Security update

2025-12-16 10:02:28 +08:00 · 2024-06-09 16:03:13 +09:00 · 2024-06-09 16:03:13 +09:00 · 7c1a71c9ee
commit 7c1a71c9ee
parent 10d9b4b7f3
2 changed files with 54 additions and 1 deletions
--- a/glob/security_check.py
+++ b/glob/security_check.py
@ -0,0 +1,52 @@
+import sys
+import subprocess
+import os
+
+
+def security_check():
+    print("[START] Security scan")
+
+    custom_nodes_path = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
+
+    guide = {"ComfyUI_LLMVISION": """
+1.Remove pip packages: openai-1.16.3.dist-info, anthropic-0.21.4.dist-info, openai-1.30.2.dist-info, anthropic-0.26.1.dist-info
+2.Remove these files in your system: lib/browser/admin.py, Cadmino.py, Fadmino.py, VISION-D.exe
+3.Check your Windows registry for the key listed above and remove it.
+4.Change all of your passwords, everywhere.
+    """}
+
+    node_blacklist = {"ComfyUI_LLMVISION": "ComfyUI_LLMVISION"}
+
+    pip_blacklist = {"AppleBotzz": "ComfyUI_LLMVISION"}
+
+    installed_pips = subprocess.check_output([sys.executable, '-m', "pip", "freeze"], text=True)
+
+    detected = set()
+    for k, v in node_blacklist.items():
+        if os.path.exists(os.path.join(custom_nodes_path, k)):
+            print(f"[SECURITY ALERT] custom node '{k}' is dangerous.")
+            detected.add(v)
+
+    for k, v in pip_blacklist.items():
+        if k in installed_pips:
+            detected.add(v)
+            break
+
+    if len(detected) > 0:
+        for line in installed_pips.split('\n'):
+            for k, v in pip_blacklist.items():
+                if k in line:
+                    print(f"[SECURITY ALERT] '{line}' is dangerous.")
+
+        print("\n########################################################################")
+        print("   Malware has been detected, forcibly terminating ComfyUI execution.")
+        print("########################################################################\n")
+
+        for x in detected:
+            print(f"\n======== TARGET: {x} =========")
+            print(f"\nTODO:")
+            print(guide[x])
+
+        exit(-1)
+
+    print("[DONE] Security scan")
--- a/prestartup_script.py
+++ b/prestartup_script.py
@ -9,13 +9,14 @@ import locale
 import platform
 import json

-
 glob_path = os.path.join(os.path.dirname(__file__), "glob")
 sys.path.append(glob_path)

+import security_check
 from manager_util import *
 import cm_global

+security_check.security_check()

 cm_global.pip_downgrade_blacklist = ['torch', 'torchsde', 'torchvision', 'transformers', 'safetensors', 'kornia']