ultralytics 8.0.206__py3-none-any.whl → 8.0.207__py3-none-any.whl

ultralytics/__init__.py

@@ -1,6 +1,6 @@
 # Ultralytics YOLO 🚀, AGPL-3.0 license
 
-__version__ = '8.0.206'
+__version__ = '8.0.207'
 
 from ultralytics.models import RTDETR, SAM, YOLO
 from ultralytics.models.fastsam import FastSAM

ultralytics/engine/exporter.py

@@ -69,7 +69,7 @@ from ultralytics.nn.modules import C2f, Detect, RTDETRDecoder
 from ultralytics.nn.tasks import DetectionModel, SegmentationModel
 from ultralytics.utils import (ARM64, DEFAULT_CFG, LINUX, LOGGER, MACOS, ROOT, WINDOWS, __version__, callbacks,
                                colorstr, get_default_args, yaml_save)
-from ultralytics.utils.checks import check_imgsz, check_requirements, check_version
+from ultralytics.utils.checks import check_imgsz, check_is_path_safe, check_requirements, check_version
 from ultralytics.utils.downloads import attempt_download_asset, get_github_assets
 from ultralytics.utils.files import file_size, spaces_in_path
 from ultralytics.utils.ops import Profile
@@ -450,12 +450,9 @@ class Exporter:
         f = Path(str(self.file).replace(self.file.suffix, f'_ncnn_model{os.sep}'))
         f_ts = self.file.with_suffix('.torchscript')
 
-        pnnx_filename = 'pnnx.exe' if WINDOWS else 'pnnx'
-        if Path(pnnx_filename).is_file():
-            pnnx = pnnx_filename
-        elif (ROOT / pnnx_filename).is_file():
-            pnnx = ROOT / pnnx_filename
-        else:
+        name = Path('pnnx.exe' if WINDOWS else 'pnnx')  # PNNX filename
+        pnnx = name if name.is_file() else ROOT / name
+        if not pnnx.is_file():
             LOGGER.warning(
                 f'{prefix} WARNING ⚠️ PNNX not found. Attempting to download binary file from '
                 'https://github.com/pnnx/pnnx/.\nNote PNNX Binary file must be placed in current working directory '
@@ -465,12 +462,12 @@ class Exporter:
             asset = [x for x in assets if system in x][0] if assets else \
                 f'https://github.com/pnnx/pnnx/releases/download/20230816/pnnx-20230816-{system}.zip'  # fallback
             asset = attempt_download_asset(asset, repo='pnnx/pnnx', release='latest')
-            unzip_dir = Path(asset).with_suffix('')
-            pnnx = ROOT / pnnx_filename  # new location
-            (unzip_dir / pnnx_filename).rename(pnnx)  # move binary to ROOT
-            shutil.rmtree(unzip_dir)  # delete unzip dir
-            Path(asset).unlink()  # delete zip
-            pnnx.chmod(0o777)  # set read, write, and execute permissions for everyone
+            if check_is_path_safe(Path.cwd(), asset):  # avoid path traversal security vulnerability
+                unzip_dir = Path(asset).with_suffix('')
+                (unzip_dir / name).rename(pnnx)  # move binary to ROOT
+                shutil.rmtree(unzip_dir)  # delete unzip dir
+                Path(asset).unlink()  # delete zip
+                pnnx.chmod(0o777)  # set read, write, and execute permissions for everyone
 
         ncnn_args = [
             f'ncnnparam={f / "model.ncnn.param"}',

ultralytics/trackers/track.py

@@ -38,13 +38,13 @@ def on_predict_start(predictor, persist=False):
     predictor.trackers = trackers
 
 
-def on_predict_postprocess_end(predictor):
+def on_predict_postprocess_end(predictor, persist=False):
     """Postprocess detected boxes and update with object tracking."""
     bs = predictor.dataset.bs
     path, im0s = predictor.batch[:2]
 
     for i in range(bs):
-        if predictor.vid_path[i] != str(predictor.save_dir / Path(path[i]).name):  # new video
+        if not persist and predictor.vid_path[i] != str(predictor.save_dir / Path(path[i]).name):  # new video
             predictor.trackers[i].reset()
 
         det = predictor.results[i].boxes.cpu().numpy()
@@ -67,4 +67,4 @@ def register_tracker(model, persist):
         persist (bool): Whether to persist the trackers if they already exist.
     """
     model.add_callback('on_predict_start', partial(on_predict_start, persist=persist))
-    model.add_callback('on_predict_postprocess_end', on_predict_postprocess_end)
+    model.add_callback('on_predict_postprocess_end', partial(on_predict_postprocess_end, persist=persist))

ultralytics/utils/checks.py

@@ -463,6 +463,23 @@ def check_yaml(file, suffix=('.yaml', '.yml'), hard=True):
     return check_file(file, suffix, hard=hard)
 
 
+def check_is_path_safe(basedir, path):
+    """
+    Check if the resolved path is under the intended directory to prevent path traversal.
+
+    Args:
+        basedir (Path | str): The intended directory.
+        path (Path | str): The path to check.
+
+    Returns:
+        (bool): True if the path is safe, False otherwise.
+    """
+    base_dir_resolved = Path(basedir).resolve()
+    path_resolved = Path(path).resolve()
+
+    return path_resolved.is_file() and path_resolved.parts[:len(base_dir_resolved.parts)] == base_dir_resolved.parts
+
+
 def check_imshow(warn=False):
     """Check if environment supports image displays."""
     try:

ultralytics/utils/downloads.py

@@ -159,7 +159,11 @@ def unzip_file(file, path=None, exclude=('.DS_Store', '__MACOSX'), exist_ok=Fals
             return path
 
         for f in TQDM(files, desc=f'Unzipping {file} to {Path(path).resolve()}...', unit='file', disable=not progress):
-            zipObj.extract(f, path=extract_path)
+            # Ensure the file is within the extract_path to avoid path traversal security vulnerability
+            if '..' in Path(f).parts:
+                LOGGER.warning(f'Potentially insecure file path: {f}, skipping extraction.')
+                continue
+            zipObj.extract(f, extract_path)
 
     return path  # return unzip dir
 

{ultralytics-8.0.206.dist-info → ultralytics-8.0.207.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ultralytics
-Version: 8.0.206
+Version: 8.0.207
 Summary: Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification.
 Home-page: https://github.com/ultralytics/ultralytics
 Author: Ultralytics

{ultralytics-8.0.206.dist-info → ultralytics-8.0.207.dist-info}/RECORD

@@ -1,4 +1,4 @@
-ultralytics/__init__.py,sha256=biOjbAEKQxgwlt21rhdmPEFrPXGW-DED8kSR7V_vrwQ,463
+ultralytics/__init__.py,sha256=IHTkAvMFdc8fykdZi4by2TW-zMnNVMgbOHmsRVbTb64,463
 ultralytics/assets/bus.jpg,sha256=wCAZxJecGR63Od3ZRERe9Aja1Weayrb9Ug751DS_vGM,137419
 ultralytics/assets/zidane.jpg,sha256=Ftc4aeMmen1O0A3o6GCDO9FlfBslLpTAw0gnetx7bts,50427
 ultralytics/cfg/__init__.py,sha256=0rNpfVEF_zlbp7vjteMEtawvyQJ_X-CXgZI5xCyE4QQ,19672
@@ -50,7 +50,7 @@ ultralytics/data/dataset.py,sha256=IZyVml86cLF2t8Y8rToEN-H-OSdt5QQgXAFHo6YAJ_U,1
 ultralytics/data/loaders.py,sha256=wcxTmUXo-MLzHDgiCPqIz1a5Ab8zxDRCbqTlk4hqDLc,22093
 ultralytics/data/utils.py,sha256=MaTz8IkSrts2RVK3GLS3OHvVCAZmavxmOWKvUgy9tBQ,29632
 ultralytics/engine/__init__.py,sha256=mHtJuK4hwF8cuV-VHDc7tp6u6D1gHz2Z7JI8grmQDTs,42
-ultralytics/engine/exporter.py,sha256=h8p8jOt3_QDI86qA1Neer50W3yWSxgn5nTmZB2SmO8I,50142
+ultralytics/engine/exporter.py,sha256=uts1Y_IwgL7VkGB034dGVqaA2ceTs4XUlJXK7O23wVc,50142
 ultralytics/engine/model.py,sha256=z-K-T1gp4hZbb1Z7MiOiOXYIFZxWeGhiwZMJjNvBbsc,19208
 ultralytics/engine/predictor.py,sha256=onTJdx0dNaHfKIWidLbC4A4o8wMcISOVJxd6_xhe4XI,16672
 ultralytics/engine/results.py,sha256=b98uVX6QHpQjgMxbWiGOwqDBgbfY0AtY1v5DU3-hVBM,23454
@@ -122,7 +122,7 @@ ultralytics/trackers/__init__.py,sha256=dR9unDaRBd6MgMnTKxqJZ0KsJ8BeFGg-LTYQvC7B
 ultralytics/trackers/basetrack.py,sha256=Jh-1Q418_4CQfhgTjmGt3bQIVQdN5XJ2AiQx2dsPJuI,1609
 ultralytics/trackers/bot_sort.py,sha256=orTkrMj2yHfEQVKaQVWbguTx98S2gvLnaOB0D2JN1Gc,8602
 ultralytics/trackers/byte_tracker.py,sha256=acUkcJTjbjPShyAb59kj_avX0G0KmdBfpYH9maRSOiw,18381
-ultralytics/trackers/track.py,sha256=vjsOKdEDHlLSbRSUj_G9AfnLKnuI1F3zzyFw9tR3xq4,2494
+ultralytics/trackers/track.py,sha256=VU2vguyPKAPuaBTNlLa8Soc-2XbR_7IltZfLySe_irw,2551
 ultralytics/trackers/utils/__init__.py,sha256=mHtJuK4hwF8cuV-VHDc7tp6u6D1gHz2Z7JI8grmQDTs,42
 ultralytics/trackers/utils/gmc.py,sha256=H9Td7oLj-RKRsVNUETsMqcedJENV-jG03cCmwK-Tpo4,12366
 ultralytics/trackers/utils/kalman_filter.py,sha256=PM3I6DkBlS-cDm3kc7L5XD3XSbcGajgRxiqrvUJAIBY,14850
@@ -130,9 +130,9 @@ ultralytics/trackers/utils/matching.py,sha256=U8tfb8tfOYs_QtHQ-rGT4ZhthUcSAYh6X_
 ultralytics/utils/__init__.py,sha256=tIeKKWxmSBl6PRpAH2fnCSluXXa7AvEtbbl_WEOjSA0,33649
 ultralytics/utils/autobatch.py,sha256=mZjJerTi6WTzGq1_0JiU8XNHi70b1psCOAE-feZROgs,3862
 ultralytics/utils/benchmarks.py,sha256=ct6g9UyfHPi6a7_EuppbTrVeu_ePiCLF7Kib8RZKRgw,18217
-ultralytics/utils/checks.py,sha256=AzfiUf9y_RIAlBq8RnQhDehFKyBt0nJsq-LnMAxedHM,26278
+ultralytics/utils/checks.py,sha256=tt-gsMIC0Vpo3TaB8-O83tqe6Q5CWPBXPFjEVwxB0RM,26816
 ultralytics/utils/dist.py,sha256=egR2Z6Xlg75v72hddTut0q0-BIYvF-YCn_HE7PByuK8,2396
-ultralytics/utils/downloads.py,sha256=vkLARW1qNqWWdpdl7ep_97_ISBd6Rab_VgxOTNhq-04,17943
+ultralytics/utils/downloads.py,sha256=mrU3KI7oKheRMsWqjQbv-X79Ov4vr7k_H5P3L-mw_IE,18198
 ultralytics/utils/errors.py,sha256=wcNM8Yc0ln4X868kUM6pIsjKT_W67Kez4Vm72Xe-tYo,816
 ultralytics/utils/files.py,sha256=6XTXdBqhz5xpSUYzdicedbiPyV82xwpNsZX5D2_oh9k,5280
 ultralytics/utils/instance.py,sha256=0I1sYrARGrwHr2CtUcT8_D5jteZ4xhi5NsbV-XTaldI,15936
@@ -156,9 +156,9 @@ ultralytics/utils/callbacks/neptune.py,sha256=qIN0gJipB1f3Di7bw0Rb28jLYoCzJSWSqF
 ultralytics/utils/callbacks/raytune.py,sha256=PGZvW_haVq8Cqha3GgvL7iBMAaxfn8_3u_IIdYCNMPo,608
 ultralytics/utils/callbacks/tensorboard.py,sha256=AL8geYjG2NBBn4U1iHbmwF1rHDsNhVBeAmXo1tSLVgM,2830
 ultralytics/utils/callbacks/wb.py,sha256=x_j4ZH4Klp0_Ld13f0UezFluUTS5Ovfgk9hcjwqeruU,6762
-ultralytics-8.0.206.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-ultralytics-8.0.206.dist-info/METADATA,sha256=iQRpIntbOXrIsDTWyTLzF9D-A2FaCaYA0s7DjBr5U4g,31381
-ultralytics-8.0.206.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
-ultralytics-8.0.206.dist-info/entry_points.txt,sha256=YM_wiKyTe9yRrsEfqvYolNO5ngwfoL4-NwgKzc8_7sI,93
-ultralytics-8.0.206.dist-info/top_level.txt,sha256=iXnUQZuWnkCwh3InMTwthfgww_zJjOjq1Cg9CoWen_0,762
-ultralytics-8.0.206.dist-info/RECORD,,
+ultralytics-8.0.207.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+ultralytics-8.0.207.dist-info/METADATA,sha256=mtDGleHWG9622HQHPAe5y65Csa04QzIMA907jtOOvI8,31381
+ultralytics-8.0.207.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
+ultralytics-8.0.207.dist-info/entry_points.txt,sha256=YM_wiKyTe9yRrsEfqvYolNO5ngwfoL4-NwgKzc8_7sI,93
+ultralytics-8.0.207.dist-info/top_level.txt,sha256=iXnUQZuWnkCwh3InMTwthfgww_zJjOjq1Cg9CoWen_0,762
+ultralytics-8.0.207.dist-info/RECORD,,