PatchWork AutoFix

[patched-admin]

This pull request from patched fixes 6 issues.

---

• File changed: patchwork/common/tools/csvkit_tool.py
  Refactor to use parameterized queries with sqlite3 to prevent SQL injection

  Replaced potential SQL injection vulnerabilities by using parameterized queries with the sqlite3 library.

• File changed: patchwork/common/utils/step_typing.py
  Add whitelist check for importlib.import_module usage

  The code now includes a whitelist of allowed modules for dynamic imports using importlib.import_module to prevent loading of arbitrary code based on untrusted user input.

• File changed: patchwork/app.py
  Implement module path whitelist to secure importlib.import_module usage

  Added a whitelist to restrict module paths that can be passed to importlib.import_module to mitigate risk of loading arbitrary, untrusted code. This ensures that only trusted modules are loaded.

• File changed: patchwork/common/tools/bash_tool.py
  Refactor subprocess.run to eliminate shell injection vulnerability

  Replaced the use of subprocess.run with shell=True to a safer alternative using shell=False while ensuring the command is executed using a list format for compatibility with shell=False.

• File changed: patchwork/steps/CallShell/CallShell.py
  Remove shell=True to prevent shell injection vulnerability

  Updated the subprocess.run method to use shell=False and split the script into a parts list using shlex.split for safer command execution.

• File changed: patchwork/common/utils/dependency.py
  Add input validation for importlib.import_module() to prevent arbitrary code execution

  Implemented a whitelist approach where only modules specified within a predefined list are allowed to be imported using importlib.import_module().