Metrics:
Total lines of code: 1782
Total lines skipped (#nosec): 0

blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__build__.py
Line number: 3
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
1	#!/usr/bin/env python3
2	
3	import subprocess
4	import os
5	from shutil import rmtree, copytree, ignore_patterns
6	from glob import glob
7	import time
8	import re
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__build__.py
Line number: 47
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
43	copytree(DIR_SRC_WEB, DIR_WEB, ignore=ignore_patterns("typings*", "*.ts", "*.scss"))
44	log_step(status="Done")
45	
46	log_step(msg='TypeScript')
47	checked = subprocess.run(["node", "./node_modules/typescript/bin/tsc"], check=True)
48	log_step(status="Done")
49	
50	scsss = glob(os.path.join(DIR_SRC_WEB, "**", "*.scss"), recursive=True)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__build__.py
Line number: 47
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
43	copytree(DIR_SRC_WEB, DIR_WEB, ignore=ignore_patterns("typings*", "*.ts", "*.scss"))
44	log_step(status="Done")
45	
46	log_step(msg='TypeScript')
47	checked = subprocess.run(["node", "./node_modules/typescript/bin/tsc"], check=True)
48	log_step(status="Done")
49	
50	scsss = glob(os.path.join(DIR_SRC_WEB, "**", "*.scss"), recursive=True)
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__build__.py
Line number: 58
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
54	for scss in scsss:
55	  out = scss.replace('src_web', 'web').replace('.scss', '.css')
56	  cmds.append(f'{scss}:{out}')
57	cmds.append('--no-source-map')
58	checked = subprocess.run(cmds, check=True)
59	log_step(status="Done")
60	
61	# Handle the common directories. Because ComfyUI loads under /extensions/rgthree-comfy we can't
blacklist: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Test ID: B311
Severity: LOW
Confidence: HIGH
CWE: CWE-330
File: /custom_nodes/rgthree-comfy/__init__.py
Line number: 97
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random
93	    nodes.append('display_int')
94	
95	print()
96	adjs = ['exciting', 'extraordinary', 'epic', 'fantastic', 'magnificent']
97	log(f'Loaded {len(nodes)} {random.choice(adjs)} nodes.', color='BRIGHT_GREEN')
98	
99	# Alright, I don't like doing this, but until https://github.com/comfyanonymous/ComfyUI/issues/1502
100	# and/or https://github.com/comfyanonymous/ComfyUI/pull/1503 is pulled into ComfyUI, we need a way
blacklist: Consider possible security implications associated with the subprocess module.
Test ID: B404
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__update_comfy__.py
Line number: 7
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess
3	# A nicer output for git pulling custom nodes (and ComfyUI).
4	# Quick shell version: ls | xargs -I % sh -c 'echo; echo %; git -C % pull'
5	
6	import os
7	from subprocess import Popen, PIPE, STDOUT
8	
9	
10	def pull_path(path):
start_process_with_partial_path: Starting a process with a partial executable path
Test ID: B607
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__update_comfy__.py
Line number: 11
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html
7	from subprocess import Popen, PIPE, STDOUT
8	
9	
10	def pull_path(path):
11	  p = Popen(["git", "-C", path, "pull"], stdout=PIPE, stderr=STDOUT)
12	  output, error = p.communicate()
13	  return output.decode()
14
subprocess_without_shell_equals_true: subprocess call - check for execution of untrusted input.
Test ID: B603
Severity: LOW
Confidence: HIGH
CWE: CWE-78
File: /custom_nodes/rgthree-comfy/__update_comfy__.py
Line number: 11
More info: https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html
7	from subprocess import Popen, PIPE, STDOUT
8	
9	
10	def pull_path(path):
11	  p = Popen(["git", "-C", path, "pull"], stdout=PIPE, stderr=STDOUT)
12	  output, error = p.communicate()
13	  return output.decode()
14
blacklist: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Test ID: B311
Severity: LOW
Confidence: HIGH
CWE: CWE-330
File: /custom_nodes/rgthree-comfy/py/seed.py
Line number: 21
More info: https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random
17	  """ Gets a new random seed from the rgthree_seed_random_state and resetting the previous state."""
18	  global rgthree_seed_random_state
19	  prev_random_state = random.getstate()
20	  random.setstate(rgthree_seed_random_state)
21	  seed = random.randint(1, 1125899906842624)
22	  rgthree_seed_random_state = random.getstate()
23	  random.setstate(prev_random_state)
24	  return seed