PatchWork AutoFix

[patched-admin]

This pull request from patched fixes 6 issues.

---

• File changed: patchwork/common/tools/csvkit_tool.py
  Switch to parameterized queries to prevent SQL injection

  Replaced formatted SQL query with a parameterized query using ? placeholder to prevent SQL injection vulnerabilities.

• File changed: patchwork/common/utils/step_typing.py
  Add module whitelist validation for importlib.import_module usage.

  Implemented a whitelist to restrict the use of importlib.import_module to only trusted modules by verifying module names against the whitelist.

• File changed: patchwork/app.py
  Implement whitelist for importlib.import_module to prevent loading arbitrary modules.

  Added a whitelist to validate that the module path is one of the predetermined allowed modules before importing with importlib.import_module().

• File changed: patchwork/common/tools/bash_tool.py
  Remove shell=True from subprocess.run for security

  Changed subprocess.run to use shell=False to enhance security by preventing the execution of arbitrary shell commands through the command parameter.

• File changed: patchwork/steps/CallShell/CallShell.py
  Remove shell=True from subprocess.run to improve security

  Changed the 'subprocess.run' call to use 'shell=False' and split the command string into a list using 'shlex.split' for safer execution.

• File changed: patchwork/common/utils/dependency.py
  Fix unsafe dynamic import by implementing a whitelist for allowed modules.

  Implemented a whitelist to restrict importlib.import_module() to only import modules specified in predefined dependency groups, thereby preventing the import of arbitrary modules.