Affected by GO-2022-0342 and 27 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

apikey

package

v0.0.0-test.2 Latest Latest Go to latest Published: Jul 20, 2023 License: AGPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Constants ¶

View Source

const (
	QuotaTargetSrv quota.TargetSrv = "api_key"
	QuotaTarget    quota.Target    = "api_key"
)

Variables ¶

View Source

var (
	ErrNotFound          = errors.New("API key not found")
	ErrInvalid           = errors.New("invalid API key")
	ErrInvalidExpiration = errors.New("negative value for SecondsToLive")
	ErrDuplicate         = errors.New("API key, organization ID and name must be unique")
)

Functions ¶

This section is empty.

Types ¶

type APIKey ¶

type APIKey struct {
	ID               int64        `db:"id" xorm:"pk autoincr 'id'"`
	OrgID            int64        `db:"org_id" xorm:"org_id"`
	Name             string       `db:"name"`
	Key              string       `db:"key"`
	Role             org.RoleType `db:"role"`
	Created          time.Time    `db:"created"`
	Updated          time.Time    `db:"updated"`
	LastUsedAt       *time.Time   `xorm:"last_used_at" db:"last_used_at"`
	Expires          *int64       `db:"expires"`
	ServiceAccountId *int64       `db:"service_account_id"`
	IsRevoked        *bool        `xorm:"is_revoked" db:"is_revoked"`
}

func (APIKey) TableName ¶

func (k APIKey) TableName() string

type AddCommand ¶

type AddCommand struct {
	Name             string       `json:"name" binding:"Required"`
	Role             org.RoleType `json:"role" binding:"Required"`
	OrgID            int64        `json:"-" xorm:"org_id"`
	Key              string       `json:"-"`
	SecondsToLive    int64        `json:"secondsToLive"`
	ServiceAccountID *int64       `json:"-"`
}

swagger:model

type DeleteCommand ¶

type DeleteCommand struct {
	ID    int64 `json:"id"`
	OrgID int64 `json:"-"`
}

type GetApiKeysQuery ¶

type GetApiKeysQuery struct {
	OrgID          int64
	IncludeExpired bool
	User           *user.SignedInUser
}

type GetByIDQuery ¶

type GetByIDQuery struct {
	ApiKeyID int64
}

type GetByNameQuery ¶

type GetByNameQuery struct {
	KeyName string
	OrgID   int64
}

type Service ¶

type Service interface {
	GetAPIKeys(ctx context.Context, query *GetApiKeysQuery) (res []*APIKey, err error)
	GetAllAPIKeys(ctx context.Context, orgID int64) ([]*APIKey, error)
	DeleteApiKey(ctx context.Context, cmd *DeleteCommand) error
	AddAPIKey(ctx context.Context, cmd *AddCommand) (res *APIKey, err error)
	GetApiKeyById(ctx context.Context, query *GetByIDQuery) (res *APIKey, err error)
	GetApiKeyByName(ctx context.Context, query *GetByNameQuery) (res *APIKey, err error)
	GetAPIKeyByHash(ctx context.Context, hash string) (*APIKey, error)
	UpdateAPIKeyLastUsedDate(ctx context.Context, tokenID int64) error
	// IsDisabled returns true if the API key is not available for use.
	IsDisabled(ctx context.Context, orgID int64) (bool, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
apikeyimpl
apikeytest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL