PatchWork AutoFix

[patched-admin]

This pull request from patched fixes 6 issues.

---

• File changed: patchwork/common/tools/csvkit_tool.py
  Use parameterized queries to prevent SQL injection vulnerability

  Replaced the formatted SQL query with a parameterized query to avoid SQL injection risks by using SQLite's parameter substitution feature.

• File changed: patchwork/common/utils/step_typing.py
  Add module path whitelist for secure importation

  Introduced a whitelist to validate the module path before using it in importlib.import_module() to prevent importing unauthorized modules.

• File changed: patchwork/app.py
  Implement whitelist for module imports to prevent arbitrary code execution

  The dynamic import through importlib.import_module() has been restricted by implementing a whitelist to restrict module imports, preventing execution of untrusted code.

• File changed: patchwork/common/tools/bash_tool.py
  Fix security vulnerability by setting shell to False in subprocess.run

  Modified subprocess.run to set shell=False and split the command string to a list to avoid shell injection vulnerabilities.

• File changed: patchwork/steps/CallShell/CallShell.py
  Replace subprocess.run shell=True with shell=False for security

  Modified subprocess.run to use shell=False and split the script into a list of arguments to prevent shell injection attacks.

• File changed: patchwork/common/utils/dependency.py
  Add whitelist validation to prevent arbitrary code loading in import_with_dependency_group

  Implemented a whitelist mechanism to validate module names before importing, preventing untrusted code from being loaded in import_with_dependency_group.