From 9835f57e9c8a6e6551dd28c1d501a21ce0fdbcf5 Mon Sep 17 00:00:00 2001
From: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com>
Date: Thu, 30 Apr 2026 00:58:03 +0530
Subject: [PATCH] Potential fix for pull request finding 'CodeQL / Incomplete
 URL substring sanitization'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 optional-skills/creative/comfyui/scripts/check_deps.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/optional-skills/creative/comfyui/scripts/check_deps.py b/optional-skills/creative/comfyui/scripts/check_deps.py
index 600af00c64..cc67de1910 100644
--- a/optional-skills/creative/comfyui/scripts/check_deps.py
+++ b/optional-skills/creative/comfyui/scripts/check_deps.py
@@ -26,7 +26,7 @@ import json
 import sys
 import argparse
 from pathlib import Path
-from urllib.parse import urljoin
+from urllib.parse import urljoin, urlparse
 
 try:
     import requests
@@ -86,7 +86,10 @@ def check_deps(workflow_path: str, host: str = "http://127.0.0.1:8188", api_key:
     if api_key:
         headers["X-API-Key"] = api_key
 
-    is_cloud = "cloud.comfy.org" in host or api_key is not None
+    parsed_host = urlparse(host)
+    hostname = (parsed_host.hostname or "").lower()
+    is_cloud_host = hostname == "cloud.comfy.org" or hostname.endswith(".cloud.comfy.org")
+    is_cloud = is_cloud_host or api_key is not None
     base = host.rstrip("/")
 
     # Get installed node types