wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2025-12-24 22:00:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
manager-cacheless
ComfyUI-Manager/docs/SECURITY_ENHANCED_INSTALLATION.md
Dr.Lt.Data 43647249cf refactor: remove package-level caching to support dynamic installation 
Remove package-level caching in cnr_utils and node_package modules to enable
proper dynamic custom node installation and version switching without ComfyUI
server restarts.

Key Changes:
- Remove @lru_cache decorators from version-sensitive functions
- Remove cached_property from NodePackage for dynamic state updates
- Add comprehensive test suite with parallel execution support
- Implement version switching tests (CNR ↔ Nightly)
- Add case sensitivity integration tests
- Improve error handling and logging

API Priority Rules (manager_core.py:1801):
- Enabled-Priority: Show only enabled version when both exist
- CNR-Priority: Show only CNR when both CNR and Nightly are disabled
- Prevents duplicate package entries in /v2/customnode/installed API
- Cross-match using cnr_id and aux_id for CNR ↔ Nightly detection

Test Infrastructure:
- 8 test files with 59 comprehensive test cases
- Parallel test execution across 5 isolated environments
- Automated test scripts with environment setup
- Configurable timeout (60 minutes default)
- Support for both master and dr-support-pip-cm branches

Bug Fixes:
- Fix COMFYUI_CUSTOM_NODES_PATH environment variable export
- Resolve test fixture regression with module-level variables
- Fix import timing issues in test configuration
- Register pytest integration marker to eliminate warnings
- Fix POSIX compliance in shell scripts (((var++)) → $((var + 1)))

Documentation:
- CNR_VERSION_MANAGEMENT_DESIGN.md v1.0 → v1.1 with API priority rules
- Add test guides and execution documentation (TESTING_PROMPT.md)
- Add security-enhanced installation guide
- Create CLI migration guides and references
- Document package version management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-08 09:07:09 +09:00

236 lines
6.4 KiB
Markdown
Raw Permalink Blame History

# Security-Enhanced URL Installation System
## Overview
Security constraints have been added to the `install_by_url` function to control URL-based installations according to the system's security level.
## Security Level and Risk Level Framework
### Security Levels (SecurityLevel)
- **strong**: Most restrictive, only trusted sources allowed
- **normal**: Standard security, most known platforms allowed
- **normal-**: Relaxed security, additional allowances for personal cloud environments
- **weak**: Most permissive security, for local development environments
### Risk Levels (RiskLevel)
- **block**: Complete block (always denied)
- **high+**: Very high risk (only allowed in local mode + weak/normal-)
- **high**: High risk (only allowed in local mode + weak/normal- or personal cloud + weak)
- **middle+**: Medium-high risk (weak/normal/normal- allowed in local/personal cloud)
- **middle**: Medium risk (weak/normal/normal- allowed in all environments)
## URL Risk Assessment Logic
### Low Risk (middle) - Trusted Platforms
```
- github.com
- gitlab.com
- bitbucket.org
- raw.githubusercontent.com
- gitlab.io
```
### High Risk (high+) - Suspicious/Local Hosting
```
- localhost, 127.0.0.1
- Private IP ranges: 192.168.*, 10.0.*, 172.*
- Temporary hosting: ngrok.io, herokuapp.com, repl.it, glitch.me
```
### Medium-High Risk (middle+) - Unknown Domains
```
- All domains not belonging to the above categories
```
### High Risk (high) - SSH Protocol
```
- URLs starting with ssh:// or git@
```
## Implemented Security Features
### 1. Security Validation (`_validate_url_security`)
```python
async def install_by_url(self, url: str, ...):
# Security validation
security_result = self._validate_url_security(url)
if not security_result['allowed']:
return self._report_failed_install_security(url, security_result['reason'], custom_name)
```
**Features**:
- Check current security level
- Assess URL risk
- Allow/block decision based on security policy
### 2. Failure Reporting (`_report_failed_install_security`)
```python
def _report_failed_install_security(self, url: str, reason: str, custom_name=None):
# Security block logging
print(f"[SECURITY] Blocked URL installation: {url}")
# Record failed installation
self._record_failed_install_nodepack({
'type': 'url-security-block',
'url': url,
'package_name': pack_name,
'reason': reason,
'security_level': current_security_level,
'timestamp': timestamp
})
```
**Features**:
- Log blocked installation attempts to console
- Save failure information in structured format
- Return failure result as ManagedResult
### 3. Failed Installation Record Management (`_record_failed_install_nodepack`)
```python
def get_failed_install_reports(self) -> list:
return getattr(self, '_failed_installs', [])
```
**Features**:
- Maintain recent 100 failure records
- Prevent memory overflow
- Provide API for monitoring and debugging
## Usage Examples
### Behavior by Security Setting
#### Strong Security Level
```python
# Most URLs are blocked
result = await manager.install_by_url("https://github.com/user/repo")
# Result: Blocked (github is also middle risk, so blocked at strong level)
result = await manager.install_by_url("https://suspicious-domain.com/repo.git")
# Result: Blocked (middle+ risk)
```
#### Normal Security Level
```python
# Trusted platforms allowed
result = await manager.install_by_url("https://github.com/user/repo")
# Result: Allowed
result = await manager.install_by_url("https://localhost/repo.git")
# Result: Blocked (high+ risk)
```
#### Weak Security Level (Local Development Environment)
```python
# Almost all URLs allowed
result = await manager.install_by_url("https://github.com/user/repo")
# Result: Allowed
result = await manager.install_by_url("https://192.168.1.100/repo.git")
# Result: Allowed (in local mode)
result = await manager.install_by_url("git@private-server.com:user/repo.git")
# Result: Allowed
```
### Failure Monitoring
```python
manager = UnifiedManager()
# Blocked installation attempt
await manager.install_by_url("https://malicious-site.com/evil-nodes.git")
# Check failure records
failed_reports = manager.get_failed_install_reports()
for report in failed_reports:
print(f"Blocked: {report['url']} - {report['reason']}")
```
## Security Policy Matrix
| Risk Level | Strong | Normal | Normal- | Weak |
|------------|--------|--------|---------|------|
| **block** | ❌ | ❌ | ❌ | ❌ |
| **high+** | ❌ | ❌ | 🔒* | 🔒* |
| **high** | ❌ | ❌ | 🔒*/☁️** | ✅ |
| **middle+**| ❌ | ❌ | 🔒*/☁️** | ✅ |
| **middle** | ❌ | ✅ | ✅ | ✅ |
- 🔒* : Allowed only in local mode
- ☁️** : Allowed only in personal cloud mode
- ✅ : Allowed
- ❌ : Blocked
## Error Message Examples
### Security Block
```
Installation blocked by security policy: URL installation blocked by security level: strong (risk: middle)
Target: awesome-nodes@url-blocked
```
### Console Log
```
[SECURITY] Blocked URL installation: https://suspicious-domain.com/repo.git
[SECURITY] Reason: URL installation blocked by security level: normal (risk: middle+)
[SECURITY] Package: repo
```
## Configuration Recommendations
### Production Environment
```json
{
"security_level": "strong",
"network_mode": "private"
}
```
- Most restrictive settings
- Only trusted sources allowed
### Development Environment
```json
{
"security_level": "weak",
"network_mode": "local"
}
```
- Permissive settings for development convenience
- Allow local repositories and development servers
### Personal Cloud Environment
```json
{
"security_level": "normal-",
"network_mode": "personal_cloud"
}
```
- Balanced settings for personal use
- Allow personal repository access
## Security Enhancement Benefits
### 1. Malware Prevention
- Automatic blocking from unknown sources
- Filter suspicious domains and IPs
### 2. Network Security
- Control private network access
- Restrict SSH protocol usage
### 3. Audit Trail
- Record all blocked attempts
- Log security events
### 4. Flexible Policy
- Customized security levels per environment
- Distinguish between production/development environments
## Backward Compatibility
- Existing `install_by_id` function unchanged
- No security validation applied to CNR-based installations
- `install_by_id_or_url` applies security only to URLs
This security enhancement significantly improves system security while maintaining the convenience of URL-based installations.
Reference in New Issue View Git Blame Copy Permalink