Spaces:
Running
Running
import sys | |
import subprocess | |
import os | |
def security_check(): | |
print("[START] Security scan") | |
custom_nodes_path = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..')) | |
comfyui_path = os.path.abspath(os.path.join(custom_nodes_path, '..')) | |
guide = { | |
"ComfyUI_LLMVISION": """ | |
0.Remove ComfyUI\\custom_nodes\\ComfyUI_LLMVISION. | |
1.Remove pip packages: openai-1.16.3.dist-info, anthropic-0.21.4.dist-info, openai-1.30.2.dist-info, anthropic-0.21.5.dist-info, anthropic-0.26.1.dist-info, %LocalAppData%\\rundll64.exe | |
(For portable versions, it is recommended to reinstall. If you are using a venv, it is advised to recreate the venv.) | |
2.Remove these files in your system: lib/browser/admin.py, Cadmino.py, Fadmino.py, VISION-D.exe, BeamNG.UI.exe | |
3.Check your Windows registry for the key listed above and remove it. | |
(HKEY_CURRENT_USER\\Software\\OpenAICLI) | |
4.Run a malware scanner. | |
5.Change all of your passwords, everywhere. | |
(Reinstall OS is recommended.) | |
\n | |
Detailed information: https://old.reddit.com/r/comfyui/comments/1dbls5n/psa_if_youve_used_the_comfyui_llmvision_node_from/ | |
""", | |
"lolMiner": """ | |
1. Remove pip packages: lolMiner* | |
2. Remove files: lolMiner*, 4G_Ethash_Linux_Readme.txt, mine* in ComfyUI dir. | |
(Reinstall ComfyUI is recommended.) | |
""" | |
} | |
node_blacklist = {"ComfyUI_LLMVISION": "ComfyUI_LLMVISION"} | |
pip_blacklist = {"AppleBotzz": "ComfyUI_LLMVISION"} | |
file_blacklist = { | |
"ComfyUI_LLMVISION": ["%LocalAppData%\\rundll64.exe"], | |
"lolMiner": [os.path.join(comfyui_path, 'lolMiner')] | |
} | |
installed_pips = subprocess.check_output([sys.executable, '-m', "pip", "freeze"], text=True) | |
detected = set() | |
try: | |
anthropic_info = subprocess.check_output([sys.executable, '-m', "pip", "show", "anthropic"], text=True, stderr=subprocess.DEVNULL) | |
anthropic_reqs = [x for x in anthropic_info.split('\n') if x.startswith("Requires")][0].split(': ')[1] | |
if "pycrypto" in anthropic_reqs: | |
location = [x for x in anthropic_info.split('\n') if x.startswith("Location")][0].split(': ')[1] | |
for fi in os.listdir(location): | |
if fi.startswith("anthropic"): | |
guide["ComfyUI_LLMVISION"] = f"\n0.Remove {os.path.join(location, fi)}" + guide["ComfyUI_LLMVISION"] | |
detected.add("ComfyUI_LLMVISION") | |
except subprocess.CalledProcessError: | |
pass | |
for k, v in node_blacklist.items(): | |
if os.path.exists(os.path.join(custom_nodes_path, k)): | |
print(f"[SECURITY ALERT] custom node '{k}' is dangerous.") | |
detected.add(v) | |
for k, v in pip_blacklist.items(): | |
if k in installed_pips: | |
detected.add(v) | |
break | |
for k, v in file_blacklist.items(): | |
for x in v: | |
if os.path.exists(os.path.expandvars(x)): | |
detected.add(k) | |
break | |
if len(detected) > 0: | |
for line in installed_pips.split('\n'): | |
for k, v in pip_blacklist.items(): | |
if k in line: | |
print(f"[SECURITY ALERT] '{line}' is dangerous.") | |
print("\n########################################################################") | |
print(" Malware has been detected, forcibly terminating ComfyUI execution.") | |
print("########################################################################\n") | |
for x in detected: | |
print(f"\n======== TARGET: {x} =========") | |
print(f"\nTODO:") | |
print(guide.get(x)) | |
exit(-1) | |
print("[DONE] Security scan") | |