Security improvements (#10942)

* Security improvements * Security improvements * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
2023-02-09 16:57:18 +04:00 · 2023-02-09 16:57:18 +04:00 · e326252ee4
parent a270b4f125
commit e326252ee4
2 changed files with 7 additions and 6 deletions
--- a/utils/dataloaders.py
+++ b/utils/dataloaders.py
@ -52,7 +52,7 @@ for orientation in ExifTags.TAGS.keys():
 def get_hash(paths):
    # Returns a single hash value of a list of paths (files or dirs)
    size = sum(os.path.getsize(p) for p in paths if os.path.exists(p))  # sizes
-    h = hashlib.md5(str(size).encode())  # hash sizes
+    h = hashlib.sha256(str(size).encode())  # hash sizes
    h.update(''.join(paths).encode())  # hash paths
    return h.hexdigest()  # return hash

--- a/utils/general.py
+++ b/utils/general.py
@ -14,6 +14,7 @@ import platform
 import random
 import re
 import signal
+import subprocess
 import sys
 import time
 import urllib
@ -551,7 +552,7 @@ def check_dataset(data, autodownload=True):
                r = None  # success
            elif s.startswith('bash '):  # bash script
                LOGGER.info(f'Running {s} ...')
-                r = os.system(s)
+                r = subprocess.run(s, shell=True)
            else:  # python script
                r = exec(s, {'yaml': data})  # return None
            dt = f'({round(time.time() - t, 1)}s)'
@ -648,9 +649,9 @@ def download(url, dir='.', unzip=True, delete=True, curl=False, threads=1, retry
            if is_zipfile(f):
                unzip_file(f, dir)  # unzip
            elif is_tarfile(f):
-                os.system(f'tar xf {f} --directory {f.parent}')  # unzip
+                subprocess.run(f'tar xf {f} --directory {f.parent}', shell=True)  # unzip
            elif f.suffix == '.gz':
-                os.system(f'tar xfz {f} --directory {f.parent}')  # unzip
+                subprocess.run(f'tar xfz {f} --directory {f.parent}', shell=True)  # unzip
            if delete:
                f.unlink()  # remove zip

@ -1022,7 +1023,7 @@ def print_mutation(keys, results, hyp, save_dir, bucket, prefix=colorstr('evolve
    if bucket:
        url = f'gs://{bucket}/evolve.csv'
        if gsutil_getsize(url) > (evolve_csv.stat().st_size if evolve_csv.exists() else 0):
-            os.system(f'gsutil cp {url} {save_dir}')  # download evolve.csv if larger than local
+            subprocess.run(f'gsutil cp {url} {save_dir}', shell=True)  # download evolve.csv if larger than local

    # Log to evolve.csv
    s = '' if evolve_csv.exists() else (('%20s,' * n % keys).rstrip(',') + '\n')  # add header
@ -1046,7 +1047,7 @@ def print_mutation(keys, results, hyp, save_dir, bucket, prefix=colorstr('evolve
                                                                                         for x in vals) + '\n\n')

    if bucket:
-        os.system(f'gsutil cp {evolve_csv} {evolve_yaml} gs://{bucket}')  # upload
+        subprocess.run(f'gsutil cp {evolve_csv} {evolve_yaml} gs://{bucket}', shell=True)  # upload


 def apply_classifier(x, model, img, im0):