wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-05-09 16:42:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
01799f8cac
ComfyUI-Manager/comfyui_manager/common
History
Dr.Lt.Data 4410ebc6a6
Some checks are pending
Publish to PyPI / build-and-publish (push) Waiting to run
Details
Python Linting / Run Ruff (push) Waiting to run
Details
fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 
Defense-in-depth over GET→POST alone: reject the three CORS-safelisted
simple-form Content-Types (x-www-form-urlencoded, multipart/form-data,
text/plain) on 16 no-body POST handlers (glob + legacy) to block
<form method=POST> CSRF that bypasses method-only gating. Move
comfyui_switch_version to a JSON body so the preflight requirement applies.
Split db_mode/policy/update/channel_url_list into GET(read) + POST(write).
Tighten do_fix (high → high+) and gate three previously-ungated config
setters at middle. Resynchronize openapi.yaml (27 paths, 30 operations,
ComfyUISwitchVersionParams as a shared $ref component). Add E2E harness
variants, Playwright config, CSRF/secgate suites, 39-endpoint coverage,
and a CHANGELOG.

Breaking: legacy per-op POST routes (install/uninstall/fix/disable/update/
reinstall/abort_current) are removed; callers already use queue/batch.
Legacy /manager/notice (v1) is removed; /v2/manager/notice is retained.

Reported-by: XlabAI Team of Tencent Xuanwu Lab
CVSS: 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H)
2026-04-22 05:04:30 +09:00
..
__init__.py fix(git): handle divergent branches safely + datetime fallback 2025-12-12 22:45:05 +09:00
cm_global.py restructuring 2025-04-13 09:26:02 +09:00
cnr_utils.py refactor(core): add verbose config, improve module lookup, fix is_valid_url 2025-12-27 03:57:19 +09:00
context.py feat: add pygit2 compatibility wrapper for standalone Desktop 2.0 installs (#2719) 2026-03-27 08:42:26 +09:00
enums.py modified: security policy 2025-06-27 01:38:38 +09:00
git_compat.py feat: add pygit2 compatibility wrapper for standalone Desktop 2.0 installs (#2719) 2026-03-27 08:42:26 +09:00
git_helper.py feat: add pygit2 compatibility wrapper for standalone Desktop 2.0 installs (#2719) 2026-03-27 08:42:26 +09:00
git_utils.py fix(api): improve import_fail_info_bulk lookup for cnr_id and aux_id 2025-12-15 02:54:30 +09:00
manager_downloader.py Merge branch 'main' into draft-v4 2025-07-24 12:41:48 +09:00
manager_security.py fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 2026-04-22 05:04:30 +09:00
manager_util.py feat(deps): add unified dependency resolver using uv pip compile (#2589) 2026-03-07 06:51:53 +09:00
node_package.py restructuring 2025-04-13 09:26:02 +09:00
README.md Merge branch 'main' into draft-v4 2025-06-01 06:23:11 +09:00
security_check.py fix(security): add litellm supply chain attack detection (PYSEC-2026-2) (#2732) 2026-03-26 04:17:50 +09:00
timestamp_utils.py feat: add pygit2 compatibility wrapper for standalone Desktop 2.0 installs (#2719) 2026-03-27 08:42:26 +09:00
unified_dep_resolver.py feat(cli): expand --uv-compile to all node management commands with conflict attribution (#2682) 2026-03-14 07:58:29 +09:00

README.md

ComfyUI-Manager: Core Backend (glob)

This directory contains the Python backend modules that power ComfyUI-Manager, handling the core functionality of node management, downloading, security, and server operations.

Core Modules

  • manager_downloader.py: Handles downloading operations for models, extensions, and other resources.
  • manager_util.py: Provides utility functions used throughout the system.

Specialized Modules

  • cm_global.py: Maintains global variables and state management across the system.
  • cnr_utils.py: Helper utilities for interacting with the custom node registry (CNR).
  • git_utils.py: Git-specific utilities for repository operations.
  • node_package.py: Handles the packaging and installation of node extensions.
  • security_check.py: Implements the multi-level security system for installation safety.