wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-05-10 00:52:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
manager-v4
ComfyUI-Manager/tests/e2e/test_e2e_git_clone.py
Dr.Lt.Data 4410ebc6a6
Some checks are pending
Publish to PyPI / build-and-publish (push) Waiting to run
Details
Python Linting / Run Ruff (push) Waiting to run
Details
fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 
Defense-in-depth over GET→POST alone: reject the three CORS-safelisted
simple-form Content-Types (x-www-form-urlencoded, multipart/form-data,
text/plain) on 16 no-body POST handlers (glob + legacy) to block
<form method=POST> CSRF that bypasses method-only gating. Move
comfyui_switch_version to a JSON body so the preflight requirement applies.
Split db_mode/policy/update/channel_url_list into GET(read) + POST(write).
Tighten do_fix (high → high+) and gate three previously-ungated config
setters at middle. Resynchronize openapi.yaml (27 paths, 30 operations,
ComfyUISwitchVersionParams as a shared $ref component). Add E2E harness
variants, Playwright config, CSRF/secgate suites, 39-endpoint coverage,
and a CHANGELOG.

Breaking: legacy per-op POST routes (install/uninstall/fix/disable/update/
reinstall/abort_current) are removed; callers already use queue/batch.
Legacy /manager/notice (v1) is removed; /v2/manager/notice is retained.

Reported-by: XlabAI Team of Tencent Xuanwu Lab
CVSS: 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H)
2026-04-22 05:04:30 +09:00

346 lines
13 KiB
Python
Raw Permalink Blame History

"""E2E tests for git-clone-based node installation via ComfyUI Manager API.
Starts a real ComfyUI instance and installs custom nodes by URL (nightly mode),
which triggers git_helper.py as a subprocess. This is the code path that crashed
on Windows with ModuleNotFoundError (Phase 1) and exit 128 (Phase 2).
Requires a pre-built E2E environment (from setup_e2e_env.py).
Set E2E_ROOT env var to point at it, or the tests will be skipped.
Supply-chain safety policy:
Only install from verified, controllable authors (ltdrdata).
Usage:
E2E_ROOT=/tmp/e2e_full_test pytest tests/e2e/test_e2e_git_clone.py -v
"""
from __future__ import annotations
import os
import shutil
import subprocess
import sys
import time
import pytest
import requests
E2E_ROOT = os.environ.get("E2E_ROOT", "")
COMFYUI_PATH = os.path.join(E2E_ROOT, "comfyui") if E2E_ROOT else ""
CUSTOM_NODES = os.path.join(COMFYUI_PATH, "custom_nodes") if COMFYUI_PATH else ""
PORT = 8198 # Different port from endpoint tests to avoid conflicts
BASE_URL = f"http://127.0.0.1:{PORT}"
REPO_TEST1 = "https://github.com/ltdrdata/nodepack-test1-do-not-install"
PACK_TEST1 = "nodepack-test1-do-not-install"
POLL_TIMEOUT = 60
POLL_INTERVAL = 1.0
pytestmark = pytest.mark.skipif(
not E2E_ROOT or not os.path.isfile(os.path.join(E2E_ROOT, ".e2e_setup_complete")),
reason="E2E_ROOT not set or E2E environment not ready",
)
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
_comfyui_proc: subprocess.Popen | None = None
def _venv_python() -> str:
if sys.platform == "win32":
return os.path.join(E2E_ROOT, "venv", "Scripts", "python.exe")
return os.path.join(E2E_ROOT, "venv", "bin", "python")
def _cm_cli_path() -> str:
if sys.platform == "win32":
return os.path.join(E2E_ROOT, "venv", "Scripts", "cm-cli.exe")
return os.path.join(E2E_ROOT, "venv", "bin", "cm-cli")
def _ensure_cache():
"""Run cm-cli update-cache (blocking) to populate Manager cache before tests."""
env = {**os.environ, "COMFYUI_PATH": COMFYUI_PATH}
r = subprocess.run(
[_cm_cli_path(), "update-cache"],
capture_output=True, text=True, timeout=120, env=env,
)
if r.returncode != 0:
raise RuntimeError(f"update-cache failed:\n{r.stderr}")
def _start_comfyui() -> int:
"""Start ComfyUI via Popen (cross-platform, no bash dependency)."""
global _comfyui_proc # noqa: PLW0603
log_dir = os.path.join(E2E_ROOT, "logs")
os.makedirs(log_dir, exist_ok=True)
log_path = os.path.join(log_dir, "comfyui.log")
# Open the log file for the subprocess. We must keep this fd open while
# the process runs, but MUST close it on any exit path to avoid handle
# leaks (particularly on Windows where open handles block rmtree).
log_file = open(log_path, "w") # noqa: SIM115
def _read_tail() -> str:
with open(log_path) as f:
return f.read()[-2000:]
env = {
**os.environ,
"COMFYUI_PATH": COMFYUI_PATH,
"PYTHONUNBUFFERED": "1",
}
try:
_comfyui_proc = subprocess.Popen(
[_venv_python(), "-u", os.path.join(COMFYUI_PATH, "main.py"),
"--listen", "127.0.0.1", "--port", str(PORT),
"--cpu", "--enable-manager"],
stdout=log_file, stderr=subprocess.STDOUT,
env=env,
)
# Wait for server to be ready.
# Manager may restart ComfyUI after startup dependency install (exit 0 → re-launch).
# If the process exits with code 0, keep polling — the restarted process will bind the port.
deadline = time.monotonic() + 120
while time.monotonic() < deadline:
try:
r = requests.get(f"{BASE_URL}/system_stats", timeout=2)
if r.status_code == 200:
return _comfyui_proc.pid
except requests.ConnectionError:
pass
if _comfyui_proc.poll() is not None:
if _comfyui_proc.returncode != 0:
log_file.close()
raise RuntimeError(
f"ComfyUI exited with code {_comfyui_proc.returncode}:\n{_read_tail()}"
)
# exit 0 = Manager restart. Keep polling for the restarted process.
time.sleep(1)
raise RuntimeError(f"ComfyUI did not start within 120s. Log:\n{_read_tail()}")
except Exception:
# Ensure log_file handle is released on any failure
try:
log_file.close()
except Exception: # noqa: BLE001
pass
raise
def _stop_comfyui():
"""Stop ComfyUI process."""
global _comfyui_proc # noqa: PLW0603
if _comfyui_proc is None:
return
_comfyui_proc.terminate()
try:
_comfyui_proc.wait(timeout=10)
except subprocess.TimeoutExpired:
_comfyui_proc.kill()
_comfyui_proc = None
def _queue_task(task: dict) -> None:
"""Queue a Manager task and start the worker."""
resp = requests.post(f"{BASE_URL}/v2/manager/queue/task", json=task, timeout=10)
resp.raise_for_status()
requests.post(f"{BASE_URL}/v2/manager/queue/start", timeout=10)
def _remove_pack(name: str) -> None:
"""Remove a node pack from custom_nodes.
On Windows, file locks (antivirus, git handles) can prevent immediate
deletion. Strategy: retry rmtree, then fall back to rename (moves the
directory out of the resolver's scan path so stale deps don't leak).
"""
path = os.path.join(CUSTOM_NODES, name)
if os.path.islink(path):
os.unlink(path)
return
if not os.path.isdir(path):
return
for attempt in range(3):
try:
shutil.rmtree(path)
return
except OSError:
if attempt < 2:
time.sleep(1)
# Fallback: rename out of custom_nodes so resolver won't scan it
import uuid
trash = os.path.join(CUSTOM_NODES, f".trash_{uuid.uuid4().hex[:8]}")
try:
os.rename(path, trash)
shutil.rmtree(trash, ignore_errors=True)
except OSError:
shutil.rmtree(path, ignore_errors=True)
def _pack_exists(name: str) -> bool:
return os.path.isdir(os.path.join(CUSTOM_NODES, name))
def _wait_for(predicate, timeout=POLL_TIMEOUT, interval=POLL_INTERVAL):
"""Poll predicate until True or timeout."""
deadline = time.monotonic() + timeout
while time.monotonic() < deadline:
if predicate():
return True
time.sleep(interval)
return False
# ---------------------------------------------------------------------------
# Fixtures
# ---------------------------------------------------------------------------
@pytest.fixture(scope="module")
def comfyui():
"""Populate cache, start ComfyUI, stop after all tests."""
_remove_pack(PACK_TEST1)
_ensure_cache()
pid = _start_comfyui()
yield pid
_stop_comfyui()
_remove_pack(PACK_TEST1)
# ---------------------------------------------------------------------------
# Tests: nightly (URL) install via Manager API → git_helper.py subprocess
#
# Single sequential test to avoid autouse cleanup races. The task queue
# is async so we poll for completion between steps.
# ---------------------------------------------------------------------------
_INSTALL_PARAMS = {
"id": PACK_TEST1,
"selected_version": "nightly",
"mode": "remote",
"channel": "default",
"repository": REPO_TEST1,
"version": "1.0.0",
}
class TestNightlyInstallCycle:
"""Full nightly install/verify/uninstall cycle in one test class.
Tests MUST run in order (install → verify → uninstall). pytest preserves
method definition order within a class.
"""
def test_01_nightly_install(self, comfyui):
"""Nightly install should git-clone the requested repo AND .git/config remote.origin.url matches.
WI-N strengthening: previously only `pack_exists + .git/ dir`. The
`.git/` directory alone proves *some* git artifact exists but NOT
that the clone targeted the requested URL — a regression where the
manager clones the wrong repo (or a cached stale one) would still
pass the old test. We now parse `.git/config` and assert the
`[remote "origin"] url = ...` line matches REPO_TEST1 (with or
without `.git` suffix — git accepts both forms).
"""
_remove_pack(PACK_TEST1)
assert not _pack_exists(PACK_TEST1), (
f"Failed to clean {PACK_TEST1} — file locks may be holding the directory"
)
_queue_task({
"ui_id": "e2e-nightly-install",
"client_id": "e2e-nightly",
"kind": "install",
"params": _INSTALL_PARAMS,
})
assert _wait_for(lambda: _pack_exists(PACK_TEST1)), (
f"{PACK_TEST1} not cloned within {POLL_TIMEOUT}s"
)
# Verify .git directory exists (git clone, not zip download)
pack_dir = os.path.join(CUSTOM_NODES, PACK_TEST1)
git_dir = os.path.join(pack_dir, ".git")
assert os.path.isdir(git_dir), "No .git directory — not a git clone"
# Parse .git/config for [remote "origin"] url and cross-check against
# the requested repo URL. Git stores either `REPO` or `REPO.git`.
git_config = os.path.join(git_dir, "config")
assert os.path.isfile(git_config), (
f".git/config missing at {git_config} — corrupted clone?"
)
import configparser
cp = configparser.ConfigParser()
cp.read(git_config)
origin_section = 'remote "origin"'
assert origin_section in cp, (
f"[{origin_section}] section missing from .git/config: sections={cp.sections()!r}"
)
remote_url = cp[origin_section].get("url", "").rstrip("/")
acceptable = {REPO_TEST1, REPO_TEST1 + ".git", REPO_TEST1.rstrip("/"), REPO_TEST1.rstrip("/") + ".git"}
assert remote_url in acceptable or remote_url.rstrip(".git") == REPO_TEST1.rstrip(".git"), (
f".git/config remote.origin.url mismatch — expected one of "
f"{sorted(acceptable)}, got {remote_url!r}. The clone targeted "
f"the wrong repository!"
)
def test_02_no_module_error(self, comfyui):
"""Server log must not contain ModuleNotFoundError (Phase 1 regression)."""
log_path = os.path.join(E2E_ROOT, "logs", "comfyui.log")
if not os.path.isfile(log_path):
pytest.skip("Log file not found (server may use different log path)")
with open(log_path) as f:
log = f.read()
assert "ModuleNotFoundError" not in log, (
"ModuleNotFoundError in server log — git_helper.py import isolation broken"
)
def test_03_nightly_uninstall(self, comfyui):
"""Uninstall the nightly-installed pack from disk AND from API installed-index.
WI-N strengthening: previously FS-only. The installed-index API is the
authoritative Manager contract; FS-deletion alone is insufficient to
call the operation "uninstalled". Cross-check that the pack key is
absent from `/v2/customnode/installed` response.
"""
if not _pack_exists(PACK_TEST1):
pytest.skip("Pack not installed (previous test may have failed)")
_queue_task({
"ui_id": "e2e-nightly-uninst",
"client_id": "e2e-nightly",
"kind": "uninstall",
"params": {
"node_name": PACK_TEST1,
},
})
assert _wait_for(lambda: not _pack_exists(PACK_TEST1)), (
f"{PACK_TEST1} still exists after uninstall ({POLL_TIMEOUT}s timeout)"
)
# API cross-check: pack must be absent from /v2/customnode/installed.
# Nightly packs appear keyed by directory name (no cnr_id for git-URL installs),
# so membership check uses the pack's dir name.
resp = requests.get(f"{BASE_URL}/v2/customnode/installed", timeout=10)
resp.raise_for_status()
installed = resp.json()
assert PACK_TEST1 not in installed, (
f"FS delete succeeded but {PACK_TEST1!r} still present in "
f"/v2/customnode/installed — cache-invalidation regression. "
f"Keys: {list(installed.keys())}"
)
# Defensive: also check by aux_id / cnr_id in case of schema variation.
for pkg_key, pkg in installed.items():
if isinstance(pkg, dict):
assert (
pkg.get("cnr_id") != PACK_TEST1
and pkg.get("aux_id") != PACK_TEST1
), (
f"Installed entry {pkg_key!r} still references {PACK_TEST1!r} "
f"via cnr_id/aux_id: {pkg!r}"
)
Reference in New Issue View Git Blame Copy Permalink