wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2025-12-16 10:02:28 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Security update

Browse Source
This commit is contained in:
Dr.Lt.Data 2024-06-09 16:03:13 +09:00
parent 10d9b4b7f3
commit 7c1a71c9ee
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
glob/security_check.py Normal file
View File

@ -0,0 +1,52 @@
import sys
import subprocess
import os
def security_check():
print("[START] Security scan")
custom_nodes_path = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
guide = {"ComfyUI_LLMVISION": """
1.Remove pip packages: openai-1.16.3.dist-info, anthropic-0.21.4.dist-info, openai-1.30.2.dist-info, anthropic-0.26.1.dist-info
2.Remove these files in your system: lib/browser/admin.py, Cadmino.py, Fadmino.py, VISION-D.exe
3.Check your Windows registry for the key listed above and remove it.
4.Change all of your passwords, everywhere.
"""}
node_blacklist = {"ComfyUI_LLMVISION": "ComfyUI_LLMVISION"}
pip_blacklist = {"AppleBotzz": "ComfyUI_LLMVISION"}
installed_pips = subprocess.check_output([sys.executable, '-m', "pip", "freeze"], text=True)
detected = set()
for k, v in node_blacklist.items():
if os.path.exists(os.path.join(custom_nodes_path, k)):
print(f"[SECURITY ALERT] custom node '{k}' is dangerous.")
detected.add(v)
for k, v in pip_blacklist.items():
if k in installed_pips:
detected.add(v)
break
if len(detected) > 0:
for line in installed_pips.split('\n'):
for k, v in pip_blacklist.items():
if k in line:
print(f"[SECURITY ALERT] '{line}' is dangerous.")
print("\n########################################################################")
print(" Malware has been detected, forcibly terminating ComfyUI execution.")
print("########################################################################\n")
for x in detected:
print(f"\n======== TARGET: {x} =========")
print(f"\nTODO:")
print(guide[x])
exit(-1)
print("[DONE] Security scan")

3
prestartup_script.py
View File

@ -9,13 +9,14 @@ import locale
import platform import platform
import json import json
glob_path = os.path.join(os.path.dirname(__file__), "glob") glob_path = os.path.join(os.path.dirname(__file__), "glob")
sys.path.append(glob_path) sys.path.append(glob_path)
import security_check
from manager_util import * from manager_util import *
import cm_global import cm_global
security_check.security_check()
cm_global.pip_downgrade_blacklist = ['torch', 'torchsde', 'torchvision', 'transformers', 'safetensors', 'kornia'] cm_global.pip_downgrade_blacklist = ['torch', 'torchsde', 'torchvision', 'transformers', 'safetensors', 'kornia']