Commit 7faaff11 by Carpoon

add missing checks

add missing check
remove debug logging and some not needed code
parent 8738a70e
...@@ -295,7 +295,7 @@ class TemplateImport(LoginRequiredMixin, TemplateView): ...@@ -295,7 +295,7 @@ class TemplateImport(LoginRequiredMixin, TemplateView):
tar.extractall(path=tmp_path, filter='data') tar.extractall(path=tmp_path, filter='data')
else: else:
for tarinfo in tar: for tarinfo in tar:
if tarinfo.name.startswith("..") or tarinfo.name.startswith("/") or tarinfo.name.find(): if tarinfo.name.startswith("..") or tarinfo.name.startswith("/") or tarinfo.name.find("/..") != -1:
raise Exception("import template: invalid path in tar file") raise Exception("import template: invalid path in tar file")
if tarinfo.isreg(): if tarinfo.isreg():
tar.extract(tarinfo, path=tmp_path, set_attrs=False) tar.extract(tarinfo, path=tmp_path, set_attrs=False)
...@@ -326,6 +326,10 @@ class TemplateImport(LoginRequiredMixin, TemplateView): ...@@ -326,6 +326,10 @@ class TemplateImport(LoginRequiredMixin, TemplateView):
return hash_sha1.hexdigest() return hash_sha1.hexdigest()
for line in mf_file: for line in mf_file:
if line.startswith("..") or line.startswith("/") or line.find("/..") != -1:
logger.error("import template: mf: invalid path in mf file!")
messages.error("import template: mf: invalid path in mf file!")
raise Exception("import template: mf: invalid path in mf file!")
if line.startswith("SHA1"): if line.startswith("SHA1"):
line_split = line.split("=") line_split = line.split("=")
filename = line_split[0][4:].strip()[1:-1] filename = line_split[0][4:].strip()[1:-1]
...@@ -363,20 +367,16 @@ class TemplateImport(LoginRequiredMixin, TemplateView): ...@@ -363,20 +367,16 @@ class TemplateImport(LoginRequiredMixin, TemplateView):
xml_references = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}References") xml_references = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}References")
if len(xml_references) == 1: if len(xml_references) == 1:
logger.error(xml_references)
for xml_reference in xml_references[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}File"): for xml_reference in xml_references[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}File"):
files[xml_reference.get("{http://schemas.dmtf.org/ovf/envelope/2}id")] = xml_reference.get("{http://schemas.dmtf.org/ovf/envelope/2}href") files[xml_reference.get("{http://schemas.dmtf.org/ovf/envelope/2}id")] = xml_reference.get("{http://schemas.dmtf.org/ovf/envelope/2}href")
logger.error(files)
xml_disk_section = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}DiskSection") xml_disk_section = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}DiskSection")
if len(xml_disk_section) == 1: if len(xml_disk_section) == 1:
for disk in xml_disk_section[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}Disk"): for disk in xml_disk_section[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}Disk"):
disks[disk.get("{http://schemas.dmtf.org/ovf/envelope/2}diskId")] = {"name": files[disk.get("{http://schemas.dmtf.org/ovf/envelope/2}fileRef")], "type": disk.get("{http://schemas.dmtf.org/ovf/envelope/2}format") } disks[disk.get("{http://schemas.dmtf.org/ovf/envelope/2}diskId")] = {"name": files[disk.get("{http://schemas.dmtf.org/ovf/envelope/2}fileRef")], "type": disk.get("{http://schemas.dmtf.org/ovf/envelope/2}format") }
logger.error(disks)
xml_VirtualSystem = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}VirtualSystem")[0] xml_VirtualSystem = xml_root.findall("{http://schemas.dmtf.org/ovf/envelope/2}VirtualSystem")[0]
ovf_os = xml_VirtualSystem.findall("{http://schemas.dmtf.org/ovf/envelope/2}OperatingSystemSection")[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}Description")[0].text ovf_os = xml_VirtualSystem.findall("{http://schemas.dmtf.org/ovf/envelope/2}OperatingSystemSection")[0].findall("{http://schemas.dmtf.org/ovf/envelope/2}Description")[0].text
logger.error(ovf_os)
arch_id = xml_VirtualSystem.findall("{http://schemas.dmtf.org/ovf/envelope/2}OperatingSystemSection")[0].get("{http://schemas.dmtf.org/ovf/envelope/2}id") arch_id = xml_VirtualSystem.findall("{http://schemas.dmtf.org/ovf/envelope/2}OperatingSystemSection")[0].get("{http://schemas.dmtf.org/ovf/envelope/2}id")
if arch_id == "102": if arch_id == "102":
arch = "x86_64" arch = "x86_64"
...@@ -435,11 +435,6 @@ class TemplateImport(LoginRequiredMixin, TemplateView): ...@@ -435,11 +435,6 @@ class TemplateImport(LoginRequiredMixin, TemplateView):
datastore = DataStore.objects.filter(name='default').get() datastore = DataStore.objects.filter(name='default').get()
circle_disk = Disk.create(datastore=datastore, type="qcow2-norm", name=disk_name) circle_disk = Disk.create(datastore=datastore, type="qcow2-norm", name=disk_name)
imported_path = os.path.join(tmp_path, disks[disk_no]["name"]) imported_path = os.path.join(tmp_path, disks[disk_no]["name"])
#with magic.Magic() as m:
# ftype = m.id_filename(imported_path)
#if 'qcow' in ftype.lower():
# move(imported_path, circle_disk.filename)
#else:
logger.debug("Calling qemu-img with command line: %s" % str(cmdline)) logger.debug("Calling qemu-img with command line: %s" % str(cmdline))
cmdline = ['ionice', '-c', 'idle', cmdline = ['ionice', '-c', 'idle',
'qemu-img', 'convert', 'qemu-img', 'convert',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment