fix: P1 quick-win findings from comprehensive review#28
fix: P1 quick-win findings from comprehensive review#28hybridindie merged 3 commits intofix/critical-security-findingsfrom
Conversation
fix: address all critical (P0) security findings
There was a problem hiding this comment.
Pull request overview
This PR addresses a set of P1 “quick-win” items from a comprehensive review, spanning Model Manager availability caching, path-injection test coverage, integration-test correctness, CI gating for Docker publishes, Docker compose volume paths for a non-root container, and targeted security/ops documentation updates.
Changes:
- Add an expiring negative cache (5 min TTL) for ComfyUI-Model-Manager detection and cover it with a regression test.
- Add new path-injection prevention tests and refactor integration tests to use
register_*_tools()return dicts rather than private SDK internals. - Gate Docker image publishing on a new CI test job; update Docker compose mounts for the non-root runtime; expand README security/ops guidance and remove a duplicate threat-model row.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/comfyui_mcp/model_manager.py |
Adds negative-cache TTL logic for Model Manager detection so late-starting plugins can be detected without restart. |
tests/test_model_manager.py |
Adds a regression test verifying negative cache expiry and re-probing behavior. |
tests/test_client.py |
Adds tests validating prompt_id/path-segment validation and HTTP method allowlisting. |
tests/test_integration.py |
Refactors integration tests to call functions returned by register_*_tools() instead of private _tool_manager._tools. |
docker-compose.yml |
Updates bind/volume mount locations to /home/app/... to align with non-root container usage. |
README.md |
Adds SSE unauthenticated exposure warning, audit vs enforce guidance, log rotation example, and removes a duplicated threat-model row. |
.github/workflows/docker.yml |
Adds a test job (lint/typecheck/pytest) and makes the Docker publish job depend on it. |
You can also share your feedback on Copilot code review. Take the survey.
| - ./config.yaml:/home/app/.comfyui-mcp/config.yaml:ro | ||
| - comfyui-mcp-data:/home/app/.comfyui-mcp/logs |
There was a problem hiding this comment.
The docker-compose volume mounts were switched to /home/app/.comfyui-mcp/..., but the image’s app user currently appears to be created without a home directory (see Dockerfile useradd --system), so Path.home()/~ may resolve to /nonexistent and /home/app may not exist or be writable. This can cause the server to ignore the mounted config.yaml and/or fail to write logs. Consider either creating /home/app for the app user in the image (and setting HOME), or update the compose mounts to match the actual runtime home/config paths used by the container.
| - ./config.yaml:/home/app/.comfyui-mcp/config.yaml:ro | |
| - comfyui-mcp-data:/home/app/.comfyui-mcp/logs | |
| - ./config.yaml:/nonexistent/.comfyui-mcp/config.yaml:ro | |
| - comfyui-mcp-data:/nonexistent/.comfyui-mcp/logs |
tests/test_client.py
Outdated
| async def test_prompt_id_valid_uuid_accepted(self, client): | ||
| # Should not raise ValueError (will fail on HTTP, but that's fine) | ||
| with pytest.raises(httpx.ConnectError): | ||
| await client.get_history_item("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee") |
There was a problem hiding this comment.
test_prompt_id_valid_uuid_accepted makes a real HTTP call (no respx.mock) and asserts on httpx.ConnectError. Because the client retries with backoff, this can be slow and potentially flaky depending on DNS/network behavior in CI. Prefer mocking the /history/{prompt_id} route with respx (and asserting the request was made) so the test stays deterministic while still verifying that UUID-shaped prompt_ids are accepted by the validator.
| async def test_prompt_id_valid_uuid_accepted(self, client): | |
| # Should not raise ValueError (will fail on HTTP, but that's fine) | |
| with pytest.raises(httpx.ConnectError): | |
| await client.get_history_item("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee") | |
| @respx.mock | |
| async def test_prompt_id_valid_uuid_accepted(self, client): | |
| # Valid UUID-shaped prompt_id should be accepted by the validator | |
| route = respx.get( | |
| "http://test-comfyui:8188/history/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" | |
| ).mock( | |
| return_value=httpx.Response( | |
| 200, | |
| json={"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee": {"outputs": {}}}, | |
| ) | |
| ) | |
| result = await client.get_history_item("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee") | |
| assert "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" in result | |
| assert route.call_count == 1 |
tests/test_model_manager.py
Outdated
| await detector.validate_folder("invalid_folder") | ||
|
|
||
| @respx.mock | ||
| async def test_negative_cache_expires(self, client, monkeypatch): |
There was a problem hiding this comment.
The monkeypatch fixture is included in this test signature but never used. Please remove it to keep the test minimal and avoid suggesting that time or environment is being patched when it isn’t.
| async def test_negative_cache_expires(self, client, monkeypatch): | |
| async def test_negative_cache_expires(self, client): |
- Add negative TTL (5 min) to ModelManagerDetector so a late-starting Model Manager is detected without requiring server restart (#13) - Add path injection prevention tests for prompt_id, node_class, task_id, and HTTP method validation (#19) - Rewrite integration tests to use register_*_tools() return dicts instead of accessing private _tool_manager._tools SDK attrs (#20) - Gate Docker image push on test/lint job success via needs: (#22) - Fix docker-compose volume paths for non-root container user (#23) - Document SSE transport security risks with warning callout (#24) - Add audit vs enforce mode operational guidance table (#25) - Add audit log rotation docs with logrotate example (#26) - Remove duplicate row in threat model table (#52) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dockerfile: use --create-home so /home/app exists for config/log mounts - test_client: mock valid UUID test with respx instead of real HTTP call - test_model_manager: remove unused monkeypatch parameter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
hybridindie
force-pushed
the
fix/p1-quick-wins
branch
from
e6b5d08 to
4c6a2c9
Compare
Summary
Addresses 9 high-priority quick-win findings from the comprehensive code review (P1 items that are small effort):
register_*_tools()return dicts instead of private_tool_manager._toolsSDK attributes (CLAUDE.md rule 12)testjob with lint+type-check+pytest thatdockerjobneeds:before pushingdocker-compose.ymlmounts from/root/to/home/app/to match non-root container userBased on: PR #27 (P0 critical security fixes)
Test plan
ruff checkcleanruff format --checkcleanmypyclean🤖 Generated with Claude Code