[pve-devel] [PATCH storage v6 2/2] import: allow upload of guest images files into import storage
Dominik Csapak
d.csapak at proxmox.com
Mon Apr 7 12:13:06 CEST 2025
so users can upload qcow2/raw/vmdk files directly in the UI
Check the uploaded file with 'file_size_info' and the untrusted flag.
This checks the file format, existence of backing files, etc.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v5:
* rebase
* use existing regex to test for either ova, or the other image formats
* add images to the description
src/PVE/API2/Storage/Status.pm | 25 +++++++++++++++++++++----
src/PVE/Storage.pm | 2 +-
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index 3332675..14915ae 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -387,7 +387,7 @@ __PACKAGE__->register_method ({
name => 'upload',
path => '{storage}/upload',
method => 'POST',
- description => "Upload templates, ISO images and OVAs.",
+ description => "Upload templates, ISO images, OVAs and VM images.",
permissions => {
check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
},
@@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
my $path;
my $is_ova = 0;
+ my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -471,8 +472,14 @@ __PACKAGE__->register_method ({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
+ my $format = $1;
+
+ if ($format eq 'ova') {
+ $is_ova = 1;
+ } else {
+ $image_format = $format;
+ }
- $is_ova = 1;
$path = PVE::Storage::get_import_dir($cfg, $storage);
} else {
raise_param_exc({ content => "upload content type '$content' not allowed" });
@@ -543,6 +550,9 @@ __PACKAGE__->register_method ({
if ($is_ova) {
assert_ova_contents($tmpfilename);
+ } elsif (defined($image_format)) {
+ # checks untrusted image
+ PVE::Storage::file_size_info($tmpfilename, 10, $image_format, 1);
}
};
if (my $err = $@) {
@@ -578,7 +588,7 @@ __PACKAGE__->register_method({
name => 'download_url',
path => '{storage}/download-url',
method => 'POST',
- description => "Download templates, ISO images and OVAs by using an URL.",
+ description => "Download templates, ISO images, OVAs and VM images by using an URL.",
proxyto => 'node',
permissions => {
description => 'Requires allocation access on the storage and as this allows one to probe'
@@ -667,6 +677,7 @@ __PACKAGE__->register_method({
my $path;
my $is_ova = 0;
+ my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -682,9 +693,12 @@ __PACKAGE__->register_method({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
+ my $format = $1;
- if ($filename =~ m/\.ova$/) {
+ if ($format eq 'ova') {
$is_ova = 1;
+ } else {
+ $image_format = $format;
}
$path = PVE::Storage::get_import_dir($cfg, $storage);
@@ -718,6 +732,9 @@ __PACKAGE__->register_method({
if ($is_ova) {
assert_ova_contents($tmp_path);
+ } elsif (defined($image_format)) {
+ # checks untrusted image
+ PVE::Storage::file_size_info($tmp_path, 10, $image_format, 1);
}
};
diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
index 7174f0f..d0a696a 100755
--- a/src/PVE/Storage.pm
+++ b/src/PVE/Storage.pm
@@ -116,7 +116,7 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
-our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
+our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;
--
2.39.5
More information about the pve-devel
mailing list