grafana/pkg/api
Dimitris Sotirakis c798c0e958
Security: Fix directory traversal issue (#42846)
* security: fix dir traversal issue

(cherry picked from commit 00e38ba555)

* Improve comments and error message.

Co-authored-by: Kyle Brandt <kyle@grafana.com>
2021-12-07 19:15:53 +02:00
..
apierrors Migrate to Wire for dependency injection (#32289) 2021-08-25 15:11:22 +02:00
avatar remove the global log error/warn etc functions (#41404) 2021-11-08 17:56:56 +01:00
datasource Chore: Remove unused Go code (#28852) 2020-11-17 11:51:31 +01:00
dtos Plugins: Plugin Store API returns DTO model (#41340) 2021-11-17 12:04:22 +01:00
frontendlogging Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
navlinks show admin nav link it the user only has permissions to view licensing and not other pages under admin node (#41948) 2021-11-19 11:02:13 +00:00
pluginproxy Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
response [Alerting] Forking LoTex ruler (#32138) 2021-03-19 10:32:13 -04:00
routing Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
static Chore: replace macaron with web package (#40136) 2021-10-11 14:30:59 +02:00
acl.go Chore: Propagate context for dashboard guardian (#39201) 2021-09-23 17:43:32 +02:00
admin_provisioning_test.go Chore: Add context to org (#40685) 2021-11-03 11:31:56 +01:00
admin_provisioning.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
admin_test.go Access Control: Add fine-grained access control to GET stats and settings handlers (#35622) 2021-06-14 17:36:48 +02:00
admin_users_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
admin_users.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
admin.go Chore: Add context to star and stats (#39591) 2021-09-28 17:54:45 +02:00
alerting_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
alerting.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
annotations_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
annotations.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
api.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
apikey.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
app_routes.go Plugins: Plugin Store API returns DTO model (#41340) 2021-11-17 12:04:22 +01:00
basic_auth_test.go Macaron: remove custom Request type (#37874) 2021-09-01 11:18:30 +02:00
basic_auth.go Macaron: remove custom Request type (#37874) 2021-09-01 11:18:30 +02:00
common_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
dashboard_permission_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
dashboard_permission.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
dashboard_snapshot_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
dashboard_snapshot.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
dashboard_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
dashboard.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
dataproxy.go Data Source Proxy: Migrate proxy to its own service and make more extensible (#31927) 2021-03-17 13:10:40 -04:00
datasources_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
datasources.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
fakes.go Plugins: Plugin Store API returns DTO model (#41340) 2021-11-17 12:04:22 +01:00
folder_permission_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
folder_permission.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
folder_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
folder.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
frontend_logging_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
frontend_logging.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
frontend_metrics.go Chore: Report frontend metrics for JS/CSS load time (#42421) 2021-12-02 09:34:39 +01:00
frontendsettings_test.go Plugins: Refactor Plugin Management (#40477) 2021-11-01 10:53:33 +01:00
frontendsettings.go Analytics: RudderStack custom URLs to fetch SDK and Config (#41988) 2021-12-06 09:42:29 -05:00
grafana_com_proxy.go Plugins Catalog: Install and show the latest compatible version of a plugin (#41003) 2021-11-12 11:07:12 +01:00
health_test.go Context: Add context to /api/health calls (#40031) 2021-10-11 14:35:03 +02:00
health.go Context: Add context to /api/health calls (#40031) 2021-10-11 14:35:03 +02:00
http_server_test.go Tests: Batch of GoConvey to Testify conversions (#27008) 2020-08-14 14:43:25 +02:00
http_server.go Add interface Tracer, add Opentelemetry (#41963) 2021-12-01 17:05:08 +01:00
index.go Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting (#42200) 2021-11-24 14:56:07 -05:00
ldap_debug_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
ldap_debug.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
login_oauth_test.go OAuth: Support PKCE (#39948) 2021-10-13 16:45:15 +02:00
login_oauth.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
login_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
login.go remove the global log error/warn etc functions (#41404) 2021-11-08 17:56:56 +01:00
metrics.go OAuth: Forward id token to the data source (#42422) 2021-11-29 15:40:05 +01:00
org_invite.go Add context to notifications (#42578) 2021-12-01 17:56:08 +01:00
org_test.go AccessControl: Remove scopes from orgs endpoints (#41709) 2021-11-17 10:12:28 +01:00
org_users_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
org_users.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
org.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
password.go Add context to notifications (#42578) 2021-12-01 17:56:08 +01:00
playlist_play.go Chore: Add context to playlist (#41337) 2021-11-19 14:32:14 +01:00
playlist.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
plugins_test.go Security: Fix directory traversal issue (#42846) 2021-12-07 19:15:53 +02:00
plugins.go Security: Fix directory traversal issue (#42846) 2021-12-07 19:15:53 +02:00
preferences_test.go AccessControl: Remove scopes from orgs endpoints (#41709) 2021-11-17 10:12:28 +01:00
preferences.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
quota_test.go AccessControl: Remove scopes from orgs endpoints (#41709) 2021-11-17 10:12:28 +01:00
quota.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
render.go Rendering: Add light theme for errors (#41616) 2021-11-17 12:18:47 +01:00
roles.go AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1 (#42049) 2021-11-24 10:08:42 +01:00
search.go Chore: Propagate context for search (#41010) 2021-10-28 11:29:07 +02:00
short_url_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
short_url.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
signup.go Replace AddEventListener with AddEventListenerCtx and Publish with PublishCtx (#42284) 2021-11-29 14:23:24 +01:00
stars.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
team_members_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
team_members.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
team_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
team.go Chore: Remove Dispatch and AddHandler (#42603) 2021-12-02 18:08:59 +01:00
user_test.go Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
user_token_test.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
user_token.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
user.go Chore: Refactor api handlers to use web.Bind (#42199) 2021-11-29 10:18:01 +01:00
utils.go Permissions: Validate against Team/User permission role update (#29101) 2020-11-18 15:36:41 +01:00