> However, we should be either be failing because raw (from format_inspector) doesn't match vmdk (from qemu-img) or the above vmdk safety check, whichever comes first.
The vmdk safet_check does not run as the format_inspector does not recognize the file as vmdk, but as raw.
Then we call qemu-img info, but that means we trigger the vulnerability as we pass an unsafe image to qemu.
> However, we should be either be failing because raw (from format_inspector) doesn't match vmdk (from qemu-img) or the above vmdk safety check, whichever comes first.
The vmdk safet_check does not run as the format_inspector does not recognize the file as vmdk, but as raw.
Then we call qemu-img info, but that means we trigger the vulnerability as we pass an unsafe image to qemu.