From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH storage v6 2/2] import: allow upload of guest images files into import storage
Date: Mon, 7 Apr 2025 12:13:06 +0200 [thread overview]
Message-ID: <20250407101310.3196974-3-d.csapak@proxmox.com> (raw)
In-Reply-To: <20250407101310.3196974-1-d.csapak@proxmox.com>
so users can upload qcow2/raw/vmdk files directly in the UI
Check the uploaded file with 'file_size_info' and the untrusted flag.
This checks the file format, existence of backing files, etc.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
changes from v5:
* rebase
* use existing regex to test for either ova, or the other image formats
* add images to the description
src/PVE/API2/Storage/Status.pm | 25 +++++++++++++++++++++----
src/PVE/Storage.pm | 2 +-
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index 3332675..14915ae 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -387,7 +387,7 @@ __PACKAGE__->register_method ({
name => 'upload',
path => '{storage}/upload',
method => 'POST',
- description => "Upload templates, ISO images and OVAs.",
+ description => "Upload templates, ISO images, OVAs and VM images.",
permissions => {
check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
},
@@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
my $path;
my $is_ova = 0;
+ my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -471,8 +472,14 @@ __PACKAGE__->register_method ({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
+ my $format = $1;
+
+ if ($format eq 'ova') {
+ $is_ova = 1;
+ } else {
+ $image_format = $format;
+ }
- $is_ova = 1;
$path = PVE::Storage::get_import_dir($cfg, $storage);
} else {
raise_param_exc({ content => "upload content type '$content' not allowed" });
@@ -543,6 +550,9 @@ __PACKAGE__->register_method ({
if ($is_ova) {
assert_ova_contents($tmpfilename);
+ } elsif (defined($image_format)) {
+ # checks untrusted image
+ PVE::Storage::file_size_info($tmpfilename, 10, $image_format, 1);
}
};
if (my $err = $@) {
@@ -578,7 +588,7 @@ __PACKAGE__->register_method({
name => 'download_url',
path => '{storage}/download-url',
method => 'POST',
- description => "Download templates, ISO images and OVAs by using an URL.",
+ description => "Download templates, ISO images, OVAs and VM images by using an URL.",
proxyto => 'node',
permissions => {
description => 'Requires allocation access on the storage and as this allows one to probe'
@@ -667,6 +677,7 @@ __PACKAGE__->register_method({
my $path;
my $is_ova = 0;
+ my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -682,9 +693,12 @@ __PACKAGE__->register_method({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
+ my $format = $1;
- if ($filename =~ m/\.ova$/) {
+ if ($format eq 'ova') {
$is_ova = 1;
+ } else {
+ $image_format = $format;
}
$path = PVE::Storage::get_import_dir($cfg, $storage);
@@ -718,6 +732,9 @@ __PACKAGE__->register_method({
if ($is_ova) {
assert_ova_contents($tmp_path);
+ } elsif (defined($image_format)) {
+ # checks untrusted image
+ PVE::Storage::file_size_info($tmp_path, 10, $image_format, 1);
}
};
diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
index 7174f0f..d0a696a 100755
--- a/src/PVE/Storage.pm
+++ b/src/PVE/Storage.pm
@@ -116,7 +116,7 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
-our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
+our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-04-07 10:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-07 10:13 [pve-devel] [PATCH storage/manager v6] allow down/upload & import of images in the web UI Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH storage v6 1/2] api: rename 'isOva' to 'is_ova' to adhere to style guide Dominik Csapak
2025-04-07 10:13 ` Dominik Csapak [this message]
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 1/4] ui: storage content: allow upload of guest images for import type Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 2/4] ui: form: file selector: allow optional filter Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 3/4] ui: qemu hd edit: allow importing a disk from the import storage Dominik Csapak
2025-04-07 22:13 ` Thomas Lamprecht
2025-04-08 7:01 ` Dominik Csapak
2025-04-08 8:40 ` Thomas Lamprecht
2025-04-08 8:53 ` Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 4/4] ui: upload window: show hint about upload storage location Dominik Csapak
2025-04-07 22:52 ` [pve-devel] partially-applied: [PATCH storage/manager v6] allow down/upload & import of images in the web UI Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250407101310.3196974-3-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal