proxmox-mirrors/pve-storage
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-storage synced 2025-10-04 06:41:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

import: allow upload of guest images files into import storage

Browse Source 
so users can upload qcow2/raw/vmdk files directly in the UI
Check the uploaded file with 'file_size_info' and the untrusted flag.
This checks the file format, existence of backing files, etc.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Link: https://lore.proxmox.com/20250407101310.3196974-3-d.csapak@proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Dominik Csapak 2025-04-07 12:13:06 +02:00 committed by Thomas Lamprecht
parent 551bad9d47
commit 76f695f2e6
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/PVE/API2/Storage/Status.pm
View File

@ -387,7 +387,7 @@ __PACKAGE__->register_method ({
name => 'upload',
path => '{storage}/upload',
method => 'POST',
description => "Upload templates, ISO images and OVAs.",
description => "Upload templates, ISO images, OVAs and VM images.",
permissions => {
check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
},
@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
my $path;
my $is_ova = 0;
my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@ -471,8 +472,14 @@ __PACKAGE__->register_method ({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
my $format = $1;
if ($format eq 'ova') {
$is_ova = 1;
} else {
$image_format = $format;
}
$path = PVE::Storage::get_import_dir($cfg, $storage);
} else {
raise_param_exc({ content => "upload content type '$content' not allowed" });
@ -543,6 +550,9 @@ __PACKAGE__->register_method ({
if ($is_ova) {
assert_ova_contents($tmpfilename);
} elsif (defined($image_format)) {
# checks untrusted image
PVE::Storage::file_size_info($tmpfilename, 10, $image_format, 1);
}
};
if (my $err = $@) {
@ -578,7 +588,7 @@ __PACKAGE__->register_method({
name => 'download_url',
path => '{storage}/download-url',
method => 'POST',
description => "Download templates, ISO images and OVAs by using an URL.",
description => "Download templates, ISO images, OVAs and VM images by using an URL.",
proxyto => 'node',
permissions => {
description => 'Requires allocation access on the storage and as this allows one to probe'
@ -667,6 +677,7 @@ __PACKAGE__->register_method({
my $path;
my $is_ova = 0;
my $image_format;
if ($content eq 'iso') {
if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@ -682,9 +693,12 @@ __PACKAGE__->register_method({
if ($filename !~ m!${PVE::Storage::SAFE_CHAR_CLASS_RE}+$PVE::Storage::UPLOAD_IMPORT_EXT_RE_1$!) {
raise_param_exc({ filename => "invalid filename or wrong extension" });
}
my $format = $1;
if ($filename =~ m/\.ova$/) {
if ($format eq 'ova') {
$is_ova = 1;
} else {
$image_format = $format;
}
$path = PVE::Storage::get_import_dir($cfg, $storage);
@ -718,6 +732,9 @@ __PACKAGE__->register_method({
if ($is_ova) {
assert_ova_contents($tmp_path);
} elsif (defined($image_format)) {
# checks untrusted image
PVE::Storage::file_size_info($tmp_path, 10, $image_format, 1);
}
};

2
src/PVE/Storage.pm
View File

@ -116,7 +116,7 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;