Affected by GO-2022-0342 and 27 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

guardian

package

v0.0.85-test Latest Latest Go to latest Published: May 8, 2023 License: AGPL-3.0 Imports: 9 Imported by: 200

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

Variables
func InitAcessControlGuardian(store sqlstore.Store, ac accesscontrol.AccessControl, ...)
func InitLegacyGuardian(store sqlstore.Store)
func MockDashboardGuardian(mock *FakeDashboardGuardian)
type AccessControlDashboardGuardian
- func NewAccessControlDashboardGuardian(ctx context.Context, dashboardId int64, user *models.SignedInUser, ...) *AccessControlDashboardGuardian
type DashboardGuardian
type FakeDashboardGuardian
type Provider
- func ProvideService(store *sqlstore.SQLStore, ac accesscontrol.AccessControl, ...) *Provider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrGuardianPermissionExists = errors.New("permission already exists")
	ErrGuardianOverride         = errors.New("you can only override a permission to be higher")
)

View Source

var New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
	panic("no guardian factory implementation provided")
}

New factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

Functions ¶

func InitAcessControlGuardian ¶

func InitAcessControlGuardian(store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices)

func InitLegacyGuardian ¶

func InitLegacyGuardian(store sqlstore.Store)

func MockDashboardGuardian ¶

func MockDashboardGuardian(mock *FakeDashboardGuardian)

nolint:unused

Types ¶

type AccessControlDashboardGuardian ¶

type AccessControlDashboardGuardian struct {
	// contains filtered or unexported fields
}

func NewAccessControlDashboardGuardian ¶

func NewAccessControlDashboardGuardian(
	ctx context.Context, dashboardId int64, user *models.SignedInUser,
	store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices,
) *AccessControlDashboardGuardian

func (*AccessControlDashboardGuardian) CanAdmin ¶

func (a *AccessControlDashboardGuardian) CanAdmin() (bool, error)

func (*AccessControlDashboardGuardian) CanCreate ¶

func (a *AccessControlDashboardGuardian) CanCreate(folderID int64, isFolder bool) (bool, error)

func (*AccessControlDashboardGuardian) CanDelete ¶

func (a *AccessControlDashboardGuardian) CanDelete() (bool, error)

func (*AccessControlDashboardGuardian) CanEdit ¶

func (a *AccessControlDashboardGuardian) CanEdit() (bool, error)

func (*AccessControlDashboardGuardian) CanSave ¶

func (a *AccessControlDashboardGuardian) CanSave() (bool, error)

func (*AccessControlDashboardGuardian) CanView ¶

func (a *AccessControlDashboardGuardian) CanView() (bool, error)

func (*AccessControlDashboardGuardian) CheckPermissionBeforeUpdate ¶

func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error)

func (*AccessControlDashboardGuardian) GetACLWithoutDuplicates ¶

func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error)

func (*AccessControlDashboardGuardian) GetAcl ¶

func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error)

GetAcl translate access control permissions to dashboard acl info

func (*AccessControlDashboardGuardian) GetHiddenACL ¶

func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error)

type DashboardGuardian ¶

type DashboardGuardian interface {
	CanSave() (bool, error)
	CanEdit() (bool, error)
	CanView() (bool, error)
	CanAdmin() (bool, error)
	CanDelete() (bool, error)
	CanCreate(folderID int64, isFolder bool) (bool, error)
	CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error)

	// GetAcl returns ACL.
	GetAcl() ([]*models.DashboardAclInfoDTO, error)

	// GetACLWithoutDuplicates returns ACL and strips any permission
	// that already has an inherited permission with higher or equal
	// permission.
	GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error)
	GetHiddenACL(*setting.Cfg) ([]*models.DashboardAcl, error)
}

DashboardGuardian to be used for guard against operations without access on dashboard and acl

type FakeDashboardGuardian ¶

type FakeDashboardGuardian struct {
	DashId                           int64
	OrgId                            int64
	User                             *models.SignedInUser
	CanSaveValue                     bool
	CanEditValue                     bool
	CanViewValue                     bool
	CanAdminValue                    bool
	HasPermissionValue               bool
	CheckPermissionBeforeUpdateValue bool
	CheckPermissionBeforeUpdateError error
	GetAclValue                      []*models.DashboardAclInfoDTO
	GetHiddenAclValue                []*models.DashboardAcl
}

nolint:unused

func (*FakeDashboardGuardian) CanAdmin ¶

func (g *FakeDashboardGuardian) CanAdmin() (bool, error)

func (*FakeDashboardGuardian) CanCreate ¶

func (g *FakeDashboardGuardian) CanCreate(_ int64, _ bool) (bool, error)

func (*FakeDashboardGuardian) CanDelete ¶

func (g *FakeDashboardGuardian) CanDelete() (bool, error)

func (*FakeDashboardGuardian) CanEdit ¶

func (g *FakeDashboardGuardian) CanEdit() (bool, error)

func (*FakeDashboardGuardian) CanSave ¶

func (g *FakeDashboardGuardian) CanSave() (bool, error)

func (*FakeDashboardGuardian) CanView ¶

func (g *FakeDashboardGuardian) CanView() (bool, error)

func (*FakeDashboardGuardian) CheckPermissionBeforeUpdate ¶

func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error)

func (*FakeDashboardGuardian) GetACLWithoutDuplicates ¶

func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error)

func (*FakeDashboardGuardian) GetAcl ¶

func (g *FakeDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error)

func (*FakeDashboardGuardian) GetHiddenACL ¶

func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error)

func (*FakeDashboardGuardian) HasPermission ¶

func (g *FakeDashboardGuardian) HasPermission(permission models.PermissionType) (bool, error)

type Provider ¶

type Provider struct{}

func ProvideService ¶

func ProvideService(store *sqlstore.SQLStore, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, features featuremgmt.FeatureToggles) *Provider

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL