wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-06-24 00:39:30 +08:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

fix: V-002 security vulnerability

Browse Source 
Automated security fix generated by OrbisAI Security
This commit is contained in:
orbisai0security 2026-06-14 01:36:41 +00:00
parent a1d95f3f82
commit 06eb3253eb
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
api_server/routes/internal/internal_routes.py
View File

@ -3,8 +3,21 @@ from typing import Optional
from folder_paths import folder_names_and_paths, get_directory_by_type from folder_paths import folder_names_and_paths, get_directory_by_type
from api_server.services.terminal_service import TerminalService from api_server.services.terminal_service import TerminalService
import app.logger import app.logger
import ipaddress
import os import os
@web.middleware
async def _local_only_middleware(request: web.Request, handler):
"""Restrict access to localhost connections only."""
remote = request.remote or ""
try:
if not ipaddress.ip_address(remote).is_loopback:
raise web.HTTPForbidden(reason="Internal routes are only accessible from localhost")
except ValueError:
raise web.HTTPForbidden(reason="Internal routes are only accessible from localhost")
return await handler(request)
class InternalRoutes: class InternalRoutes:
''' '''
The top level web router for internal routes: /internal/* The top level web router for internal routes: /internal/*
@ -72,7 +85,7 @@ class InternalRoutes:
def get_app(self): def get_app(self):
if self._app is None: if self._app is None:
self._app = web.Application() self._app = web.Application(middlewares=[_local_only_middleware])
self.setup_routes() self.setup_routes()
self._app.add_routes(self.routes) self._app.add_routes(self.routes)
return self._app return self._app