Affected by GO-2022-0342 and 28 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

GO-2025-3438: Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana

cuectx

package

v0.0.1-test Latest Latest Go to latest Published: Oct 6, 2022 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

func JSONtoCUE(path string, b []byte) (cue.Value, error)
func LoadGrafanaInstancesWithThema(path string, cueFS fs.FS, lib thema.Library, opts ...thema.BindOption) (thema.Lineage, error)
func ProvideCUEContext() *cue.Context
func ProvideThemaLibrary() thema.Library

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func JSONtoCUE ¶

func JSONtoCUE(path string, b []byte) (cue.Value, error)

JSONtoCUE attempts to decode the given []byte into a cue.Value, relying on the central Grafana cue.Context provided in this package.

The provided path argument determines the name given to the input bytes if later CUE operations (e.g. Thema validation) produce errors related to the returned cue.Value.

This is a convenience function for one-off JSON decoding. It's wasteful to call it repeatedly. Most use cases use cases should probably prefer making their own Thema/CUE decoders.

func LoadGrafanaInstancesWithThema ¶

func LoadGrafanaInstancesWithThema(path string, cueFS fs.FS, lib thema.Library, opts ...thema.BindOption) (thema.Lineage, error)

LoadGrafanaInstancesWithThema loads CUE files containing a lineage representing some Grafana core model schema. It is expected to be used when implementing a thema.LineageFactory.

This function primarily juggles paths to make CUE's loader happy. Provide the path from the grafana root to the directory containing the lineage.cue. The lineage.cue file must be the sole contents of the provided fs.FS.

More details on underlying behavior can be found in the docs for github.com/grafana/thema/load.InstancesWithThema.

TODO this approach is complicated and confusing, refactor to something understandable

func ProvideCUEContext ¶

func ProvideCUEContext() *cue.Context

ProvideCUEContext is a wire service provider of a central cue.Context.

func ProvideThemaLibrary ¶

func ProvideThemaLibrary() thema.Library

ProvideThemaLibrary is a wire service provider of a central thema.Library.

Types ¶

This section is empty.

Source Files ¶

View all Source files

ctx.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL