patchwork icon indicating copy to clipboard operation
patchwork copied to clipboard

Published 20 hours ago verified publisher icon patched-codes

PatchWork AutoFix

Open patched-admin opened this issue 1 year ago • 0 comments

This pull request from patched fixes 3 issues.

  • File changed: patchwork/app.py
    Fix vulnerability in find_patchflow function Avoid loading modules using importlib.import_module() with untrusted input. Removed usage of importlib.import_module() and ensured only safe modules are loaded using spec_from_file_location().
  • File changed: patchwork/common/utils/step_typing.py
    Fixed vulnerability by avoiding dynamic values in importlib.import_module() Avoided dynamic values in importlib.import_module() by using a whitelist approach to prevent loading arbitrary code.
  • File changed: patchwork/common/utils/dependency.py
    Fix vulnerability in importlib.import_module() Avoid using dynamic values in importlib.import_module() by checking the name against a whitelist before importing the module.

patched-admin avatar Aug 21 '24 19:08 patched-admin