commit f07fa55fd86726eeafcd4c0c687bc49dd4df9f4c
Author: Dan Smith <email address hidden>
Date: Wed Apr 17 07:06:13 2024 -0700
Check images with format_inspector for safety
It has been asserted that we should not be calling qemu-img info
on untrusted files. That means we need to know if they have a
backing_file, data_file or other unsafe configuration *before* we use
qemu-img to probe or convert them.
This grafts glance's format_inspector module into nova/images so we
can use it to check the file early for safety. The expectation is that
this will be moved to oslo.utils (or something) later and thus we will
just delete the file from nova and change our import when that happens.
NOTE: This includes whitespace changes from the glance version of
format_inspector.py because of autopep8 demands.
Change-Id: Iaefbe41b4c4bf0cf95d8f621653fdf65062aaa59
Closes-Bug: #2059809
(cherry picked from commit 9cdce715945619fc851ab3f43c97fab4bae4e35a)
Reviewed: https:/ /review. opendev. org/c/openstack /nova/+ /923274 /opendev. org/openstack/ nova/commit/ f07fa55fd86726e eafcd4c0c687bc4 9dd4df9f4c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/2024.1
commit f07fa55fd86726e eafcd4c0c687bc4 9dd4df9f4c
Author: Dan Smith <email address hidden>
Date: Wed Apr 17 07:06:13 2024 -0700
Check images with format_inspector for safety
It has been asserted that we should not be calling qemu-img info
on untrusted files. That means we need to know if they have a
backing_file, data_file or other unsafe configuration *before* we use
qemu-img to probe or convert them.
This grafts glance's format_inspector module into nova/images so we
can use it to check the file early for safety. The expectation is that
this will be moved to oslo.utils (or something) later and thus we will
just delete the file from nova and change our import when that happens.
NOTE: This includes whitespace changes from the glance version of inspector. py because of autopep8 demands.
format_
Change-Id: Iaefbe41b4c4bf0 cf95d8f621653fd f65062aaa59 c851ab3f43c97fa b4bae4e35a)
Closes-Bug: #2059809
(cherry picked from commit 9cdce715945619f