Affected by GO-2022-0342 and 27 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

httpclient

package

v0.0.0-test.2 Latest Latest Go to latest Published: Jul 20, 2023 License: AGPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

Variables
func CountBytesReader(reader io.ReadCloser, callback CloseCallbackFunc) io.ReadCloser
func MaxBytesReader(r io.ReadCloser, n int64) io.ReadCloser
func NewProvider(opts ...httpclient.ProviderOptions) *httpclient.Provider
type CloseCallbackFunc
type Provider

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrResponseBodyTooLarge = errors.New("http: response body too large")

ErrResponseBodyTooLarge indicates response body is too large

Functions ¶

func CountBytesReader ¶

func CountBytesReader(reader io.ReadCloser, callback CloseCallbackFunc) io.ReadCloser

CountBytesReader counts the total amount of bytes read from the underlying reader.

The provided callback func will be called before the underlying reader is closed.

func MaxBytesReader ¶

func MaxBytesReader(r io.ReadCloser, n int64) io.ReadCloser

MaxBytesReader is similar to io.LimitReader but is intended for limiting the size of incoming request bodies. In contrast to io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a non-EOF error for a Read beyond the limit, and closes the underlying reader when its Close method is called.

MaxBytesReader prevents clients from accidentally or maliciously sending a large request and wasting server resources.

func NewProvider ¶

func NewProvider(opts ...httpclient.ProviderOptions) *httpclient.Provider

NewProvider creates a new HTTP client provider. Optionally provide ProviderOptions options that will be used as default if not specified in Options argument to Provider.New, Provider.GetTransport and Provider.GetTLSConfig. If no middlewares are provided in opts the DefaultMiddlewares() will be used. If you provide middlewares you have to manually add the DefaultMiddlewares() for it to be enabled. Note: Middlewares will be executed in the same order as provided.

Types ¶

type CloseCallbackFunc ¶

type CloseCallbackFunc func(bytesRead int64)

type Provider ¶

type Provider interface {
	// New creates a new http.Client given provided options.
	New(opts ...httpclient.Options) (*http.Client, error)

	// GetTransport creates a new http.RoundTripper given provided options.
	GetTransport(opts ...httpclient.Options) (http.RoundTripper, error)

	// GetTLSConfig creates a new tls.Config given provided options.
	GetTLSConfig(opts ...httpclient.Options) (*tls.Config, error)
}

Provider provides abilities to create http.Client, http.RoundTripper and tls.Config.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
httpclientprovider

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL