fix: address all critical (P0) security findings#27
Conversation
…eview - Replace getattr dynamic dispatch in client._request with httpx c.request() and _ALLOWED_HTTP_METHODS guard to prevent method injection - Add _validate_prompt_id (UUID regex) and _validate_path_segment validation for all URL-interpolated parameters to block path traversal - Remove input mutation in validate_workflow that could mask injection patterns before the workflow inspector runs - Add SSE host field_validator that warns when binding to non-localhost - Run Docker container as non-root user (groupadd/useradd + USER app) - Pin all GitHub Actions to full commit SHAs in ci.yml and docker.yml - Update all test fixtures to use valid UUID prompt_ids Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Security hardening PR that addresses P0 findings: hardens HTTP dispatch in the client, adds URL path traversal prevention via input validation, removes an input mutation bug in workflow validation, warns on non-localhost SSE binding, and improves Docker/CI security posture.
Changes:
- Replaced dynamic
getattrHTTP dispatch withc.request()guarded by an allowlist, and added UUID/path-segment validation for URL-interpolated parameters - Removed
node_data["inputs"] = {}mutation invalidate_workflowand added SSE host warning validator - Pinned GitHub Actions to commit SHAs and switched Docker container to non-root user
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/comfyui_mcp/client.py | Added HTTP method allowlist, UUID validation, and path segment validation for URL parameters |
| src/comfyui_mcp/workflow/validation.py | Removed input mutation that could mask injection patterns |
| src/comfyui_mcp/config.py | Added field_validator warning for non-localhost SSE binding |
| Dockerfile | Added non-root app user |
| .github/workflows/ci.yml | Pinned actions to commit SHAs |
| .github/workflows/docker.yml | Pinned actions to commit SHAs |
| tests/* | Updated test prompt IDs to valid UUID format matching new validation |
You can also share your feedback on Copilot code review. Take the survey.
Dockerfile
Outdated
| RUN groupadd --system app && useradd --system --gid app app | ||
| USER app |
There was a problem hiding this comment.
The groupadd/useradd commands should be run before COPY and RUN uv sync so that the user creation layer is cached independently of source changes. Also, since files were copied as root, the app user may not have read access to /app. Consider adding --chown=app:app to the COPY directives or running chown before switching to USER app.
Address PR review feedback: create the app user early for better layer caching and use --chown=app:app on COPY directives so the non-root user can read the application files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
_requesthardening: Replacedgetattr(c, method)dynamic dispatch withc.request(normalized, path)using httpx's official API, guarded by_ALLOWED_HTTP_METHODSfrozenset_validate_prompt_id()(UUID regex) and_validate_path_segment()for all URL-interpolated parameters (prompt_id,node_class,task_id)node_data["inputs"] = {}invalidate_workflowthat was mutating the caller's dict and could mask injection patterns before the workflow inspector runsfield_validatoronSSESettings.hostthat logs a warning when SSE is bound to non-localhost (no auth mechanism exists)appuser instead of rootci.ymlanddocker.ymlpinned to full commit SHAsTest plan
ruff checkcleanruff format --checkcleanmypyclean🤖 Generated with Claude Code