From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 796BD1FF396
	for <inbox@lore.proxmox.com>; Wed, 22 May 2024 12:20:39 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0611AA1B7;
	Wed, 22 May 2024 12:20:55 +0200 (CEST)
Date: Wed, 22 May 2024 12:20:47 +0200
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
References: <20240429112124.3819357-1-d.csapak@proxmox.com>
 <20240429112124.3819357-9-d.csapak@proxmox.com>
In-Reply-To: <20240429112124.3819357-9-d.csapak@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid)
Message-Id: <1716372540.nd9i41t19h.astroid@yuna.none>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.054 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [status.pm, storage.pm, proxmox.com]
Subject: Re: [pve-devel] [PATCH storage v3 08/10] api: allow ova
 upload/download
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On April 29, 2024 1:21 pm, Dominik Csapak wrote:
> introducing a separate regex that only contains ova, since
> upload/downloading ovfs does not make sense (since the disks are then
> missing).
> 
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
>  src/PVE/API2/Storage/Status.pm | 18 ++++++++++++++----
>  src/PVE/Storage.pm             | 11 +++++++++++
>  2 files changed, 25 insertions(+), 4 deletions(-)
> 
> diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
> index acde730..6c0c1e5 100644
> --- a/src/PVE/API2/Storage/Status.pm
> +++ b/src/PVE/API2/Storage/Status.pm
> @@ -369,7 +369,7 @@ __PACKAGE__->register_method ({
>      name => 'upload',
>      path => '{storage}/upload',
>      method => 'POST',
> -    description => "Upload templates and ISO images.",
> +    description => "Upload templates, ISO images and OVAs.",
>      permissions => {
>  	check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
>      },
> @@ -382,7 +382,7 @@ __PACKAGE__->register_method ({
>  	    content => {
>  		description => "Content type.",
>  		type => 'string', format => 'pve-storage-content',
> -		enum => ['iso', 'vztmpl'],
> +		enum => ['iso', 'vztmpl', 'import'],
>  	    },
>  	    filename => {
>  		description => "The name of the file to create. Caution: This will be normalized!",
> @@ -448,6 +448,11 @@ __PACKAGE__->register_method ({
>  		raise_param_exc({ filename => "wrong file extension" });
>  	    }
>  	    $path = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage});
> +	} elsif ($content eq 'import') {
> +	    if ($filename !~ m![^/]+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
> +		raise_param_exc({ filename => "wrong file extension" });
> +	    }
> +	    $path = PVE::Storage::get_import_dir($cfg, $param->{storage});
>  	} else {
>  	    raise_param_exc({ content => "upload content type '$content' not allowed" });
>  	}
> @@ -544,7 +549,7 @@ __PACKAGE__->register_method({
>      name => 'download_url',
>      path => '{storage}/download-url',
>      method => 'POST',
> -    description => "Download templates and ISO images by using an URL.",
> +    description => "Download templates, ISO images and OVAs by using an URL.",
>      proxyto => 'node',
>      permissions => {
>  	description => 'Requires allocation access on the storage and as this allows one to probe'
> @@ -572,7 +577,7 @@ __PACKAGE__->register_method({
>  	    content => {
>  		description => "Content type.", # TODO: could be optional & detected in most cases
>  		type => 'string', format => 'pve-storage-content',
> -		enum => ['iso', 'vztmpl'],
> +		enum => ['iso', 'vztmpl', 'import'],
>  	    },
>  	    filename => {
>  		description => "The name of the file to create. Caution: This will be normalized!",
> @@ -642,6 +647,11 @@ __PACKAGE__->register_method({
>  		raise_param_exc({ filename => "wrong file extension" });
>  	    }
>  	    $path = PVE::Storage::get_vztmpl_dir($cfg, $storage);
> +	} elsif ($content eq 'import') {
> +	    if ($filename !~ m![^/]+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {

was a bit stumped here, but the others have it as well - $filename is
normalized first and that removes any slashes anyway. this also means
uploaded OVAs only have a subset of characters compared to what we
accept otherwise. do we still want to be extra-cautious in case we relax
the normalization in the future, and check for the same characters we
allow otherwise? would be rather weird if users can upload files but
possible not even see them afterwards ^^

> +		raise_param_exc({ filename => "wrong file extension" });
> +	    }
> +	    $path = PVE::Storage::get_import_dir($cfg, $param->{storage});
>  	} else {
>  	    raise_param_exc({ content => "upload content-type '$content' is not allowed" });
>  	}
> diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
> index adc1b45..31b2ad5 100755
> --- a/src/PVE/Storage.pm
> +++ b/src/PVE/Storage.pm
> @@ -116,6 +116,8 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
>  
>  our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
>  
> +our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
> +
>  our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
>  
>  # FIXME remove with PVE 8.0, add versioned breaks for pve-manager
> @@ -464,6 +466,15 @@ sub get_iso_dir {
>      return $plugin->get_subdir($scfg, 'iso');
>  }
>  
> +sub get_import_dir {
> +    my ($cfg, $storeid) = @_;
> +
> +    my $scfg = storage_config($cfg, $storeid);
> +    my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
> +
> +    return $plugin->get_subdir($scfg, 'import');
> +}
> +
>  sub get_vztmpl_dir {
>      my ($cfg, $storeid) = @_;
>  
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel