On 11/15/24 12:16, Fiona Ebner wrote:
On 14.11.24 10:32 AM, Dominik Csapak wrote:
in DirPlugin and not Plugin (because of cyclic dependency of
Plugin -> OVF -> Storage -> Plugin otherwise)
only ovf is currently supported (though ova will be shown in import
listing), expects the files to not be in a subdir, and adjacent to the
ovf file.
listed will be all ovf/qcow2/raw/vmdk files.
ovf because it can be imported, and the rest because they can be used
in the 'import-from' part of qemu-server.
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
Reviewed-by: Fiona Ebner <f.eb...@proxmox.com>
diff --git a/src/PVE/GuestImport/OVF.pm b/src/PVE/GuestImport/OVF.pm
index 3950289..29dfaad 100644
--- a/src/PVE/GuestImport/OVF.pm
+++ b/src/PVE/GuestImport/OVF.pm
@@ -221,6 +221,8 @@ ovf:Item[rasd:InstanceID='%s']/rasd:ResourceType",
$controller_id);
}
($backing_file_path) = $backing_file_path =~ m|^(/.*)|; # untaint
+ ($filepath) = $filepath =~ m|^(${PVE::Storage::SAFE_CHAR_CLASS_RE}+)$|; #
untaint & check no sub/parent dirs
Nit: you could have ".." or "." by itself, but I guess those are
unproblematic?
you're right for this patch, that should be checked,
but this check get's changed in a later patch
(ovf: improve and simplify path checking code)
i can fix it here too and rebase, not sure if it's necesary?
+ die "invalid path\n" if !$filepath;
my $virtual_size = PVE::Storage::file_size_info($backing_file_path);
die "error parsing $backing_file_path, cannot determine file size\n"
---snip---
+
+ my ($vtype, $name, undef, undef, undef, undef, $fmt) =
$class->parse_volname($volname);
+ die "invalid content type '$vtype'\n" if $vtype ne 'import';
+ die "invalid format\n" if $fmt ne 'ova' && $fmt ne 'ovf';
The $IMPORT_EXT_RE_1 regex doesn't include 'ova' anymore. Is it still
wanted here?
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
