Affected by GO-2022-0342 and 33 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

GO-2025-3438: Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana

GO-2025-3704: Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin in github.com/grafana/grafana

GO-2025-3740: Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana

GO-2025-3742: Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana

GO-2025-3814: Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana

GO-2025-3817: Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana

api

package

v0.0.0-testrgm6 Latest Latest Go to latest Published: Jul 24, 2023 License: AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type CreateServiceAccountParams
type CreateServiceAccountResponse
type CreateTokenParams
type CreateTokenResponse
type DeleteServiceAccountParams
type DeleteTokenParams
type ListTokensParams
type ListTokensResponse
type RetrieveServiceAccountParams
type RetrieveServiceAccountResponse
type SearchOrgServiceAccountsWithPagingParams
type SearchOrgServiceAccountsWithPagingResponse
type ServiceAccountsAPI
- func NewServiceAccountsAPI(cfg *setting.Cfg, service service, accesscontrol accesscontrol.AccessControl, ...) *ServiceAccountsAPI
type TokenDTO
type UpdateServiceAccountParams
type UpdateServiceAccountResponse

Constants ¶

View Source

const (
	ServiceID = "sa"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CreateServiceAccountParams ¶

type CreateServiceAccountParams struct {
	//in:body
	Body serviceaccounts.CreateServiceAccountForm
}

swagger:parameters createServiceAccount

type CreateServiceAccountResponse ¶

type CreateServiceAccountResponse struct {
	// in:body
	Body *serviceaccounts.ServiceAccountDTO
}

swagger:response createServiceAccountResponse

type CreateTokenParams ¶

type CreateTokenParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
	// in:body
	Body serviceaccounts.AddServiceAccountTokenCommand
}

swagger:parameters createToken

type CreateTokenResponse ¶

type CreateTokenResponse struct {
	// in:body
	Body *dtos.NewApiKeyResult
}

swagger:response createTokenResponse

type DeleteServiceAccountParams ¶

type DeleteServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters deleteServiceAccount

type DeleteTokenParams ¶

type DeleteTokenParams struct {
	// in:path
	TokenId int64 `json:"tokenId"`
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters deleteToken

type ListTokensParams ¶

type ListTokensParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters listTokens

type ListTokensResponse ¶

type ListTokensResponse struct {
	// in:body
	Body *TokenDTO
}

swagger:response listTokensResponse

type RetrieveServiceAccountParams ¶

type RetrieveServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
}

swagger:parameters retrieveServiceAccount

type RetrieveServiceAccountResponse ¶

type RetrieveServiceAccountResponse struct {
	// in:body
	Body *serviceaccounts.ServiceAccountDTO
}

swagger:response retrieveServiceAccountResponse

type SearchOrgServiceAccountsWithPagingParams ¶

type SearchOrgServiceAccountsWithPagingParams struct {
	// in:query
	// required:false
	Disabled bool `jsson:"disabled"`
	// in:query
	// required:false
	ExpiredTokens bool `json:"expiredTokens"`
	// It will return results where the query value is contained in one of the name.
	// Query values with spaces need to be URL encoded.
	// in:query
	// required:false
	Query string `json:"query"`
	// The default value is 1000.
	// in:query
	// required:false
	PerPage int `json:"perpage"`
	// The default value is 1.
	// in:query
	// required:false
	Page int `json:"page"`
}

swagger:parameters searchOrgServiceAccountsWithPaging

type SearchOrgServiceAccountsWithPagingResponse ¶

type SearchOrgServiceAccountsWithPagingResponse struct {
	// in:body
	Body *serviceaccounts.SearchOrgServiceAccountsResult
}

swagger:response searchOrgServiceAccountsWithPagingResponse

type ServiceAccountsAPI ¶

type ServiceAccountsAPI struct {
	RouterRegister routing.RouteRegister
	// contains filtered or unexported fields
}

func NewServiceAccountsAPI ¶

func NewServiceAccountsAPI(
	cfg *setting.Cfg,
	service service,
	accesscontrol accesscontrol.AccessControl,
	accesscontrolService accesscontrol.Service,
	routerRegister routing.RouteRegister,
	permissionService accesscontrol.ServiceAccountPermissionsService,
) *ServiceAccountsAPI

func (*ServiceAccountsAPI) ConvertToServiceAccount ¶

func (api *ServiceAccountsAPI) ConvertToServiceAccount(ctx *contextmodel.ReqContext) response.Response

POST /api/serviceaccounts/migrate/:keyId

func (*ServiceAccountsAPI) CreateServiceAccount ¶

func (api *ServiceAccountsAPI) CreateServiceAccount(c *contextmodel.ReqContext) response.Response

swagger:route POST /serviceaccounts service_accounts createServiceAccount

Create service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:*`

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 201: createServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) CreateToken ¶

func (api *ServiceAccountsAPI) CreateToken(c *contextmodel.ReqContext) response.Response

swagger:route POST /serviceaccounts/{serviceAccountId}/tokens service_accounts createToken

CreateNewToken adds a token to a service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: createTokenResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 409: conflictError 500: internalServerError

func (*ServiceAccountsAPI) DeleteServiceAccount ¶

func (api *ServiceAccountsAPI) DeleteServiceAccount(ctx *contextmodel.ReqContext) response.Response

swagger:route DELETE /serviceaccounts/{serviceAccountId} service_accounts deleteServiceAccount

Delete service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:delete` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: okResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) DeleteToken ¶

func (api *ServiceAccountsAPI) DeleteToken(c *contextmodel.ReqContext) response.Response

swagger:route DELETE /serviceaccounts/{serviceAccountId}/tokens/{tokenId} service_accounts deleteToken

DeleteToken deletes service account tokens ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 200: okResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

func (*ServiceAccountsAPI) ListTokens ¶

func (api *ServiceAccountsAPI) ListTokens(ctx *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/{serviceAccountId}/tokens service_accounts listTokens

Get service account tokens ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `global:serviceaccounts:id:1` (single service account)

Requires basic authentication and that the authenticated user is a Grafana Admin.

Responses: 200: listTokensResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) MigrateApiKeysToServiceAccounts ¶

func (api *ServiceAccountsAPI) MigrateApiKeysToServiceAccounts(ctx *contextmodel.ReqContext) response.Response

POST /api/serviceaccounts/migrate

func (*ServiceAccountsAPI) RegisterAPIEndpoints ¶

func (api *ServiceAccountsAPI) RegisterAPIEndpoints()

func (*ServiceAccountsAPI) RetrieveServiceAccount ¶

func (api *ServiceAccountsAPI) RetrieveServiceAccount(ctx *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/{serviceAccountId} service_accounts retrieveServiceAccount

Get single serviceaccount by Id ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: retrieveServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

func (*ServiceAccountsAPI) SearchOrgServiceAccountsWithPaging ¶

func (api *ServiceAccountsAPI) SearchOrgServiceAccountsWithPaging(c *contextmodel.ReqContext) response.Response

swagger:route GET /serviceaccounts/search service_accounts searchOrgServiceAccountsWithPaging

Search service accounts with paging ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:read` scope: `serviceaccounts:*`

Responses: 200: searchOrgServiceAccountsWithPagingResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*ServiceAccountsAPI) UpdateServiceAccount ¶

func (api *ServiceAccountsAPI) UpdateServiceAccount(c *contextmodel.ReqContext) response.Response

swagger:route PATCH /serviceaccounts/{serviceAccountId} service_accounts updateServiceAccount

Update service account ¶

Required permissions (See note in the [introduction](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api) for an explanation): action: `serviceaccounts:write` scope: `serviceaccounts:id:1` (single service account)

Responses: 200: updateServiceAccountResponse 400: badRequestError 401: unauthorisedError 403: forbiddenError 404: notFoundError 500: internalServerError

type TokenDTO ¶

type TokenDTO struct {
	// example: 1
	Id int64 `json:"id"`
	// example: grafana
	Name string `json:"name"`
	// example: 2022-03-23T10:31:02Z
	Created *time.Time `json:"created"`
	// example: 2022-03-23T10:31:02Z
	LastUsedAt *time.Time `json:"lastUsedAt"`
	// example: 2022-03-23T10:31:02Z
	Expiration *time.Time `json:"expiration"`
	// example: 0
	SecondsUntilExpiration *float64 `json:"secondsUntilExpiration"`
	// example: false
	HasExpired bool `json:"hasExpired"`
	// example: false
	IsRevoked *bool `json:"isRevoked"`
}

swagger:model

type UpdateServiceAccountParams ¶

type UpdateServiceAccountParams struct {
	// in:path
	ServiceAccountId int64 `json:"serviceAccountId"`
	// in:body
	Body serviceaccounts.UpdateServiceAccountForm
}

swagger:parameters updateServiceAccount

type UpdateServiceAccountResponse ¶

type UpdateServiceAccountResponse struct {
	// in:body
	Body struct {
		Message        string                                    `json:"message"`
		ID             int64                                     `json:"id"`
		Name           string                                    `json:"name"`
		ServiceAccount *serviceaccounts.ServiceAccountProfileDTO `json:"serviceaccount"`
	}
}

swagger:response updateServiceAccountResponse

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL