PatchWork AutoFix

[patched-admin]

This pull request from patched fixes 6 issues.

---

• File changed: patchwork/common/tools/csvkit_tool.py
  Use parameterized queries to prevent SQL Injection

  Replaced formatted SQL queries using string concatenation with parameterized queries to prevent SQL Injection vulnerabilities.

• File changed: patchwork/common/utils/step_typing.py
  Implement module whitelist for importlib.import_module to prevent untrusted code execution

  A whitelist of approved modules is used to control which modules can be dynamically imported using importlib.import_module. This helps prevent loading arbitrary code from untrusted sources.

• File changed: patchwork/app.py
  Implement whitelist validation for module imports to prevent execution of untrusted code.

  Added a whitelist of allowed module names to ensure that only trusted modules can be imported dynamically, reducing the risk of executing arbitrary code.

• File changed: patchwork/common/tools/bash_tool.py
  Use subprocess.run with shell=False for security

  Updated subprocess.run to use shell=False and split the command string into a list to prevent shell injection vulnerabilities.

• File changed: patchwork/steps/CallShell/CallShell.py
  Remove usage of 'shell=True' in subprocess.run for better security

  The code now uses 'shlex.split' to convert the script string into a list of arguments which obviates the need for 'shell=True'. This change reduces the risk of shell injection vulnerabilities.

• File changed: patchwork/common/utils/dependency.py
  Implement whitelist for import_module to prevent arbitrary code execution

  A whitelist has been implemented to restrict importlib.import_module() to only import modules that are predefined in the __DEPENDENCY_GROUPS dictionary, thereby preventing arbitrary code execution.