[Improvement] Fix the git url command injection in pytorch task(#15873) (#15950)

* fix the git url command injection danger(#15873)

* [Improvement] Fix the git url command injection in pytorch,format code style task(#15873)

---------

Co-authored-by: cntigers <Xiaohu4321@>
Co-authored-by: Rick Cheng <rickchengx@gmail.com>

dolphinscheduler-task-plugin/dolphinscheduler-task-pytorch/src/main/java/org/apache/dolphinscheduler/plugin/task/pytorch/GitProjectManager.java

@@ -33,12 +33,12 @@ import lombok.extern.slf4j.Slf4j;
 public class GitProjectManager {
 
     public static final String GIT_PATH_LOCAL = "GIT_PROJECT";
-    private static final Pattern GIT_CHECK_PATTERN = Pattern.compile("^(git@|https?://)");
+    private static final Pattern GIT_CHECK_PATTERN = Pattern.compile("^(git@|https?://)(?![&|])[^&|]+$");
     private String path;
     private String baseDir = ".";
 
     public static boolean isGitPath(String path) {
-        return GIT_CHECK_PATTERN.matcher(path).find();
+        return GIT_CHECK_PATTERN.matcher(path).matches();
     }
 
     public void prepareProject() throws Exception {

dolphinscheduler-task-plugin/dolphinscheduler-task-pytorch/src/test/java/org/apache/dolphinscheduler/plugin/task/pytorch/PytorchTaskTest.java

@@ -72,6 +72,12 @@ public class PytorchTaskTest {
 
     }
 
+    @Test
+    public void testGitProjectUrlInjection() {
+        Assertions.assertFalse(GitProjectManager.isGitPath("git@& cat /etc/passwd >/poc.txt #"));
+        Assertions.assertFalse(GitProjectManager.isGitPath("git@| cat /etc/passwd >/poc.txt #"));
+    }
+
     @Test
     public void testGitProject() {