mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2026-03-18 07:35:05 +08:00
dd9f4d1a32
Fixes #12352 The previous validation incorrectly rejected filenames with consecutive dots (e.g., test..png) by checking if '..' exists anywhere in the filename. This commit refines the validation to: - Block actual path traversal patterns: '../', '/..' - Block filenames starting with '..' (e.g., '..secret') - Block absolute paths starting with '/' - Allow consecutive dots in filenames (e.g., 'test..png', 'my...file.jpg') Changes: - Updated validation logic in /view and /upload/mask endpoints - Added comprehensive test suite covering both security and functionality - All tests pass: blocks path traversal, allows valid filenames with dots |
||
|---|---|---|
| .. | ||
| app_test | ||
| assets_test | ||
| comfy_api_test | ||
| comfy_extras_test | ||
| comfy_quant | ||
| comfy_test | ||
| execution_test | ||
| folder_paths_test | ||
| prompt_server_test | ||
| server/utils | ||
| server_test | ||
| utils | ||
| feature_flags_test.py | ||
| README.md | ||
| requirements.txt | ||
| websocket_feature_flags_test.py | ||
Pytest Unit Tests
Install test dependencies
pip install -r tests-unit/requirements.txt
Run tests
pytest tests-unit/