* File changed: [patchwork/app.py](https://github.com/patched-codes/patchwork/pull/707/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503)Fix vulnerability loading arbitrary code via importlib.import_module() Avoid using untrusted user input directly in importlib.import_module() by using spec_from_loader().
* File changed: [patchwork/common/utils/step_typing.py](https://github.com/patched-codes/patchwork/pull/707/files#diff-4490efb269fda5b75b1edc5f5fa275d34675bca1ffbb22e06829384e562205ff)Fix vulnerability by avoiding dynamic values in `importlib.import_module()` Avoid dynamic values in `importlib.import_module()` by hardcoding the module path and adding a whitelist to prevent running untrusted code.
* File changed: [patchwork/common/utils/dependency.py](https://github.com/patched-codes/patchwork/pull/707/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6)Fix untrusted user input vulnerability in importlib.import_module() Avoid using dynamic user input directly in the importlib.import_module() function by first checking if the input is a valid key in the __DEPENDENCY_GROUPS dictionary before importing the module.
This pull request from patched fixes 3 issues.
Fix vulnerability loading arbitrary code via importlib.import_module()
Avoid using untrusted user input directly in importlib.import_module() by using spec_from_loader().Fix vulnerability by avoiding dynamic values in `importlib.import_module()`
Avoid dynamic values in `importlib.import_module()` by hardcoding the module path and adding a whitelist to prevent running untrusted code.Fix untrusted user input vulnerability in importlib.import_module()
Avoid using dynamic user input directly in the importlib.import_module() function by first checking if the input is a valid key in the __DEPENDENCY_GROUPS dictionary before importing the module.