Patch1

Summary by Bito

This PR addresses critical security vulnerabilities, performance inefficiencies, and data access layer bugs while establishing repository-level code review standards. The changes include fixing a command injection vulnerability in file-handler.js, removing performance bottlenecks, correcting class naming conventions and HQL queries in the data access layer, and introducing a comprehensive Bito configuration file for automated code reviews.

Detailed Changes

• Fixes command injection vulnerability in file-handler.js by replacing exec() with execFile() and removing unsanitized command string concatenation, preventing arbitrary command execution through user input.
• Removes unnecessary nested loop in findLargeFiles() method in file-handler.js, improving performance from O(n²) to O(n) complexity.
• Corrects class naming convention from cartProductDao to CartProductDao in cartProductDao.java to follow Java naming standards, which may require updates to dependent classes.
• Fixes HQL query in getCartProducts() method from 'from CART_PRODUCT' to 'from CartProduct' to use correct entity name and prevent query failures.
• Adds .bito.yaml configuration file enabling repository-level code review settings including dependency checking, linting, secret scanning, and static analysis.