Fix command injection issue in bigdl_aa.py (intel-analytics#9741)

ppml/tdx/docker/trusted-bigdl-llm/finetune/docker/bigdl_aa.py

@@ -5,6 +5,7 @@
 import base64
 import requests
 import subprocess
+import shlex
 
 app = Flask(__name__)
 
@@ -32,7 +33,7 @@ def get_cluster_quote_list():
     except Exception as e:
         quote_list.append("launcher", "quote generation failed: %s" % (e))
 
-    command = "sudo -u mpiuser -E bash /ppml/get_worker_quote.sh %s" % (user_report_data)
+    command = "sudo -u mpiuser -E bash /ppml/get_worker_quote.sh %s" % (shlex.quote(user_report_data))
     output = subprocess.check_output(command, shell=True)
 
     with open("/ppml/output/quote.log", "r") as quote_file: