Details

Added tests that:

Create representative goal fixtures.
Export goals using export_to_csv.
Re-import data via import_goals_from_csv.
Assert deep equality between original and restored goals.
Generate malicious formula-like payloads.
Verify exported CSV sanitization rules.
Ensure imported values preserve safe text semantics.
Edge Cases Covered
Round-Trip
Empty goal collections
Single goal export/import
Large datasets
Missing optional fields
Embedded commas, quotes, and newlines
Unicode and multilingual text
Extremely long field values
Injection Safety
Cells beginning with =
Cells beginning with +
Cells beginning with -
Cells beginning with @
Formula payloads containing commands and hyperlinks
Injection attempts embedded within quoted values
Example Assertions
assert_eq!(imported_goals, original_goals);

assert!(exported_csv.contains("'=SUM(A1:A2)"));
assert!(exported_csv.contains("'+CMD|' /C calc'!A0"));
Testing Benefits
Ensures CSV serialization and deserialization are lossless.
Protects users opening exports in spreadsheet software.
Prevents regressions in CSV handling logic.
Guarantees consistent import/export behavior across datasets.
Strengthens data migration security and interoperability.
Breaking Changes

None.

This PR adds automated test coverage only and does not modify the runtime behavior of CSV import or export implementations.closed #732

[Baskarayelu]

your CSV round-trip + injection-safety tests landed cleanly on top of the migration work. the commas/quotes-in-names cases are exactly the inputs that break naive CSV handling. merged 👍