Spaces:
Sleeping
Sleeping
File size: 3,635 Bytes
4450790 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
import sys
import subprocess
import os
def security_check():
print("[START] Security scan")
custom_nodes_path = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
comfyui_path = os.path.abspath(os.path.join(custom_nodes_path, '..'))
guide = {
"ComfyUI_LLMVISION": """
0.Remove ComfyUI\\custom_nodes\\ComfyUI_LLMVISION.
1.Remove pip packages: openai-1.16.3.dist-info, anthropic-0.21.4.dist-info, openai-1.30.2.dist-info, anthropic-0.21.5.dist-info, anthropic-0.26.1.dist-info, %LocalAppData%\\rundll64.exe
(For portable versions, it is recommended to reinstall. If you are using a venv, it is advised to recreate the venv.)
2.Remove these files in your system: lib/browser/admin.py, Cadmino.py, Fadmino.py, VISION-D.exe, BeamNG.UI.exe
3.Check your Windows registry for the key listed above and remove it.
(HKEY_CURRENT_USER\\Software\\OpenAICLI)
4.Run a malware scanner.
5.Change all of your passwords, everywhere.
(Reinstall OS is recommended.)
\n
Detailed information: https://old.reddit.com/r/comfyui/comments/1dbls5n/psa_if_youve_used_the_comfyui_llmvision_node_from/
""",
"lolMiner": """
1. Remove pip packages: lolMiner*
2. Remove files: lolMiner*, 4G_Ethash_Linux_Readme.txt, mine* in ComfyUI dir.
(Reinstall ComfyUI is recommended.)
"""
}
node_blacklist = {"ComfyUI_LLMVISION": "ComfyUI_LLMVISION"}
pip_blacklist = {"AppleBotzz": "ComfyUI_LLMVISION"}
file_blacklist = {
"ComfyUI_LLMVISION": ["%LocalAppData%\\rundll64.exe"],
"lolMiner": [os.path.join(comfyui_path, 'lolMiner')]
}
installed_pips = subprocess.check_output([sys.executable, '-m', "pip", "freeze"], text=True)
detected = set()
try:
anthropic_info = subprocess.check_output([sys.executable, '-m', "pip", "show", "anthropic"], text=True, stderr=subprocess.DEVNULL)
anthropic_reqs = [x for x in anthropic_info.split('\n') if x.startswith("Requires")][0].split(': ')[1]
if "pycrypto" in anthropic_reqs:
location = [x for x in anthropic_info.split('\n') if x.startswith("Location")][0].split(': ')[1]
for fi in os.listdir(location):
if fi.startswith("anthropic"):
guide["ComfyUI_LLMVISION"] = f"\n0.Remove {os.path.join(location, fi)}" + guide["ComfyUI_LLMVISION"]
detected.add("ComfyUI_LLMVISION")
except subprocess.CalledProcessError:
pass
for k, v in node_blacklist.items():
if os.path.exists(os.path.join(custom_nodes_path, k)):
print(f"[SECURITY ALERT] custom node '{k}' is dangerous.")
detected.add(v)
for k, v in pip_blacklist.items():
if k in installed_pips:
detected.add(v)
break
for k, v in file_blacklist.items():
for x in v:
if os.path.exists(os.path.expandvars(x)):
detected.add(k)
break
if len(detected) > 0:
for line in installed_pips.split('\n'):
for k, v in pip_blacklist.items():
if k in line:
print(f"[SECURITY ALERT] '{line}' is dangerous.")
print("\n########################################################################")
print(" Malware has been detected, forcibly terminating ComfyUI execution.")
print("########################################################################\n")
for x in detected:
print(f"\n======== TARGET: {x} =========")
print(f"\nTODO:")
print(guide.get(x))
exit(-1)
print("[DONE] Security scan")
|