public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH storage v6 2/2] import: allow upload of guest images files into import storage
Date: Mon,  7 Apr 2025 12:13:06 +0200	[thread overview]
Message-ID: <20250407101310.3196974-3-d.csapak@proxmox.com> (raw)
In-Reply-To: <20250407101310.3196974-1-d.csapak@proxmox.com>

so users can upload qcow2/raw/vmdk files directly in the UI
Check the uploaded file with 'file_size_info' and the untrusted flag.
This checks the file format, existence of backing files, etc.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
changes from v5:
* rebase
* use existing regex to test for either ova, or the other image formats
* add images to the description

 src/PVE/API2/Storage/Status.pm | 25 +++++++++++++++++++++----
 src/PVE/Storage.pm             |  2 +-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index 3332675..14915ae 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -387,7 +387,7 @@ __PACKAGE__->register_method ({
     name => 'upload',
     path => '{storage}/upload',
     method => 'POST',
-    description => "Upload templates, ISO images and OVAs.",
+    description => "Upload templates, ISO images, OVAs and VM images.",
     permissions => {
 	check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
     },
@@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
 
 	my $path;
 	my $is_ova = 0;
+	my $image_format;
 
 	if ($content eq 'iso') {
 	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -471,8 +472,14 @@ __PACKAGE__->register_method ({
 	    if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
 		raise_param_exc({ filename => "invalid filename or wrong extension" });
 	    }
+	    my $format = $1;
+
+	    if ($format eq 'ova') {
+		$is_ova = 1;
+	    } else {
+		$image_format = $format;
+	    }
 
-	    $is_ova = 1;
 	    $path = PVE::Storage::get_import_dir($cfg, $storage);
 	} else {
 	    raise_param_exc({ content => "upload content type '$content' not allowed" });
@@ -543,6 +550,9 @@ __PACKAGE__->register_method ({
 
 		if ($is_ova) {
 		    assert_ova_contents($tmpfilename);
+		} elsif (defined($image_format)) {
+		    # checks untrusted image
+		    PVE::Storage::file_size_info($tmpfilename, 10, $image_format, 1);
 		}
 	    };
 	    if (my $err = $@) {
@@ -578,7 +588,7 @@ __PACKAGE__->register_method({
     name => 'download_url',
     path => '{storage}/download-url',
     method => 'POST',
-    description => "Download templates, ISO images and OVAs by using an URL.",
+    description => "Download templates, ISO images, OVAs and VM images by using an URL.",
     proxyto => 'node',
     permissions => {
 	description => 'Requires allocation access on the storage and as this allows one to probe'
@@ -667,6 +677,7 @@ __PACKAGE__->register_method({
 
 	my $path;
 	my $is_ova = 0;
+	my $image_format;
 
 	if ($content eq 'iso') {
 	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -682,9 +693,12 @@ __PACKAGE__->register_method({
 	    if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
 		raise_param_exc({ filename => "invalid filename or wrong extension" });
 	    }
+	    my $format = $1;
 
-	    if ($filename =~ m/\.ova$/) {
+	    if ($format eq 'ova') {
 		$is_ova = 1;
+	    } else {
+		$image_format = $format;
 	    }
 
 	    $path = PVE::Storage::get_import_dir($cfg, $storage);
@@ -718,6 +732,9 @@ __PACKAGE__->register_method({
 
 	    if ($is_ova) {
 		assert_ova_contents($tmp_path);
+	    } elsif (defined($image_format)) {
+		# checks untrusted image
+		PVE::Storage::file_size_info($tmp_path, 10, $image_format, 1);
 	    }
 	};
 
diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
index 7174f0f..d0a696a 100755
--- a/src/PVE/Storage.pm
+++ b/src/PVE/Storage.pm
@@ -116,7 +116,7 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
 
 our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
 
-our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
+our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
 
 our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
 our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


  parent reply	other threads:[~2025-04-07 10:13 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-07 10:13 [pve-devel] [PATCH storage/manager v6] allow down/upload & import of images in the web UI Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH storage v6 1/2] api: rename 'isOva' to 'is_ova' to adhere to style guide Dominik Csapak
2025-04-07 10:13 ` Dominik Csapak [this message]
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 1/4] ui: storage content: allow upload of guest images for import type Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 2/4] ui: form: file selector: allow optional filter Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 3/4] ui: qemu hd edit: allow importing a disk from the import storage Dominik Csapak
2025-04-07 22:13   ` Thomas Lamprecht
2025-04-08  7:01     ` Dominik Csapak
2025-04-08  8:40       ` Thomas Lamprecht
2025-04-08  8:53         ` Dominik Csapak
2025-04-07 10:13 ` [pve-devel] [PATCH manager v6 4/4] ui: upload window: show hint about upload storage location Dominik Csapak
2025-04-07 22:52 ` [pve-devel] partially-applied: [PATCH storage/manager v6] allow down/upload & import of images in the web UI Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250407101310.3196974-3-d.csapak@proxmox.com \
    --to=d.csapak@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal