Metrics:
Total lines of code: 10424
Total lines skipped (#nosec): 0

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Impact-Pack/__init__.py
Line number: 498
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
494	                                 {'version': config.version_code,
495	                                  'name': 'Impact Pack',
496	                                  'nodes': set(NODE_CLASS_MAPPINGS.keys()),
497	                                  'description': 'This extension provides inpainting functionality based on the detector and detailer, along with convenient workflow features like wildcards and logics.', })
498	except:
499	    pass
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/disable.py
Line number: 6
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
2	import sys
3	import time
4	import platform
5	import shutil
6	import subprocess
7	
8	comfy_path = '../..'
9
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/disable.py
Line number: 18
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
14	        try:
15	            retry_count -= 1
16	
17	            if platform.system() == "Windows":
18	                subprocess.check_call(['attrib', '-R', path + '\\*', '/S'])
19	
20	            shutil.rmtree(path)
21
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/disable.py
Line number: 18
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
14	        try:
15	            retry_count -= 1
16	
17	            if platform.system() == "Windows":
18	                subprocess.check_call(['attrib', '-R', path + '\\*', '/S'])
19	
20	            shutil.rmtree(path)
21
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/install.py
Line number: 4
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import os
2	import shutil
3	import sys
4	import subprocess
5	import threading
6	import locale
7	import traceback
8	import re
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/install.py
Line number: 39
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
35	            
36	
37	def process_wrap(cmd_str, cwd=None, handler=None):
38	    print(f"[Impact Pack] EXECUTE: {cmd_str} in '{cwd}'")
39	    process = subprocess.Popen(cmd_str, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)
40	
41	    if handler is None:
42	        handler = handle_stream
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/install.py
Line number: 65
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
61	    global pip_list
62	
63	    if pip_list is None:
64	        try:
65	            result = subprocess.check_output([sys.executable, '-m', 'pip', 'list'], universal_newlines=True)
66	            pip_list = set([line.split()[0].lower() for line in result.split('\n') if line.strip()])
67	        except subprocess.CalledProcessError as e:
68	            print(f"[ComfyUI-Manager] Failed to retrieve the information of installed pip packages.")
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/additional_dependencies.py
Line number: 2
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import sys
2	import subprocess
3	
4	
5	def ensure_onnx_package():
6	    try:
7	        import onnxruntime
8	    except Exception:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/additional_dependencies.py
Line number: 10
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
6	    try:
7	        import onnxruntime
8	    except Exception:
9	        if "python_embeded" in sys.executable or "python_embedded" in sys.executable:
10	            subprocess.check_call([sys.executable, '-s', '-m', 'pip', 'install', 'onnxruntime'])
11	        else:
12	            subprocess.check_call([sys.executable, '-s', '-m', 'pip', 'install', 'onnxruntime'])
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/additional_dependencies.py
Line number: 12
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
8	    except Exception:
9	        if "python_embeded" in sys.executable or "python_embedded" in sys.executable:
10	            subprocess.check_call([sys.executable, '-s', '-m', 'pip', 'install', 'onnxruntime'])
11	        else:
12	            subprocess.check_call([sys.executable, '-s', '-m', 'pip', 'install', 'onnxruntime'])
blacklist: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Test ID: B311
Severity: LOW
Confidence: HIGH
CWE: CWE-330
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/bridge_nodes.py
Line number: 164
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random
160	        super().__init__()
161	        self.output_dir = folder_paths.get_temp_directory()
162	        self.type = "temp"
163	        self.prev_hash = None
164	        self.prefix_append = "_temp_" + ''.join(random.choice("abcdefghijklmnopqrstupvxyz") for x in range(5))
165	
166	    @staticmethod
167	    def load_image(pb_id):
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/impact_server.py
Line number: 383
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
379	                            and 'value' in input_node['inputs'] and 'typ' in input_node['inputs']):
380	                        if 'BOOLEAN' == input_node['inputs']['typ']:
381	                            try:
382	                                onprompt_cond_branch_info[k] = input_node['inputs']['value'].lower() == "true"
383	                            except:
384	                                pass
385	                else:
386	                    onprompt_cond_branch_info[k] = cond_input
387
blacklist: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Test ID: B311
Severity: LOW
Confidence: HIGH
CWE: CWE-330
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/impact_server.py
Line number: 464
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random
460	                new_seed = v['inputs']['seed_2nd']-1
461	                if new_seed < 0:
462	                    new_seed = 1125899906842624
463	            elif seed_2nd_mode == 'randomize':
464	                new_seed = random.randint(0, 1125899906842624)
465	
466	            if new_seed is not None:
467	                PromptServer.instance.send_sync("impact-node-feedback", {"node_id": k, "widget_name": "seed_2nd", "type": "INT", "value": new_seed})
try_except_continue: Try, Except, Continue detected.
Test ID: B112
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/impact_server.py
Line number: 492
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b112_try_except_continue.html
488	                                continue
489	                        else:
490	                            print(f"[Impact Pack] Only `ImpactInt`, `Seed (rgthree)` and `Primitive` Node are allowed as the seed for '{v['class_type']}'. It will be ignored. ")
491	                            continue
492	                    except:
493	                        continue
494	                else:
495	                    input_seed = int(inputs['seed'])
496
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/sample_error_enhancer.py
Line number: 16
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
12	        try:
13	            if 'mat1 and mat2 shapes cannot be multiplied' in e.args[0]:
14	                if 'torch.nn.functional.linear' in traceback.format_exc().strip().split('\n')[-3]:
15	                    is_model_mix_issue = True
16	        except:
17	            pass
18	
19	        if is_model_mix_issue:
20	            raise RuntimeError("\n\n#### It seems that models and clips are mixed and interconnected between SDXL Base, SDXL Refiner, SD1.x, and SD2.x. Please verify. ####\n\n")
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/segs_nodes.py
Line number: 1402
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
1398	
1399	        for pick in picks.split(","):
1400	            try:
1401	                pick_ids.add(int(pick)-1)
1402	            except Exception:
1403	                pass
1404	
1405	        new_segs = []
1406	        for i in pick_ids:
yaml_load: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
Test ID: B506
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-20
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/wildcards.py
Line number: 62
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b506_yaml_load.html
58	                        wildcard_dict[key] = lines
59	            elif file.endswith('.yaml'):
60	                file_path = os.path.join(root, file)
61	                with open(file_path, 'r') as f:
62	                    yaml_data = yaml.load(f, Loader=yaml.FullLoader)
63	
64	                    for k, v in yaml_data.items():
65	                        read_wildcard(k, v)
blacklist: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Test ID: B311
Severity: LOW
Confidence: HIGH
CWE: CWE-330
File: /custom_nodes/ComfyUI-Impact-Pack/modules/impact/wildcards.py
Line number: 443
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random
439	        if i < len(matches):
440	            if matches[i] == '[SEP]':
441	                result_list.append(None)
442	            elif matches[i] == '[SEP:R]':
443	                result_list.append(random.randint(0, 1125899906842624))
444	            else:
445	                try:
446	                    seed = int(matches[i][5:-1])
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/uninstall.py
Line number: 6
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
2	import sys
3	import time
4	import platform
5	import shutil
6	import subprocess
7	
8	comfy_path = '../..'
9
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/uninstall.py
Line number: 18
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
14	        try:
15	            retry_count -= 1
16	
17	            if platform.system() == "Windows":
18	                subprocess.check_call(['attrib', '-R', path + '\\*', '/S'])
19	
20	            shutil.rmtree(path)
21
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Impact-Pack/uninstall.py
Line number: 18
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
14	        try:
15	            retry_count -= 1
16	
17	            if platform.system() == "Windows":
18	                subprocess.check_call(['attrib', '-R', path + '\\*', '/S'])
19	
20	            shutil.rmtree(path)
21