Skip to content

PatchWork AutoFix #1553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
patched-admin wants to merge 14 commits into
base: main
Choose a base branch
from
Open

PatchWork AutoFix #1553

patched-admin wants to merge 14 commits into from

Conversation

@patched-admin
Copy link
Contributor

@patched-admin patched-admin commented Mar 25, 2025
edited
Loading

This pull request from patched fixes 6 issues.

  • File changed: patchwork/common/tools/csvkit_tool.py
    Use parameterized queries to prevent SQL injection Replaced the string concatenation for SQL queries with parameterized queries to prevent SQL injection risks.
  • File changed: patchwork/common/utils/step_typing.py
    Add whitelist for trusted modules in importlib.import_module usage The code now includes a whitelist of trusted module paths, ensuring that only modules from this list can be imported, preventing potential execution of untrusted code.
  • File changed: patchwork/app.py
    Implement whitelist for module imports to prevent arbitrary code execution. Introduced a whitelist to validate and allow only trusted module names for dynamic imports using importlib.import_module() to mitigate the vulnerability of loading arbitrary code.
  • File changed: patchwork/common/tools/bash_tool.py
    Remove use of shell=True in subprocess.run for BashTool. The subprocess.run call was modified to remove shell=True for the execution of bash commands. The command is now split into a list to safely pass arguments without using a shell.
  • File changed: patchwork/steps/CallShell/CallShell.py
    Fix subprocess.run vulnerability by removing shell=True Replaced shell=True with shell=False in subprocess.run and used shlex.split to safely handle command arguments.
  • File changed: patchwork/common/utils/dependency.py
    Implement whitelist for importlib.import_module() to prevent arbitrary code execution. The import process now checks against a predefined list of allowed modules, effectively whitelisting them and preventing the import of arbitrary modules.

@github-actions github-actions bot force-pushed the autofix-browser_use_refactoring branch from 66694bd to b1243af Compare March 26, 2025 02:15
@whoisarpit whoisarpit force-pushed the browser_use_refactoring branch from 13cfd64 to 3a8641d Compare March 26, 2025 04:26
@github-actions github-actions bot force-pushed the autofix-browser_use_refactoring branch from b1243af to c971d7e Compare March 26, 2025 04:29
@github-actions github-actions bot force-pushed the autofix-browser_use_refactoring branch from c971d7e to bfcae11 Compare March 26, 2025 05:15
Base automatically changed from browser_use_refactoring to main March 26, 2025 05:16
@github-actions github-actions bot force-pushed the autofix-browser_use_refactoring branch from bfcae11 to 24c33f8 Compare March 26, 2025 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@patched-admin @whoisarpit @CTY-git