From 50b9844215335ec8797df556b8c60737fb883d38 Mon Sep 17 00:00:00 2001 From: "Dr.Lt.Data" Date: Sun, 21 Jul 2024 13:25:57 +0900 Subject: [PATCH] Security policy changed. 'normal' is changed to 'normal-' and 'normal-' doesn't allow high-security features even if ComfyUI is running with local hosting. --- README.md | 4 ++++ glob/manager_core.py | 2 +- glob/manager_server.py | 12 ++++++------ pyproject.toml | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1d4bc2d9..83282239 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ ![menu](misc/menu.jpg) ## NOTICE +* V2.47: Security policy has been changed. The former 'normal' is now 'normal-', and 'normal' no longer allows high-risk features, even if your ComfyUI is local. * V2.37 Show a ✅ mark to accounts that have been active on GitHub for more than six months. * V2.33 Security policy is applied. * V2.21 [cm-cli](docs/en/cm-cli.md) tool is added. @@ -350,6 +351,9 @@ When you run the `scan.sh` script: * `strong` * doesn't allow `high` and `middle` level risky feature * `normal` + * doesn't allow `high` level risky feature + * `middle` level risky feature is available + * `normal-` * doesn't allow `high` level risky feature if `--listen` is specified and not starts with `127.` * `middle` level risky feature is available * `weak` diff --git a/glob/manager_core.py b/glob/manager_core.py index a04c4e66..3c0470fb 100644 --- a/glob/manager_core.py +++ b/glob/manager_core.py @@ -23,7 +23,7 @@ sys.path.append(glob_path) import cm_global from manager_util import * -version = [2, 46, 5] +version = [2, 47] version_str = f"V{version[0]}.{version[1]}" + (f'.{version[2]}' if len(version) > 2 else '') diff --git a/glob/manager_server.py b/glob/manager_server.py index 7fe5f564..c041368d 100644 --- a/glob/manager_server.py +++ b/glob/manager_server.py @@ -48,11 +48,11 @@ is_local_mode = args.listen.startswith('127.') or args.listen.startswith('local. def is_allowed_security_level(level): if level == 'high': if is_local_mode: - return core.get_config()['security_level'].lower() in ['weak', 'normal'] + return core.get_config()['security_level'].lower() in ['weak', 'normal-'] else: return core.get_config()['security_level'].lower() == 'weak' elif level == 'middle': - return core.get_config()['security_level'].lower() in ['weak', 'normal'] + return core.get_config()['security_level'].lower() in ['weak', 'normal', 'normal-'] else: return True @@ -858,7 +858,7 @@ async def fix_custom_node(request): @PromptServer.instance.routes.post("/customnode/install/git_url") async def install_custom_node_git_url(request): if not is_allowed_security_level('high'): - print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.") + print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") return web.Response(status=403) url = await request.text() @@ -874,7 +874,7 @@ async def install_custom_node_git_url(request): @PromptServer.instance.routes.post("/customnode/install/pip") async def install_custom_node_git_url(request): if not is_allowed_security_level('high'): - print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.") + print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") return web.Response(status=403) packages = await request.text() @@ -990,7 +990,7 @@ async def install_model(request): return web.Response(status=403) if not json_data['filename'].endswith('.safetensors') and not is_allowed_security_level('high'): - print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.") + print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") return web.Response(status=403) res = False @@ -1040,7 +1040,7 @@ manager_terminal_hook = ManagerTerminalHook() @PromptServer.instance.routes.get("/manager/terminal") async def terminal_mode(request): if not is_allowed_security_level('high'): - print(f"ERROR: To use this action, a security_level of `weak` is required. Please contact the administrator.") + print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") return web.Response(status=403) if "mode" in request.rel_url.query: diff --git a/pyproject.toml b/pyproject.toml index 041057b7..ed5153b2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "comfyui-manager" description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI." -version = "2.46.5" +version = "2.47" license = "LICENSE" dependencies = ["GitPython", "PyGithub", "matrix-client==0.4.0", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions"]