`ultralytics 8.0.33` security updates and fixes (#896)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Mert Can Demir <validatedev@gmail.com>
2 years ago · 254adfa652
parent a5a3ce88b3
commit 254adfa652
24 changed files with 87 additions and 61 deletions
--- a/docker/Dockerfile-arm64
+++ b/docker/Dockerfile-arm64
@ -3,7 +3,7 @@
 # Image is aarch64-compatible for Apple M1 and other ARM architectures i.e. Jetson Nano and Raspberry Pi

 # Start FROM Ubuntu image https://hub.docker.com/_/ubuntu
-FROM arm64v8/ubuntu:20.04
+FROM arm64v8/ubuntu:rolling

 # Downloads to user config dir
 ADD https://ultralytics.com/assets/Arial.ttf https://ultralytics.com/assets/Arial.Unicode.ttf /root/.config/Ultralytics/
--- a/docker/Dockerfile-cpu
+++ b/docker/Dockerfile-cpu
@ -3,7 +3,7 @@
 # Image is CPU-optimized for ONNX, OpenVINO and PyTorch YOLOv8 deployments

 # Start FROM Ubuntu image https://hub.docker.com/_/ubuntu
-FROM ubuntu:20.04
+FROM ubuntu:rolling

 # Downloads to user config dir
 ADD https://ultralytics.com/assets/Arial.ttf https://ultralytics.com/assets/Arial.Unicode.ttf /root/.config/Ultralytics/
--- a/docs/app.md
+++ b/docs/app.md
@ -1,10 +1,38 @@
 # Ultralytics HUB App for YOLOv8

+<a href="https://bit.ly/ultralytics_hub" target="_blank">
+<img width="100%" src="https://github.com/ultralytics/assets/raw/main/im/ultralytics-hub.png"></a>
+<br>
+<br>
 <div align="center">
-  <a href="https://ultralytics.com/app_install" target="_blank">
-    <img width="1024" src="https://github.com/ultralytics/assets/raw/main/im/ultralytics-app.png"></a>
+  <a href="https://github.com/ultralytics" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-github.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://www.linkedin.com/company/ultralytics" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-linkedin.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://twitter.com/ultralytics" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-twitter.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://www.producthunt.com/@glenn_jocher" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-producthunt.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://youtube.com/ultralytics" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-youtube.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://www.facebook.com/ultralytics" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-facebook.png" width="2%" alt="" /></a>
+  <img src="https://github.com/ultralytics/assets/raw/main/social/logo-transparent.png" width="2%" alt="" />
+  <a href="https://www.instagram.com/ultralytics/" style="text-decoration:none;">
+    <img src="https://github.com/ultralytics/assets/raw/main/social/logo-social-instagram.png" width="2%" alt="" /></a>
  <br>
+  <br>
+  <a href="https://github.com/ultralytics/hub/actions/workflows/ci.yaml">
+    <img src="https://github.com/ultralytics/hub/actions/workflows/ci.yaml/badge.svg" alt="CI CPU"></a>
+  <a href="https://colab.research.google.com/github/ultralytics/hub/blob/master/hub.ipynb">
+    <img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"></a> 
 </div>
+<br>

 Welcome to the Ultralytics HUB app for demonstrating YOLOv5 and YOLOv8 models! In this app, available on the [Apple App
 Store](https://apps.apple.com/xk/app/ultralytics/id1583935240) and the 
--- a/docs/cfg.md
+++ b/docs/cfg.md
@ -155,7 +155,7 @@ is important to carefully tune and experiment with these settings to ensure that
 validation dataset and to detect and prevent overfitting.

 | Key         | Value | Description                                                        |
-|-------------|-------|-----------------------------------------------------------------|
+|-------------|-------|--------------------------------------------------------------------|
 | save_json   | False | save results to JSON file                                          |
 | save_hybrid | False | save hybrid version of labels (labels + additional predictions)    |
 | conf        | 0.001 | object confidence threshold for detection                          |
@ -166,6 +166,7 @@ validation dataset and to detect and prevent overfitting.
 | dnn         | False | use OpenCV DNN for ONNX inference                                  |
 | plots       | False | show plots during training                                         |
 | rect        | False | support rectangular evaluation                                     |
+| split       | val   | dataset split to use for validation, i.e. 'val', 'test' or 'train' |

 ### Export

--- a/ultralytics/init.py
+++ b/ultralytics/init.py
@ -1,9 +1,8 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license

-__version__ = "8.0.32"
+__version__ = "8.0.33"

 from ultralytics.yolo.engine.model import YOLO
-from ultralytics.yolo.utils import ops
 from ultralytics.yolo.utils.checks import check_yolo as checks

 __all__ = ["__version__", "YOLO", "hub", "checks"]  # allow simpler import
--- a/ultralytics/yolo/cfg/init.py
+++ b/ultralytics/yolo/cfg/init.py
@ -202,6 +202,7 @@ def entrypoint(debug=''):
        LOGGER.info(CLI_HELP_MSG)
        return

+    # Add tasks, modes, special, and special with dash keys, i.e. -help, --help
    tasks = 'detect', 'segment', 'classify'
    modes = 'train', 'val', 'predict', 'export'
    special = {
@ -211,6 +212,7 @@ def entrypoint(debug=''):
        'settings': lambda: yaml_print(USER_CONFIG_DIR / 'settings.yaml'),
        'cfg': lambda: yaml_print(DEFAULT_CFG_PATH),
        'copy-cfg': copy_default_cfg}
+    special = {**special, **{f'-{k}': v for k, v in special.items()}, **{f'--{k}': v for k, v in special.items()}}

    overrides = {}  # basic overrides, i.e. imgsz=320
    for a in merge_equals_args(args):  # merge spaces around '=' sign
--- a/ultralytics/yolo/cfg/default.yaml
+++ b/ultralytics/yolo/cfg/default.yaml
@ -38,6 +38,7 @@ dropout: 0.0  # use dropout regularization (classify train only)

 # Val/Test settings ----------------------------------------------------------------------------------------------------
 val: True  # validate/test during training
+split: val  # dataset split to use for validation, i.e. 'val', 'test' or 'train'
 save_json: False  # save results to JSON file
 save_hybrid: False  # save hybrid version of labels (labels + additional predictions)
 conf:  # object confidence threshold for detection (default 0.25 predict, 0.001 val)
--- a/ultralytics/yolo/data/dataloaders/v5loader.py
+++ b/ultralytics/yolo/data/dataloaders/v5loader.py
@ -27,13 +27,13 @@ from PIL import ExifTags, Image, ImageOps
 from torch.utils.data import DataLoader, Dataset, dataloader, distributed
 from tqdm import tqdm

-from ultralytics.yolo.data.utils import check_det_dataset, unzip_file
+from ultralytics.yolo.data.utils import check_det_dataset
 from ultralytics.yolo.utils import (DATASETS_DIR, LOGGER, NUM_THREADS, TQDM_BAR_FORMAT, is_colab, is_dir_writeable,
                                    is_kaggle, yaml_load)
 from ultralytics.yolo.utils.checks import check_requirements, check_yaml
+from ultralytics.yolo.utils.downloads import unzip_file
 from ultralytics.yolo.utils.ops import clean_str, segments2boxes, xyn2xy, xywh2xyxy, xywhn2xyxy, xyxy2xywhn
 from ultralytics.yolo.utils.torch_utils import torch_distributed_zero_first
-
 from .v5augmentations import (Albumentations, augment_hsv, classify_albumentations, classify_transforms, copy_paste,
                              letterbox, mixup, random_perspective)

--- a/ultralytics/yolo/data/utils.py
+++ b/ultralytics/yolo/data/utils.py
@ -11,13 +11,11 @@ from zipfile import is_zipfile

 import cv2
 import numpy as np
-import torch
 from PIL import ExifTags, Image, ImageOps

 from ultralytics.yolo.utils import DATASETS_DIR, LOGGER, ROOT, colorstr, emojis, yaml_load
 from ultralytics.yolo.utils.checks import check_file, check_font, is_ascii
 from ultralytics.yolo.utils.downloads import download, safe_download
-from ultralytics.yolo.utils.files import unzip_file
 from ultralytics.yolo.utils.ops import segments2boxes

 HELP_URL = "See https://github.com/ultralytics/yolov5/wiki/Train-Custom-Data"
--- a/ultralytics/yolo/engine/exporter.py
+++ b/ultralytics/yolo/engine/exporter.py
@ -67,7 +67,7 @@ import torch
 import ultralytics
 from ultralytics.nn.autobackend import check_class_names
 from ultralytics.nn.modules import Detect, Segment
-from ultralytics.nn.tasks import ClassificationModel, DetectionModel, SegmentationModel, guess_model_task
+from ultralytics.nn.tasks import DetectionModel, SegmentationModel
 from ultralytics.yolo.cfg import get_cfg
 from ultralytics.yolo.data.dataloaders.stream_loaders import LoadImages
 from ultralytics.yolo.data.utils import check_det_dataset, IMAGENET_MEAN, IMAGENET_STD
--- a/ultralytics/yolo/engine/model.py
+++ b/ultralytics/yolo/engine/model.py
@ -33,7 +33,7 @@ class YOLO:
    A python interface which emulates a model-like behaviour by wrapping trainers.
    """

-    def __init__(self, model='yolov8n.yaml', type="v8") -> None:
+    def __init__(self, model='yolov8n.pt', type="v8") -> None:
        """
        Initializes the YOLO object.

--- a/ultralytics/yolo/engine/trainer.py
+++ b/ultralytics/yolo/engine/trainer.py
@ -5,7 +5,6 @@ Simple training loop; Boilerplate that could apply to any arbitrary neural netwo

 import os
 import subprocess
-import sys
 import time
 from collections import defaultdict
 from copy import deepcopy
@ -29,10 +28,10 @@ from ultralytics.yolo.utils import (DEFAULT_CFG, LOGGER, RANK, SETTINGS, TQDM_BA
                                    yaml_save)
 from ultralytics.yolo.utils.autobatch import check_train_batch_size
 from ultralytics.yolo.utils.checks import check_file, check_imgsz, print_args
-from ultralytics.yolo.utils.dist import ddp_cleanup, generate_ddp_file, find_free_network_port
+from ultralytics.yolo.utils.dist import ddp_cleanup, generate_ddp_command
 from ultralytics.yolo.utils.files import get_latest_run, increment_path
 from ultralytics.yolo.utils.torch_utils import (EarlyStopping, ModelEMA, de_parallel, init_seeds, one_cycle,
-                                                select_device, strip_optimizer, TORCH_1_9)
+                                                select_device, strip_optimizer)


 class BaseTrainer:
@ -175,12 +174,7 @@ class BaseTrainer:

        # Run subprocess if DDP training, else train normally
        if world_size > 1 and "LOCAL_RANK" not in os.environ:
-            # cmd, file = generate_ddp_command(world_size, self)  # security vulnerability in Snyk scans
-            file = generate_ddp_file(self) if sys.argv[0].endswith('yolo') else os.path.abspath(sys.argv[0])
-            torch_distributed_cmd = "torch.distributed.run" if TORCH_1_9 else "torch.distributed.launch"
-            cmd = [
-                sys.executable, "-m", torch_distributed_cmd, "--nproc_per_node", f"{world_size}", "--master_port",
-                f"{find_free_network_port()}", file] + sys.argv[1:]
+            cmd, file = generate_ddp_command(world_size, self)  # security vulnerability in Snyk scans
            try:
                subprocess.run(cmd, check=True)
            except Exception as e:
--- a/ultralytics/yolo/engine/validator.py
+++ b/ultralytics/yolo/engine/validator.py
@ -119,8 +119,7 @@ class BaseValidator:
                self.args.workers = 0  # faster CPU val as time dominated by inference, not dataloading
            if not pt:
                self.args.rect = False
-            self.dataloader = self.dataloader or \
-                              self.get_dataloader(self.data.get("val") or self.data.get("test"), self.args.batch)
+            self.dataloader = self.dataloader or self.get_dataloader(self.data.get(self.args.split), self.args.batch)

            model.eval()
            model.warmup(imgsz=(1 if pt else self.args.batch, 3, imgsz, imgsz))  # warmup
--- a/ultralytics/yolo/utils/init.py
+++ b/ultralytics/yolo/utils/init.py
@ -110,6 +110,15 @@ class IterableSimpleNamespace(SimpleNamespace):
    def __str__(self):
        return '\n'.join(f"{k}={v}" for k, v in vars(self).items())

+    def __getattr__(self, attr):
+        name = self.__class__.__name__
+        raise AttributeError(f"""
+            '{name}' object has no attribute '{attr}'. This may be caused by a modified or out of date ultralytics
+            'default.yaml' file.\nPlease update your code with 'pip install -U ultralytics' and if necessary replace
+            {DEFAULT_CFG_PATH} with the latest version from
+            https://github.com/ultralytics/ultralytics/blob/main/ultralytics/yolo/cfg/default.yaml
+            """)
+
    def get(self, key, default=None):
        return getattr(self, key, default)

@ -442,6 +451,19 @@ def colorstr(*input):
    return "".join(colors[x] for x in args) + f"{string}" + colors["end"]


+def remove_ansi_codes(string):
+    """
+    Remove ANSI escape sequences from a string.
+
+    Args:
+        string (str): The input string that may contain ANSI escape sequences.
+
+    Returns:
+        str: The input string with ANSI escape sequences removed.
+    """
+    return re.sub(r'\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]', '', string)
+
+
 def set_logging(name=LOGGING_NAME, verbose=True):
    # sets up logging for the given name
    rank = int(os.getenv('RANK', -1))  # rank in world for Multi-GPU trainings
--- a/ultralytics/yolo/utils/downloads.py
+++ b/ultralytics/yolo/utils/downloads.py
@ -6,7 +6,7 @@ from itertools import repeat
 from multiprocessing.pool import ThreadPool
 from pathlib import Path
 from urllib import parse, request
-from zipfile import ZipFile
+from zipfile import ZipFile, is_zipfile, BadZipFile

 import requests
 import torch
@ -33,6 +33,8 @@ def unzip_file(file, path=None, exclude=('.DS_Store', '__MACOSX')):
    Unzip a *.zip file to path/, excluding files containing strings in exclude list
    Replaces: ZipFile(file).extractall(path=path)
    """
+    if not (Path(file).exists() and is_zipfile(file)):
+        raise BadZipFile(f"File '{file}' does not exist or is a bad zip file.")
    if path is None:
        path = Path(file).parent  # default path
    with ZipFile(file) as zipObj:
--- a/ultralytics/yolo/utils/files.py
+++ b/ultralytics/yolo/utils/files.py
@ -6,7 +6,6 @@ import os
 import urllib
 from datetime import datetime
 from pathlib import Path
-from zipfile import ZipFile


 class WorkingDirectory(contextlib.ContextDecorator):
@ -57,16 +56,6 @@ def increment_path(path, exist_ok=False, sep='', mkdir=False):
    return path


-def unzip_file(file, path=None, exclude=('.DS_Store', '__MACOSX')):
-    # Unzip a *.zip file to path/, excluding files containing strings in exclude list
-    if path is None:
-        path = Path(file).parent  # default path
-    with ZipFile(file) as zipObj:
-        for f in zipObj.namelist():  # list all archived filenames in the zip
-            if all(x not in f for x in exclude):
-                zipObj.extract(f, path=path)
-
-
 def file_age(path=__file__):
    # Return days since last file update
    dt = (datetime.now() - datetime.fromtimestamp(Path(path).stat().st_mtime))  # delta
--- a/ultralytics/yolo/v8/classify/predict.py
+++ b/ultralytics/yolo/v8/classify/predict.py
@ -1,5 +1,4 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license
-import sys

 import torch

--- a/ultralytics/yolo/v8/classify/val.py
+++ b/ultralytics/yolo/v8/classify/val.py
@ -1,5 +1,4 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license
-import sys

 from ultralytics.yolo.data import build_classification_dataloader
 from ultralytics.yolo.engine.validator import BaseValidator
--- a/ultralytics/yolo/v8/detect/predict.py
+++ b/ultralytics/yolo/v8/detect/predict.py
@ -1,5 +1,4 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license
-import sys

 import torch

--- a/ultralytics/yolo/v8/detect/train.py
+++ b/ultralytics/yolo/v8/detect/train.py
@ -1,5 +1,4 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license
-import sys
 from copy import copy

 import torch
--- a/ultralytics/yolo/v8/detect/val.py
+++ b/ultralytics/yolo/v8/detect/val.py
@ -1,7 +1,6 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license

 import os
-import sys
 from pathlib import Path

 import numpy as np
@ -10,8 +9,8 @@ import torch
 from ultralytics.yolo.data import build_dataloader
 from ultralytics.yolo.data.dataloaders.v5loader import create_dataloader
 from ultralytics.yolo.engine.validator import BaseValidator
-from ultralytics.yolo.utils import DEFAULT_CFG, colorstr, ops, yaml_load
-from ultralytics.yolo.utils.checks import check_file, check_requirements
+from ultralytics.yolo.utils import DEFAULT_CFG, colorstr, ops
+from ultralytics.yolo.utils.checks import check_requirements
 from ultralytics.yolo.utils.metrics import ConfusionMatrix, DetMetrics, box_iou
 from ultralytics.yolo.utils.plotting import output_to_target, plot_images
 from ultralytics.yolo.utils.torch_utils import de_parallel
@ -42,7 +41,7 @@ class DetectionValidator(BaseValidator):

    def init_metrics(self, model):
        head = model.model[-1] if self.training else model.model.model[-1]
-        val = self.data.get('val', '')  # validation path
+        val = self.data.get(self.args.split, '')  # validation path
        self.is_coco = isinstance(val, str) and val.endswith(f'coco{os.sep}val2017.txt')  # is COCO dataset
        self.class_map = ops.coco80_to_coco91_class() if self.is_coco else list(range(1000))
        self.args.save_json |= self.is_coco and not self.training  # run on final val if training COCO
--- a/ultralytics/yolo/v8/segment/predict.py
+++ b/ultralytics/yolo/v8/segment/predict.py
@ -1,7 +1,5 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license

-import sys
-
 import torch

 from ultralytics.yolo.engine.results import Results
--- a/ultralytics/yolo/v8/segment/train.py
+++ b/ultralytics/yolo/v8/segment/train.py
@ -1,5 +1,4 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license
-import sys
 from copy import copy

 import torch
--- a/ultralytics/yolo/v8/segment/val.py
+++ b/ultralytics/yolo/v8/segment/val.py
@ -1,7 +1,6 @@
 # Ultralytics YOLO 🚀, GPL-3.0 license

 import os
-import sys
 from multiprocessing.pool import ThreadPool
 from pathlib import Path

@ -30,7 +29,7 @@ class SegmentationValidator(DetectionValidator):

    def init_metrics(self, model):
        head = model.model[-1] if self.training else model.model.model[-1]
-        val = self.data.get('val', '')  # validation path
+        val = self.data.get(self.args.split, '')  # validation path
        self.is_coco = isinstance(val, str) and val.endswith(f'coco{os.sep}val2017.txt')  # is COCO dataset
        self.class_map = ops.coco80_to_coco91_class() if self.is_coco else list(range(1000))
        self.args.save_json |= self.is_coco and not self.training  # run on final val if training COCO