Re: [pve-devel] [PATCH storage 1/2] don't bail on whitespaces in backing devices

From: Fiona Ebner <f.ebner@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH storage 1/2] don't bail on whitespaces in backing devices
Date: Tue, 30 Apr 2024 11:13:02 +0200	[thread overview]
Message-ID: <21017c63-9c3c-48ea-8152-df5c66fa1a0c@proxmox.com> (raw)
In-Reply-To: <4qssgd7wmmrlahcxe5j6tqmfonvv3a4ye3tnebrkyegmk77n55@3gxmtkrgghip>

Am 30.04.24 um 10:38 schrieb Wolfgang Bumiller:
> On Tue, Apr 30, 2024 at 10:14:13AM +0200, Fiona Ebner wrote:
>>
>> So the returned $parent will now just be undef if it contains
>> whitespaces, even though there is a parent. Can't that cause issues
>> further down the line? If it's fine, a comment with the rationale would
>> be nice.
>>
>> Or should we rather allow whitespaces while matching and return it
>> properly? Or are there any issues with proper escaping then?
> 
> I was a bit too quick on the send trigger there, but it should be fine
> IMO:
> 
> - where we do run into this issue, we never use/need/care about the parent

Maybe this part of the function could be guarded by wantarray already,
so callers caring only about the size don't even get there? But I
suppose we do notice other unexpected things earlier by always doing the
additional checks, so maybe it's better like it is right now.

> - the parent info of file_size_info is usually discarded, or checked
>   against whether the disk is a "base volume" according to the storage's
>   idea of how such a volume has to be named (as in, it's created/managed
>   by pve)
>   or, eg. in Plugin.pm's `list_images` the parent is then checked
>   against a more specific regex and if it does not matched it is simply
>   discarded as if it was `undef`... (so we already have some logic
>   around backing-devices which "discards" unexpected values...)

Hmm, okay.

> - technically users could add a disk with a "bad" parent to a storage
>   *manually*, but given the list_images mentioned above, I'd argue the
>   situation isn't really getting worse, as values that *do* match `\S+`
>   don't necessarily match the regexes used *later* on the parent
>   *anyway*...
> 

CC Dominik

Thinking in the context of uploading OVAs (or uploading disk images), I
guess we need a check against arbitrary backing file paths in uploaded
qcow2/vmdk images (or do we already have that)?

> So we could also just untaint with /^(.+)$/, since IMO if we end up with
> actual whitespace issues anywhere *else*, then *that* could is the
> broken one, not this one...
> 
> 🤷

Fine by me, but after what you wrote, so is the current approach :)

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel