Metrics:
Total lines of code: 3968
Total lines skipped (#nosec): 0

blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/cm-cli.py
Line number: 7
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
3	import sys
4	import traceback
5	import json
6	import asyncio
7	import subprocess
8	import shutil
9	import concurrent
10	import threading
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/cm-cli.py
Line number: 78
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
74	                for line in file:
75	                    package_name = core.remap_pip_package(line.strip())
76	                    if package_name and not core.is_installed(package_name):
77	                        install_cmd = [sys.executable, "-m", "pip", "install", package_name]
78	                        output = subprocess.check_output(install_cmd, cwd=repo_path, text=True)
79	                        for msg_line in output.split('\n'):
80	                            if 'Requirement already satisfied:' in msg_line:
81	                                print('.', end='')
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/cm-cli.py
Line number: 88
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
84	
85	        if os.path.exists(install_script_path) and f'{repo_path}/install.py' not in processed_install:
86	            processed_install.add(f'{repo_path}/install.py')
87	            install_cmd = [sys.executable, install_script_path]
88	            output = subprocess.check_output(install_cmd, cwd=repo_path, text=True)
89	            for msg_line in output.split('\n'):
90	                if 'Requirement already satisfied:' in msg_line:
91	                    print('.', end='')
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/cm-cli.py
Line number: 174
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
170	                    is_failed = True
171	
172	        print(f"Restore snapshot.")
173	        cmd_str = [sys.executable, git_script_path, '--apply-snapshot', snapshot_path] + extras
174	        output = subprocess.check_output(cmd_str, cwd=custom_nodes_path, text=True)
175	        msg_lines = output.split('\n')
176	        extract_infos(msg_lines)
177	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/cm-cli.py
Line number: 226
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
222	            items = default_conf['downgrade_blacklist'].split(',')
223	            items = [x.strip() for x in items if x != '']
224	            cm_global.pip_downgrade_blacklist += items
225	            cm_global.pip_downgrade_blacklist = list(set(cm_global.pip_downgrade_blacklist))
226	    except:
227	        pass
228	
229	
230	read_downgrade_blacklist()
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 1
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import subprocess
2	import sys
3	import os
4	import traceback
5	
6	import git
7	import configparser
8	import re
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 351
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
347	    if '--pip-non-url' in options:
348	        # try all at once
349	        res = 1
350	        try:
351	            res = subprocess.check_call([sys.executable, '-m', 'pip', 'install'] + non_url)
352	        except:
353	            pass
354	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 352
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
348	        # try all at once
349	        res = 1
350	        try:
351	            res = subprocess.check_call([sys.executable, '-m', 'pip', 'install'] + non_url)
352	        except:
353	            pass
354	
355	        # fallback
356	        if res != 0:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 360
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
356	        if res != 0:
357	            for x in non_url:
358	                res = 1
359	                try:
360	                    res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
361	                except:
362	                    pass
363	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 361
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
357	            for x in non_url:
358	                res = 1
359	                try:
360	                    res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
361	                except:
362	                    pass
363	
364	                if res != 0:
365	                    failed.append(x)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 371
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
367	    if '--pip-non-local-url' in options:
368	        for x in non_local_url:
369	            res = 1
370	            try:
371	                res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
372	            except:
373	                pass
374	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 372
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
368	        for x in non_local_url:
369	            res = 1
370	            try:
371	                res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
372	            except:
373	                pass
374	
375	            if res != 0:
376	                failed.append(x)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 382
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
378	    if '--pip-local-url' in options:
379	        for x in local_url:
380	            res = 1
381	            try:
382	                res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
383	            except:
384	                pass
385	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/git_helper.py
Line number: 383
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
379	        for x in local_url:
380	            res = 1
381	            try:
382	                res = subprocess.check_call([sys.executable, '-m', 'pip', 'install', x])
383	            except:
384	                pass
385	
386	            if res != 0:
387	                failed.append(x)
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 3
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import os
2	import sys
3	import subprocess
4	import re
5	import shutil
6	import configparser
7	import platform
8	from datetime import datetime
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 69
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
65	    global pip_map
66	
67	    if pip_map is None:
68	        try:
69	            result = subprocess.check_output([sys.executable, '-m', 'pip', 'list'], universal_newlines=True)
70	
71	            pip_map = {}
72	            for line in result.split('\n'):
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 184
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
180	        if len(cmd) > 0 and cmd[0].startswith("#"):
181	            print(f"[ComfyUI-Manager] Unexpected behavior: `{cmd}`")
182	            return 0
183	
184	        subprocess.check_call(cmd, cwd=cwd)
185	
186	        return 0
187	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 309
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
305	                    print("\n\n###################################################################")
306	                    print(f"[WARN] ComfyUI-Manager: Your ComfyUI version ({comfy_ui_revision})[{comfy_ui_commit_datetime.date()}] is too old. Please update to the latest version.")
307	                    print(f"[WARN] The extension installation feature may not work properly in the current installed ComfyUI version on Windows environment.")
308	                    print("###################################################################\n\n")
309	            except:
310	                pass
311	
312	        if code != 0:
313	            if url is None:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 328
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
324	        command = [sys.executable, git_script_path, "--pull", path]
325	    else:
326	        command = [sys.executable, git_script_path, "--check", path]
327	
328	    process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=custom_nodes_path)
329	    output, _ = process.communicate()
330	    output = output.decode('utf-8').strip()
331	
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 337
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
333	        # fix and try again
334	        safedir_path = path.replace('\\', '/')
335	        try:
336	            print(f"[ComfyUI-Manager] Try fixing 'dubious repository' error on '{safedir_path}' repo")
337	            process = subprocess.Popen(['git', 'config', '--global', '--add', 'safe.directory', safedir_path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
338	            output, _ = process.communicate()
339	
340	            process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 337
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
333	        # fix and try again
334	        safedir_path = path.replace('\\', '/')
335	        try:
336	            print(f"[ComfyUI-Manager] Try fixing 'dubious repository' error on '{safedir_path}' repo")
337	            process = subprocess.Popen(['git', 'config', '--global', '--add', 'safe.directory', safedir_path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
338	            output, _ = process.communicate()
339	
340	            process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 340
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
336	            print(f"[ComfyUI-Manager] Try fixing 'dubious repository' error on '{safedir_path}' repo")
337	            process = subprocess.Popen(['git', 'config', '--global', '--add', 'safe.directory', safedir_path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
338	            output, _ = process.communicate()
339	
340	            process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
341	            output, _ = process.communicate()
342	            output = output.decode('utf-8').strip()
343	        except Exception:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 380
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
376	
377	
378	def __win_check_git_pull(path):
379	    command = [sys.executable, git_script_path, "--pull", path]
380	    process = subprocess.Popen(command, cwd=custom_nodes_path)
381	    process.wait()
382	
383	
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 856
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
852	    except Exception as e:
853	        if 'detected dubious' in str(e):
854	            print(f"[ComfyUI-Manager] Try fixing 'dubious repository' error on 'ComfyUI' repository")
855	            safedir_path = comfy_path.replace('\\', '/')
856	            subprocess.run(['git', 'config', '--global', '--add', 'safe.directory', safedir_path])
857	            try:
858	                remote.fetch()
859	            except Exception:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 856
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
852	    except Exception as e:
853	        if 'detected dubious' in str(e):
854	            print(f"[ComfyUI-Manager] Try fixing 'dubious repository' error on 'ComfyUI' repository")
855	            safedir_path = comfy_path.replace('\\', '/')
856	            subprocess.run(['git', 'config', '--global', '--add', 'safe.directory', safedir_path])
857	            try:
858	                remote.fetch()
859	            except Exception:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_core.py
Line number: 961
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
957	
958	
959	def get_installed_pip_packages():
960	    # extract pip package infos
961	    pips = subprocess.check_output([sys.executable, '-m', 'pip', 'freeze'], text=True).split('\n')
962	
963	    res = {}
964	    for x in pips:
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 6
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
2	import traceback
3	
4	import folder_paths
5	import locale
6	import subprocess  # don't remove this
7	import concurrent
8	import nodes
9	import hashlib
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 91
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
87	        if len(cmd) > 0 and cmd[0].startswith("#"):
88	            print(f"[ComfyUI-Manager] Unexpected behavior: `{cmd}`")
89	            return 0
90	
91	        process = subprocess.Popen(cmd, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)
92	
93	        stdout_thread = threading.Thread(target=handle_stream, args=(process.stdout, ""))
94	        stderr_thread = threading.Thread(target=handle_stream, args=(process.stderr, "[!]"))
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 173
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
169	
170	        try:
171	            if core.comfy_ui_commit_datetime.date() < core.comfy_ui_required_commit_datetime.date():
172	                print(f"\n\n## [WARN] ComfyUI-Manager: Your ComfyUI version ({core.comfy_ui_revision})[{core.comfy_ui_commit_datetime.date()}] is too old. Please update to the latest version. ##\n\n")
173	        except:
174	            pass
175	
176	        # process on_revision_detected -->
177	        if 'cm.on_revision_detected_handler' in cm_global.variables:
blacklist: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Test ID: B310
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-22
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 657
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b310-urllib-urlopen
653	            headers = {
654	                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'}
655	
656	            req = urllib.request.Request(url, headers=headers)
657	            response = urllib.request.urlopen(req)
658	            data = response.read()
659	
660	            with open(temp_filename, 'wb') as f:
blacklist: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Test ID: B310
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-22
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 681
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b310-urllib-urlopen
677	        headers = {
678	            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'}
679	
680	        req = urllib.request.Request(url, headers=headers)
681	        response = urllib.request.urlopen(req)
682	        data = response.read()
683	
684	        if not os.path.exists(os.path.dirname(save_path)):
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1144
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
1140	
1141	                    try:
1142	                        if core.comfy_ui_required_commit_datetime.date() > core.comfy_ui_commit_datetime.date():
1143	                            markdown_content = f'<P style="text-align: center; color:red; background-color:white; font-weight:bold">Your ComfyUI is too OUTDATED!!!</P>' + markdown_content
1144	                    except:
1145	                        pass
1146	
1147	                    return web.Response(text=markdown_content, status=200)
1148	                else:
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1162
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
1158	        return web.Response(status=403)
1159	
1160	    try:
1161	        sys.stdout.close_log()
1162	    except Exception as e:
1163	        pass
1164	
1165	    if '__COMFY_CLI_SESSION__' in os.environ:
1166	        with open(os.path.join(os.environ['__COMFY_CLI_SESSION__'] + '.reboot'), 'w') as file:
start_process_with_no_shell: Starting a process without a shell.
Test ID: B606
Severity: LOW
Confidence: MEDIUM
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1174
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b606_start_process_with_no_shell.html
1170	        exit(0)
1171	
1172	    print(f"\nRestarting... [Legacy Mode]\n\n")
1173	    if sys.platform.startswith('win32'):
1174	        return os.execv(sys.executable, ['"' + sys.executable + '"', '"' + sys.argv[0] + '"'] + sys.argv[1:])
1175	    else:
1176	        return os.execv(sys.executable, [sys.executable] + sys.argv)
1177	
start_process_with_no_shell: Starting a process without a shell.
Test ID: B606
Severity: LOW
Confidence: MEDIUM
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1176
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b606_start_process_with_no_shell.html
1172	    print(f"\nRestarting... [Legacy Mode]\n\n")
1173	    if sys.platform.startswith('win32'):
1174	        return os.execv(sys.executable, ['"' + sys.executable + '"', '"' + sys.argv[0] + '"'] + sys.argv[1:])
1175	    else:
1176	        return os.execv(sys.executable, [sys.executable] + sys.argv)
1177	
1178	
1179	def sanitize_filename(input_string):
assert_used: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Test ID: B101
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1473
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b101_assert_used.html
1469	    except:
1470	        # for now, pick the first output
1471	        output_to_share = potential_outputs[0]
1472	
1473	    assert output_to_share['type'] in ('image', 'output')
1474	    output_dir = folder_paths.get_output_directory()
1475	
1476	    if output_to_share['type'] == 'image':
assert_used: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Test ID: B101
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1510
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b101_assert_used.html
1506	                        "workflowJsonFileName": 'workflow.json',
1507	                        "workflowJsonFileType": 'application/json',
1508	                    },
1509	            ) as resp:
1510	                assert resp.status == 200
1511	                presigned_urls_json = await resp.json()
1512	                assetFilePresignedUrl = presigned_urls_json["assetFilePresignedUrl"]
1513	                assetFileKey = presigned_urls_json["assetFileKey"]
assert_used: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Test ID: B101
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1520
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b101_assert_used.html
1516	
1517	        # upload asset
1518	        async with aiohttp.ClientSession(trust_env=True, connector=aiohttp.TCPConnector(verify_ssl=False)) as session:
1519	            async with session.put(assetFilePresignedUrl, data=open(asset_filepath, "rb")) as resp:
1520	                assert resp.status == 200
1521	
1522	        # upload workflow json
1523	        async with aiohttp.ClientSession(trust_env=True, connector=aiohttp.TCPConnector(verify_ssl=False)) as session:
assert_used: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Test ID: B101
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1525
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b101_assert_used.html
1521	
1522	        # upload workflow json
1523	        async with aiohttp.ClientSession(trust_env=True, connector=aiohttp.TCPConnector(verify_ssl=False)) as session:
1524	            async with session.put(workflowJsonFilePresignedUrl, data=json.dumps(prompt['workflow']).encode('utf-8')) as resp:
1525	                assert resp.status == 200
1526	
1527	        model_filenames = extract_model_file_names(prompt['workflow'])
1528	        model_file_paths = find_file_paths(folder_paths.base_path, model_filenames)
assert_used: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Test ID: B101
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/glob/manager_server.py
Line number: 1560
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b101_assert_used.html
1556	            async with session.post(
1557	                    f"{share_endpoint}/upload_workflow",
1558	                    data=form,
1559	            ) as resp:
1560	                assert resp.status == 200
1561	                upload_workflow_json = await resp.json()
1562	                workflowId = upload_workflow_json["workflowId"]
1563	
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 3
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import datetime
2	import os
3	import subprocess
4	import sys
5	import atexit
6	import threading
7	import re
8	import locale
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 54
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
50	        default_conf = config['default']
51	
52	        if 'file_logging' in default_conf and default_conf['file_logging'].lower() == 'false':
53	            enable_file_logging = False
54	    except Exception:
55	        pass
56	
57	
58	check_file_logging()
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 108
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
104	    def write_stderr(self, msg):
105	        for v in self.hooks.values():
106	            try:
107	                v.write_stderr(msg)
108	            except Exception:
109	                pass
110	
111	    def write_stdout(self, msg):
112	        for v in self.hooks.values():
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 115
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
111	    def write_stdout(self, msg):
112	        for v in self.hooks.values():
113	            try:
114	                v.write_stdout(msg)
115	            except Exception:
116	                pass
117	
118	
119	terminal_hook = TerminalHook()
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 139
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
135	                print(prefix, msg, end="")
136	
137	
138	def process_wrap(cmd_str, cwd_path, handler=None):
139	    process = subprocess.Popen(cmd_str, cwd=cwd_path, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)
140	
141	    if handler is None:
142	        handler = handle_stream
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 311
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
307	    requirements_path = os.path.join(my_path, "requirements.txt")
308	
309	    print(f"## ComfyUI-Manager: installing dependencies. (GitPython)")
310	    try:
311	        result = subprocess.check_output([sys.executable, '-s', '-m', 'pip', 'install', '-r', requirements_path])
312	    except subprocess.CalledProcessError as e:
313	        print(f"## [ERROR] ComfyUI-Manager: Attempting to reinstall dependencies using an alternative method.")
314	        try:
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 315
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
311	        result = subprocess.check_output([sys.executable, '-s', '-m', 'pip', 'install', '-r', requirements_path])
312	    except subprocess.CalledProcessError as e:
313	        print(f"## [ERROR] ComfyUI-Manager: Attempting to reinstall dependencies using an alternative method.")
314	        try:
315	            result = subprocess.check_output([sys.executable, '-s', '-m', 'pip', 'install', '--user', '-r', requirements_path])
316	        except subprocess.CalledProcessError as e:
317	            print(f"## [ERROR] ComfyUI-Manager: Failed to install the GitPython package in the correct Python environment. Please install it manually in the appropriate environment. (You can seek help at https://app.element.io/#/room/%23comfyui_space%3Amatrix.org)")
318	
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 351
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
347	            items = default_conf['downgrade_blacklist'].split(',')
348	            items = [x.strip() for x in items if x != '']
349	            cm_global.pip_downgrade_blacklist += items
350	            cm_global.pip_downgrade_blacklist = list(set(cm_global.pip_downgrade_blacklist))
351	    except:
352	        pass
353	
354	
355	read_downgrade_blacklist()
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 370
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
366	
367	        if 'bypass_ssl' in default_conf and default_conf['bypass_ssl'].lower() == 'true':
368	            print(f"[ComfyUI-Manager] WARN: Unsafe - SSL verification bypass option is Enabled. (see ComfyUI-Manager/config.ini)")
369	            ssl._create_default_https_context = ssl._create_unverified_context  # SSL certificate error fix.
370	    except Exception:
371	        pass
372	
373	
374	check_bypass_ssl()
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 388
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
384	    global pip_map
385	
386	    if pip_map is None:
387	        try:
388	            result = subprocess.check_output([sys.executable, '-m', 'pip', 'list'], universal_newlines=True)
389	
390	            pip_map = {}
391	            for line in result.split('\n'):
blacklist: Use of possibly insecure function - consider using safer ast.literal_eval.
Test ID: B307
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 544
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b307-eval
540	
541	            executed.add(line)
542	
543	            try:
544	                script = eval(line)
545	
546	                if script[1].startswith('#') and script[1] != '#FORCE':
547	                    if script[1] == "#LAZY-INSTALL-SCRIPT":
try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
CWE: CWE-703
File: /custom_nodes/ComfyUI-Manager/prestartup_script.py
Line number: 597
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html
593	                asyncio.set_event_loop_policy(asyncio.windows_events.WindowsSelectorEventLoopPolicy())
594	                print(f"[ComfyUI-Manager] Windows event loop policy mode enabled")
595	            except Exception as e:
596	                print(f"[ComfyUI-Manager] WARN: Windows initialization fail: {e}")
597	    except Exception:
598	        pass
599	
600	
601	if platform.system() == 'Windows':
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/scripts/colab-dependencies.py
Line number: 2
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	import os
2	import subprocess
3	
4	
5	def get_enabled_subdirectories_with_files(base_directory):
6	    subdirs_with_files = []
7	    for subdir in os.listdir(base_directory):
8	        try:
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/scripts/colab-dependencies.py
Line number: 25
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
21	
22	
23	def install_requirements(requirements_file_path):
24	    if os.path.exists(requirements_file_path):
25	        subprocess.run(["pip", "install", "-r", requirements_file_path])
26	
27	
28	def run_install_script(install_script_path):
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/scripts/colab-dependencies.py
Line number: 25
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
21	
22	
23	def install_requirements(requirements_file_path):
24	    if os.path.exists(requirements_file_path):
25	        subprocess.run(["pip", "install", "-r", requirements_file_path])
26	
27	
28	def run_install_script(install_script_path):
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/scripts/colab-dependencies.py
Line number: 30
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
26	
27	
28	def run_install_script(install_script_path):
29	    if os.path.exists(install_script_path):
30	        subprocess.run(["python", install_script_path])
31	
32	
33	custom_nodes_directory = "custom_nodes"
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI-Manager/scripts/colab-dependencies.py
Line number: 30
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
26	
27	
28	def run_install_script(install_script_path):
29	    if os.path.exists(install_script_path):
30	        subprocess.run(["python", install_script_path])
31	
32	
33	custom_nodes_directory = "custom_nodes"