Bandit Report

request_without_timeout: Requests call without timeout
Test ID: B113
Severity: MEDIUM
Confidence: LOW
CWE: CWE-400
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/DeepTranslatorNode/deep_translator_node.py
Line number: 148
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b113_request_without_timeout.html

144	# Support languages - detectlanguage
145	try:
146	    if not os.path.exists(detect_languages_list):
147	        log("File detect_languages_list.json file not found! Get List from site!")
148	        DETECT_LANGS_SUPPORT = requests.get(
149	            "https://ws.detectlanguage.com/0.2/languages"
150	        ).json()
151	        with open(detect_languages_list, "w") as f:
152	            json.dump(DETECT_LANGS_SUPPORT, f)
153	            log("Loading detect languages list support from site complete and save!")

hardcoded_password_funcarg: Possible hardcoded password: 'secret_key'
Test ID: B106
Severity: LOW
Confidence: MEDIUM
CWE: CWE-259
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/DeepTranslatorNode/deep_translator_node.py
Line number: 209
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b106_hardcoded_password_funcarg.html

205	                appid="appid", appkey="appkey"
206	            ).get_supported_languages(as_dict=True)
207	
208	        if service == "PapagoTranslator":
209	            langs_support = PapagoTranslator(
210	                client_id="client_id", secret_key="secret_key"
211	            ).get_supported_languages(as_dict=True)
212	
213	        if service in (
214	            "DeeplTranslator",

request_without_timeout: Requests call without timeout
Test ID: B113
Severity: MEDIUM
Confidence: LOW
CWE: CWE-400
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/GoogleTranslateNode/google_translate_node.py
Line number: 42
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b113_request_without_timeout.html

38	        url = f"https://translation.googleapis.com/language/translate/v2?key={google_translation_key}"
39	
40	        data = {"q": text, "target": dest}
41	
42	        resp = requests.post(url, data=data)
43	        resp_data = json.loads(resp.text)
44	
45	        if "translations" in resp_data.get("data", {}):

exec_used: Use of exec detected.
Test ID: B102
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/IDENode/ide_node.py
Line number: 119
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b102_exec_used.html

115	            pycode_ += pycode
116	
117	            my_namespace = types.SimpleNamespace()
118	            try:
119	                exec(pycode_, my_namespace.__dict__)
120	            except Exception as e:
121	                my_namespace.result = f"Error in python code: {e}"
122

blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/__init__.py
Line number: 6
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess

2	# Author: AlekPet
3	# Version: 2024.06.27
4	import os
5	import importlib.util
6	import subprocess
7	import sys
8	import shutil
9	import __main__

subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/ComfyUI_Custom_Nodes_AlekPet/__init__.py
Line number: 52
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html

48	            print(info, end="")
49	
50	
51	def module_install(commands, cwd="."):
52	    result = subprocess.Popen(
53	        commands,
54	        cwd=cwd,
55	        stdout=subprocess.PIPE,
56	        stderr=subprocess.PIPE,
57	        text=True,
58	        bufsize=1,
59	    )
60	    out = threading.Thread(target=information, args=(result.stdout,))
61	    err = threading.Thread(target=information, args=(result.stderr,))
62	    out.start()