Affected by GO-2024-2483 and 22 other vulnerabilities

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

actest

package

v0.0.0-cloud Latest Latest Go to latest Published: Mar 30, 2023 License: AGPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

Constants
func ConcurrentBatch(workers, count, size int, eachFn func(start, end int) error) error
type FakeAccessControl
type FakePermissionsService
type FakeService
type FakeStore

Constants ¶

View Source

const BatchSize = 1000

View Source

const Concurrency = 10

Variables ¶

This section is empty.

Functions ¶

func ConcurrentBatch ¶

func ConcurrentBatch(workers, count, size int, eachFn func(start, end int) error) error

ConcurrentBatch spawns the requested amount of workers then ask them to run eachFn on chunks of the requested size

Types ¶

type FakeAccessControl ¶

type FakeAccessControl struct {
	ExpectedErr      error
	ExpectedDisabled bool
	ExpectedEvaluate bool
}

func (FakeAccessControl) Evaluate ¶

func (f FakeAccessControl) Evaluate(ctx context.Context, user *user.SignedInUser, evaluator accesscontrol.Evaluator) (bool, error)

func (FakeAccessControl) IsDisabled ¶

func (f FakeAccessControl) IsDisabled() bool

func (FakeAccessControl) RegisterScopeAttributeResolver ¶

func (f FakeAccessControl) RegisterScopeAttributeResolver(prefix string, resolver accesscontrol.ScopeAttributeResolver)

type FakePermissionsService ¶

type FakePermissionsService struct {
	ExpectedErr          error
	ExpectedPermission   *accesscontrol.ResourcePermission
	ExpectedPermissions  []accesscontrol.ResourcePermission
	ExpectedMappedAction string
}

func (*FakePermissionsService) GetPermissions ¶

func (f *FakePermissionsService) GetPermissions(ctx context.Context, user *user.SignedInUser, resourceID string) ([]accesscontrol.ResourcePermission, error)

func (*FakePermissionsService) MapActions ¶

func (f *FakePermissionsService) MapActions(permission accesscontrol.ResourcePermission) string

func (*FakePermissionsService) SetBuiltInRolePermission ¶

func (f *FakePermissionsService) SetBuiltInRolePermission(ctx context.Context, orgID int64, builtInRole string, resourceID string, permission string) (*accesscontrol.ResourcePermission, error)

func (*FakePermissionsService) SetPermissions ¶

func (f *FakePermissionsService) SetPermissions(ctx context.Context, orgID int64, resourceID string, commands ...accesscontrol.SetResourcePermissionCommand) ([]accesscontrol.ResourcePermission, error)

func (*FakePermissionsService) SetTeamPermission ¶

func (f *FakePermissionsService) SetTeamPermission(ctx context.Context, orgID, teamID int64, resourceID, permission string) (*accesscontrol.ResourcePermission, error)

func (*FakePermissionsService) SetUserPermission ¶

func (f *FakePermissionsService) SetUserPermission(ctx context.Context, orgID int64, user accesscontrol.User, resourceID, permission string) (*accesscontrol.ResourcePermission, error)

type FakeService ¶

type FakeService struct {
	ExpectedErr                     error
	ExpectedDisabled                bool
	ExpectedCachedPermissions       bool
	ExpectedPermissions             []accesscontrol.Permission
	ExpectedFilteredUserPermissions []accesscontrol.Permission
	ExpectedUsersPermissions        map[int64][]accesscontrol.Permission
}

func (FakeService) ClearUserPermissionCache ¶

func (f FakeService) ClearUserPermissionCache(user *user.SignedInUser)

func (FakeService) DeclareFixedRoles ¶

func (f FakeService) DeclareFixedRoles(registrations ...accesscontrol.RoleRegistration) error

func (FakeService) DeleteUserPermissions ¶

func (f FakeService) DeleteUserPermissions(ctx context.Context, orgID, userID int64) error

func (FakeService) GetUsageStats ¶

func (f FakeService) GetUsageStats(ctx context.Context) map[string]interface{}

func (FakeService) GetUserPermissions ¶

func (f FakeService) GetUserPermissions(ctx context.Context, user *user.SignedInUser, options accesscontrol.Options) ([]accesscontrol.Permission, error)

func (FakeService) IsDisabled ¶

func (f FakeService) IsDisabled() bool

func (FakeService) RegisterFixedRoles ¶

func (f FakeService) RegisterFixedRoles(ctx context.Context) error

func (FakeService) SearchUserPermissions ¶

func (f FakeService) SearchUserPermissions(ctx context.Context, orgID int64, searchOptions accesscontrol.SearchOptions) ([]accesscontrol.Permission, error)

func (FakeService) SearchUsersPermissions ¶

func (f FakeService) SearchUsersPermissions(ctx context.Context, user *user.SignedInUser, orgID int64, options accesscontrol.SearchOptions) (map[int64][]accesscontrol.Permission, error)

type FakeStore ¶

type FakeStore struct {
	ExpectedUserPermissions  []accesscontrol.Permission
	ExpectedUsersPermissions map[int64][]accesscontrol.Permission
	ExpectedUsersRoles       map[int64][]string
	ExpectedErr              error
}

func (FakeStore) DeleteUserPermissions ¶

func (f FakeStore) DeleteUserPermissions(ctx context.Context, orgID, userID int64) error

func (FakeStore) GetUserPermissions ¶

func (f FakeStore) GetUserPermissions(ctx context.Context, query accesscontrol.GetUserPermissionsQuery) ([]accesscontrol.Permission, error)

func (FakeStore) GetUsersBasicRoles ¶

func (f FakeStore) GetUsersBasicRoles(ctx context.Context, userFilter []int64, orgID int64) (map[int64][]string, error)

func (FakeStore) SearchUsersPermissions ¶

func (f FakeStore) SearchUsersPermissions(ctx context.Context, orgID int64, options accesscontrol.SearchOptions) (map[int64][]accesscontrol.Permission, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL