From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 5C2221FF13B for ; Wed, 22 Apr 2026 13:18:27 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8C2A919483; Wed, 22 Apr 2026 13:14:51 +0200 (CEST) From: "Max R. Carrara" To: pve-devel@lists.proxmox.com Subject: [PATCH pve-storage v1 20/54] api: status: simplify file content assertion logic for up-/download Date: Wed, 22 Apr 2026 13:12:46 +0200 Message-ID: <20260422111322.257380-21-m.carrara@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260422111322.257380-1-m.carrara@proxmox.com> References: <20260422111322.257380-1-m.carrara@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776856336632 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.085 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: LBGSYNPJTI6XYJCFMERNZ5G6QHX3HALU X-Message-ID-Hash: LBGSYNPJTI6XYJCFMERNZ5G6QHX3HALU X-MailFrom: m.carrara@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Create another helper for the file content assertion logic in the upload / download_url API methods. Absorb the `assert_ova_contents()` helper along the way, since it does not need to be standalone anymore. Signed-off-by: Max R. Carrara --- src/PVE/API2/Storage/Status.pm | 89 ++++++++++++---------------------- 1 file changed, 32 insertions(+), 57 deletions(-) diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm index 3a798899..2b0b121a 100644 --- a/src/PVE/API2/Storage/Status.pm +++ b/src/PVE/API2/Storage/Status.pm @@ -102,25 +102,40 @@ my sub parse_transferred_file_path_extension : prototype($$) { die "upload / download: failed to parse '$path' - unhandled content type '$vtype'\n"; } -my sub assert_ova_contents { - my ($file) = @_; +my sub assert_file_transfer_contents_valid : prototype($$$) { + my ($path, $vtype, $extension) = @_; - # test if it's really a tar file with an ovf file inside - my $hasOvf = 0; - run_command( - ['tar', '-t', '-f', $file], - outfunc => sub { - my ($line) = @_; + if ($vtype eq 'iso') { + PVE::Storage::assert_iso_content($path); + return; + } - if ($line =~ m/\.ovf$/) { - $hasOvf = 1; - } - }, - ); + if ($vtype eq 'import') { + if ($extension eq 'ova') { + # test if it's really a tar file with an ovf file inside + my $hasOvf = 0; + run_command( + ['tar', '-t', '-f', $path], + outfunc => sub { + my ($line) = @_; - die "ova archive has no .ovf file inside\n" if !$hasOvf; + if ($line =~ m/\.ovf$/) { + $hasOvf = 1; + } + }, + ); - return 1; + die "ova archive has no .ovf file inside\n" if !$hasOvf; + return; + } + + my $is_untrusted = 1; + my $timeout = 10; + + PVE::Storage::file_size_info($path, $timeout, $extension, $is_untrusted); + + return; + } } __PACKAGE__->register_method({ @@ -645,18 +660,7 @@ __PACKAGE__->register_method({ die "temporary file '$tmpfilename' does not exist\n" if !defined($size); my $filename = PVE::Storage::normalize_content_filename($param->{filename}); - - my $is_ova = 0; - my $image_format; - my $extension = parse_transferred_file_path_extension($filename, $content); - - if ($extension eq 'ova') { - $is_ova = 1; - } else { - $image_format = $extension; - } - my $path = plugin_get_vtype_subdir($scfg, $content); my $dest = "$path/$filename"; @@ -725,16 +729,7 @@ __PACKAGE__->register_method({ } } - if ($content eq 'iso') { - PVE::Storage::assert_iso_content($tmpfilename); - } - - if ($is_ova) { - assert_ova_contents($tmpfilename); - } elsif (defined($image_format)) { - # checks untrusted image - PVE::Storage::file_size_info($tmpfilename, 10, $image_format, 1); - } + assert_file_transfer_contents_valid($tmpfilename, $content, $extension); }; if (my $err = $@) { # unlinks only the temporary file from the http server @@ -859,18 +854,7 @@ __PACKAGE__->register_method({ assert_can_transfer_files($scfg, $storage, $content); my $filename = PVE::Storage::normalize_content_filename($param->{filename}); - - my $is_ova = 0; - my $image_format; - my $extension = parse_transferred_file_path_extension($filename, $content); - - if ($extension eq 'ova') { - $is_ova = 1; - } else { - $image_format = $extension; - } - my $path = plugin_get_vtype_subdir($scfg, $content); PVE::Storage::activate_storage($cfg, $storage); @@ -893,16 +877,7 @@ __PACKAGE__->register_method({ $opts->{assert_file_validity} = sub { my ($tmp_path) = @_; - if ($content eq 'iso') { - PVE::Storage::assert_iso_content($tmp_path); - } - - if ($is_ova) { - assert_ova_contents($tmp_path); - } elsif (defined($image_format)) { - # checks untrusted image - PVE::Storage::file_size_info($tmp_path, 10, $image_format, 1); - } + assert_file_transfer_contents_valid($tmp_path, $content, $extension); }; my $worker = sub { -- 2.47.3