From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id AC7321FF15C
	for <inbox@lore.proxmox.com>; Fri,  4 Apr 2025 16:12:41 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 5C92D33548;
	Fri,  4 Apr 2025 16:12:27 +0200 (CEST)
Message-ID: <05101c04-ba1c-4baa-9e2f-49b2a5522837@proxmox.com>
Date: Fri, 4 Apr 2025 16:11:53 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Dominik Csapak <d.csapak@proxmox.com>
References: <20250401082318.1312661-1-d.csapak@proxmox.com>
 <20250401082318.1312661-2-d.csapak@proxmox.com>
Content-Language: en-US
From: Fiona Ebner <f.ebner@proxmox.com>
In-Reply-To: <20250401082318.1312661-2-d.csapak@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.037 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH storage v5 1/1] import: allow upload of
 guest images files into import storage
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 01.04.25 um 10:23 schrieb Dominik Csapak:
> so users can upload qcow2/raw/vmdk files directly in the ui
> 

Pre-existing, but we put all uploads to /var/tmp/pveupload-XYZ first,
right? This already makes some users unhappy with ISOs IIRC and for
images we can expect it to get worse as those are usually even larger.
Should we at least show a warning/hint about this in the UI?

> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> no changes in v5
> 
>  src/PVE/API2/Storage/Status.pm | 17 ++++++++++++++++-
>  src/PVE/Storage.pm             |  3 ++-
>  2 files changed, 18 insertions(+), 2 deletions(-)
> 
> diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
> index c854b53..b23d283 100644
> --- a/src/PVE/API2/Storage/Status.pm
> +++ b/src/PVE/API2/Storage/Status.pm

The API method descriptions don't mention support for
uploading/downloading images yet.

> @@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
>  
>  	my $path;
>  	my $isOva = 0;
> +	my $imageFormat;

Style nit: This is not how we usually name multi-word Perl variables
(also pre-existing for isOva).

>  
>  	if ($content eq 'iso') {
>  	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
> @@ -472,7 +473,12 @@ __PACKAGE__->register_method ({
>  		raise_param_exc({ filename => "invalid filename or wrong extension" });
>  	    }

Nit: if you already extract the extension from matching above here, you
don't need to match again below.

>  
> -	    $isOva = 1;
> +	    if ($filename =~ m/\.ova$/) {
> +		$isOva = 1;
> +	    } elsif ($filename =~ m/${PVE::Storage::UPLOAD_IMPORT_IMAGE_EXT_RE_1}$/) {
> +		$imageFormat = $1;
> +	    }
> +
>  	    $path = PVE::Storage::get_import_dir($cfg, $storage);
>  	} else {
>  	    raise_param_exc({ content => "upload content type '$content' not allowed" });
> @@ -543,6 +549,9 @@ __PACKAGE__->register_method ({
>  
>  		if ($isOva) {
>  		    assert_ova_contents($tmpfilename);
> +		} elsif (defined($imageFormat)) {
> +		    # checks untrusted image
> +		    PVE::Storage::file_size_info($tmpfilename, 10, $imageFormat, 1);
>  		}
>  	    };
>  	    if (my $err = $@) {
> @@ -667,6 +676,7 @@ __PACKAGE__->register_method({
>  
>  	my $path;
>  	my $isOva = 0;
> +	my $imageFormat;
>  
>  	if ($content eq 'iso') {
>  	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
> @@ -685,6 +695,8 @@ __PACKAGE__->register_method({
>  

Similar here regarding extension matching, then you don't even need to
define a second regex.

>  	    if ($filename =~ m/\.ova$/) {
>  		$isOva = 1;
> +	    } elsif ($filename =~ m/${PVE::Storage::UPLOAD_IMPORT_IMAGE_EXT_RE_1}$/) {
> +		$imageFormat = $1;
>  	    }
>  
>  	    $path = PVE::Storage::get_import_dir($cfg, $storage);
> @@ -717,6 +729,9 @@ __PACKAGE__->register_method({
>  
>  	    if ($isOva) {
>  		assert_ova_contents($tmp_path);
> +	    } elsif (defined($imageFormat)) {
> +		# checks untrusted image
> +		PVE::Storage::file_size_info($tmp_path, 10, $imageFormat, 1);
>  	    }
>  	};
>  
> diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
> index c5d4ff8..09d9883 100755
> --- a/src/PVE/Storage.pm
> +++ b/src/PVE/Storage.pm
> @@ -116,7 +116,8 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
>  
>  our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
>  
> -our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
> +our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
> +our $UPLOAD_IMPORT_IMAGE_EXT_RE_1 = qr/\.(qcow2|raw|vmdk)/;
>  
>  our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
>  our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel