robust validation

ltdrdata · Sep 23, 2024 · ffc095a · ffc095a
1 parent 8db932a
commit ffc095a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/glob/manager_core.py b/glob/manager_core.py
@@ -23,7 +23,7 @@
 import cm_global
 from manager_util import *
 
-version = [2, 51]
+version = [2, 51, 1]
 version_str = f"V{version[0]}.{version[1]}" + (f'.{version[2]}' if len(version) > 2 else '')
 
 

diff --git a/glob/manager_server.py b/glob/manager_server.py
@@ -47,7 +47,9 @@ def handle_stream(stream, prefix):
 
 
 def is_allowed_security_level(level):
-    if level == 'high':
+    if level == 'block':
+        return False
+    elif level == 'high':
         if is_local_mode:
             return core.get_config()['security_level'].lower() in ['weak', 'normal-']
         else:
@@ -58,7 +60,7 @@ def is_allowed_security_level(level):
         return True
 
 
-async def get_risky_level(files):
+async def get_risky_level(files, pip_packages):
     json_data1 = await core.get_data_by_mode('local', 'custom-node-list.json')
     json_data2 = await core.get_data_by_mode('cache', 'custom-node-list.json', channel_url='https://github.com/ltdrdata/ComfyUI-Manager/raw/main')
 
@@ -70,6 +72,15 @@ async def get_risky_level(files):
         if x not in all_urls:
             return "high"
 
+    all_pip_packages = set()
+    for x in json_data1['custom_nodes'] + json_data2['custom_nodes']:
+        if "pip" in x:
+            all_pip_packages.update(x['pip'])
+
+    for p in pip_packages:
+        if p not in all_pip_packages:
+            return "block"
+
     return "middle"
 
 
@@ -791,7 +802,7 @@ async def install_custom_node(request):
 
     json_data = await request.json()
 
-    risky_level = await get_risky_level(json_data['files'])
+    risky_level = await get_risky_level(json_data['files'], json_data.get('pip', []))
     if not is_allowed_security_level(risky_level):
         print(SECURITY_MESSAGE_GENERAL)
         return web.Response(status=404)

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [project]
 name = "comfyui-manager"
 description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI."
-version = "2.51"
+version = "2.51.1"
 license = { file = "LICENSE.txt" }
 dependencies = ["GitPython", "PyGithub", "matrix-client==0.4.0", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions"]