shell injection vulnerability using the .graphml file in the mkconcore.py (security vulnerability)

[GREENRAT-K405]

the script constructs shell commands by concatenating strings directly from the GraphML file (which is user input).

here is where vulnerability lies:
frun.write('(cd "' + containername + '"; ...'). If a user names a node Node1"; rm -rf /; echo ", it could execute malicious commands.

my proposed solution:
Use the shlex module (inbuilt lightweigh python modules) to sanitize inputs before writing them to the batch/shell scripts/

An obvious question that can come to the mind->we are just using concore offline to run the simulation, so why should you care about the security?

• we don't write all our graphml files from scratch; we share them
• I noticed that mkconcore.py hardcodes sudo into the scripts it generate

[GREENRAT-K405]

@pradeeban will love to solve this problem and also, I will check other files as well so as to not get similar security vulnerability.