Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #107

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #107

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/grafana-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-BIZCHARTS-608848		 Yes No Known Exploit
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 No Proof of Concept
Commit messages
Package name: bizcharts The new version differs by 168 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@guardrails
Copy link

guardrails bot commented Nov 19, 2020

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 315 | Considered vulnerability: 113

Hard-Coded Secrets (111)

grafana/docs/sources/developers/plugins/build-a-logs-data-source-plugin.md

Line 119 in 08351e3

frame.add({ time: 1589189388597, content: 'user registered', level: 'info', id: 'd3b07384d113edec49eaa6238ad5ff00' });

grafana/docs/sources/developers/plugins/build-a-logs-data-source-plugin.md

Line 120 in 08351e3

frame.add({ time: 1589189406480, content: 'unknown error', level: 'error', id: 'c157a79031e1c40f85931829bc5fc552' });

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 80 in 08351e3

"keyId": "7e4d0c6a708866e7",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 82 in 08351e3

"LICENSE": "12ab7a0961275f5ce7a428e662279cf49bab887d12b2ff7bfde738346178c28c",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 83 in 08351e3

"module.js.LICENSE.txt": "0d8f66cd4afb566cb5b7e1540c68f43b939d3eba12ace290f18abc4f4cb53ed0",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 84 in 08351e3

"module.js.map": "8a4ede5b5847dec1c6c30008d07bef8a049408d2b1e862841e30357f82e0fa19",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 85 in 08351e3

"plugin.json": "13be5f2fd55bee787c5413b5ba6a1fae2dfe8d2df6c867dadc4657b98f821f90",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 86 in 08351e3

"README.md": "2d90145b28f22348d4f50a81695e888c68ebd4f8baec731fdf2d79c8b187a27f",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 87 in 08351e3

"module.js": "b4b6945bbf3332b08e5e1cb214a5b85c82557b292577eb58c8eb1703bc8e4577"

grafana/docs/sources/http_api/auth.md

Line 127 in 08351e3

{"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1=","id":1}

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 45 in 08351e3

This should return a response: `{"name":"apikeycurl","key":"eyJrIjoiR0ZXZmt1UFc0OEpIOGN5RWdUalBJTllUTk83VlhtVGwiLCJuIjoiYXBpa2V5Y3VybCIsImlkIjo2fQ=="}`.

grafana/docs/sources/http_api/data_source.md

Line 302 in 08351e3

"secretKey": "dGVzdCBrZXkgYmxlYXNlIGRvbid0IHN0ZWFs"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 22 in 08351e3

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "010a88df924a81ec21b293b5da8f9b11c176d27c0ee3962dc1738d2352d3c02d"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 30 in 08351e3

"e7ab86d833bf9faed39801ab3b5cd294f026d26f9a7da63a42390943ead486cc"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 43 in 08351e3

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 26 in 08351e3

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "70ac0dbf60a8ee9236f337ed0daa7a4c3b98f6186d4497826f68e97c0c0413f6"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 34 in 08351e3

"9a5d47b51442d68b718af4c7350f4406cdc087e2236a5b9ae52f37aebede6cb3"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 44 in 08351e3

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 6 in 08351e3

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "010a88df924a81ec21b293b5da8f9b11c176d27c0ee3962dc1738d2352d3c02d"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 14 in 08351e3

"e7ab86d833bf9faed39801ab3b5cd294f026d26f9a7da63a42390943ead486cc"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 27 in 08351e3

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/KeyValuesTable.test.js

Line 54 in 08351e3

{ key: 'numericString', value: '12345678901234567890' },

grafana/packages/jaeger-ui-components/src/selectors/trace.fixture.js

Line 51 in 08351e3

spanID: 'ea7cfaca83f0724b',

grafana/packages/jaeger-ui-components/src/selectors/trace.fixture.js

Line 58 in 08351e3

traceID: '2992f2a5b5d037a8aabffd08ef384237',

grafana/pkg/middleware/middleware_basic_auth_test.go

Line 38 in 08351e3

authHeader := util.GetBasicAuthHeader("api_key", "eyJrIjoidjVuQXdwTWFmRlA2em5hUzR1cmhkV0RMUzU1MTFNNDIiLCJuIjoiYXNkIiwiaWQiOjF9")

grafana/pkg/plugins/manifest_test.go

Line 19 in 08351e3

"LICENSE": "7df059597099bb7dcf25d2a9aedfaf4465f72d8d",

grafana/pkg/plugins/manifest_test.go

Line 20 in 08351e3

"README.md": "08ec6d704b6115bef57710f6d7e866c050cb50ee",

grafana/pkg/plugins/manifest_test.go

Line 21 in 08351e3

"gfx_sheets_darwin_amd64": "1b8ae92c6e80e502bb0bf2d0ae9d7223805993ab",

grafana/pkg/plugins/manifest_test.go

Line 22 in 08351e3

"gfx_sheets_linux_amd64": "f39e0cc7344d3186b1052e6d356eecaf54d75b49",

grafana/pkg/plugins/manifest_test.go

Line 23 in 08351e3

"gfx_sheets_windows_amd64.exe": "c8825dfec512c1c235244f7998ee95182f9968de",

grafana/pkg/plugins/manifest_test.go

Line 24 in 08351e3

"module.js": "aaec6f51a995b7b843b843cd14041925274d960d",

grafana/pkg/plugins/manifest_test.go

Line 25 in 08351e3

"module.js.LICENSE.txt": "7f822fe9341af8f82ad1b0c69aba957822a377cf",

grafana/pkg/plugins/manifest_test.go

Line 26 in 08351e3

"module.js.map": "c5a524f5c4237f6ed6a016d43cd46938efeadb45",

grafana/pkg/plugins/manifest_test.go

Line 27 in 08351e3

"plugin.json": "55556b845e91935cc48fae3aa67baf0f22694c3f"

grafana/pkg/plugins/manifest_test.go

Line 30 in 08351e3

"keyId": "7e4d0c6a708866e7"

grafana/pkg/services/dashboards/dashboard_service_test.go

Line 78 in 08351e3

{Uid: "asdfghjklqwertyuiopzxcvbnmasdfghjklqwertyuiopzxcvbnmasdfghjklqwertyuiopzxcvbnm", Error: models.ErrDashboardUidTooLong},

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 250 in 08351e3

So(ds.SecureJSONData["tlsCACert"], ShouldEqual, "MjNOcW9RdkbUDHZmpco2HCYzVq9dE+i6Yi+gmUJotq5CDA==")

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 251 in 08351e3

So(ds.SecureJSONData["tlsClientCert"], ShouldEqual, "ckN0dGlyMXN503YNfjTcf9CV+GGQneN+xmAclQ==")

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 252 in 08351e3

So(ds.SecureJSONData["tlsClientKey"], ShouldEqual, "ZkN4aG1aNkja/gKAB1wlnKFIsy2SRDq4slrM0A==")

grafana/pkg/util/encoding_test.go

Line 31 in 08351e3

"e59c568621e57756495a468f47c74e07c911b037084dd464bb2ed72410970dc849cabd71b48c394faf08a5405dae53741ce9",

grafana/pkg/util/md5_test.go

Line 13 in 08351e3

want := "dd1f7fdb3466c0d09c2e839d1f1530f8"

grafana/public/app/core/utils/richHistory.ts

Line 374 in 08351e3

const letters = 'ABCDEFGHIJKLMNOPQRSTUVXYZ';

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 197 in 08351e3

spanID: '35118c298fc91f68',

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 200 in 08351e3

references: [{ refType: 'CHILD_OF', traceID: '1ed38015486087ca', spanID: '3fb050342773d333' }],

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 217 in 08351e3

{ key: 'client-uuid', type: 'string', value: '2a59d08899ef6a8a' },

grafana/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts

Line 82 in 08351e3

'QVJST1cxAAD/////GAEAABAAAAAAAAoADgAMAAsABAAKAAAAFAAAAAAAAAEDAAoADAAAAAgABAAKAAAACAAAAFgAAAACAAAAKAAAAAQAAAB8////CAAAAAwAAAAAAAAAAAAAAAUAAAByZWZJZAAAAJz///8IAAAAFAAAAAkAAABsb2dHcm91cHMAAAAEAAAAbmFtZQAAAAABAAAAGAAAAAAAEgAYABQAEwASAAwAAAAIAAQAEgAAABQAAABMAAAAUAAAAAAABQFMAAAAAQAAAAwAAAAIAAwACAAEAAgAAAAIAAAAGAAAAAwAAABsb2dHcm91cE5hbWUAAAAABAAAAG5hbWUAAAAAAAAAAAQABAAEAAAADAAAAGxvZ0dyb3VwTmFtZQAAAAD/////mAAAABQAAAAAAAAADAAWABQAEwAMAAQADAAAAGAGAAAAAAAAFAAAAAAAAAMDAAoAGAAMAAgABAAKAAAAFAAAAEgAAAAhAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiAAAAAAAAACIAAAAAAAAANgFAAAAAAAAAAAAAAEAAAAhAAAAAAAAAAAAAAAAAAAAAAAAADIAAABiAAAAkQAAALwAAADuAAAAHwEAAFQBAACHAQAAtQEAAOoBAAAbAgAASgIAAHQCAAClAgAA1QIAABADAABEAwAAdgMAAKMDAADXAwAACQQAAEAEAAB3BAAAlwQAAK0EAAC8BAAA+wQAAEIFAABhBQAAeAUAAJIFAAC0BQAA1gUAAC9hd3MvY29udGFpbmVyaW5zaWdodHMvZGV2MzAzLXdvcmtzaG9wL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvZGF0YXBsYW5lL2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvZmxvd2xvZ3MvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2RldjMwMy13b3Jrc2hvcC9ob3N0L2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2RldjMwMy13b3Jrc2hvcC9wcm9tZXRoZXVzL2F3cy9jb250YWluZXJpbnNpZ2h0cy9lY29tbWVyY2Utc29ja3Nob3AvYXBwbGljYXRpb24vYXdzL2NvbnRhaW5lcmluc2lnaHRzL2Vjb21tZXJjZS1zb2Nrc2hvcC9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2Vjb21tZXJjZS1zb2Nrc2hvcC9ob3N0L2F3cy9jb250YWluZXJpbnNpZ2h0cy9lY29tbWVyY2Utc29ja3Nob3AvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcGVyZi9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL2hvc3QvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL3BlcmZvcm1hbmNlL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcGVyZi9wcm9tZXRoZXVzL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcHJvZC11cy1lYXN0LTEvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tc3RhZ2luZy9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL2hvc3QvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL3BlcmZvcm1hbmNlL2F3cy9lY3MvY29udGFpbmVyaW5zaWdodHMvYnVnYmFzaC1lYzIvcGVyZm9ybWFuY2UvYXdzL2Vjcy9jb250YWluZXJpbnNpZ2h0cy9lY3MtZGVtb3dvcmtzaG9wL3BlcmZvcm1hbmNlL2F3cy9lY3MvY29udGFpbmVyaW5zaWdodHMvZWNzLXdvcmtzaG9wLWRldi9wZXJmb3JtYW5jZS9hd3MvZWtzL2RldjMwMy13b3Jrc2hvcC9jbHVzdGVyL2F3cy9ldmVudHMvY2xvdWR0cmFpbC9hd3MvZXZlbnRzL2Vjcy9hd3MvbGFtYmRhL2N3c3luLW15Y2FuYXJ5LWZhYzk3ZGVkLWYxMzQtNDk5YS05ZDcxLTRjM2JlMWY2MzE4Mi9hd3MvbGFtYmRhL2N3c3luLXdhdGNoLWxpbmtjaGVja3MtZWY3ZWYyNzMtNWRhMi00NjYzLWFmNTQtZDJmNTJkNTViMDYwL2Vjcy9lY3MtY3dhZ2VudC1kYWVtb24tc2VydmljZS9lY3MvZWNzLWRlbW8tbGltaXRUYXNrQ2xvdWRUcmFpbC9EZWZhdWx0TG9nR3JvdXBjb250YWluZXItaW5zaWdodHMtcHJvbWV0aGV1cy1iZXRhY29udGFpbmVyLWluc2lnaHRzLXByb21ldGhldXMtZGVtbwAAEAAAAAwAFAASAAwACAAEAAwAAAAQAAAALAAAADwAAAAAAAMAAQAAACgBAAAAAAAAoAAAAAAAAABgBgAAAAAAAAAAAAAAAAAAAAAAAAAACgAMAAAACAAEAAoAAAAIAAAAWAAAAAIAAAAoAAAABAAAAHz///8IAAAADAAAAAAAAAAAAAAABQAAAHJlZklkAAAAnP///wgAAAAUAAAACQAAAGxvZ0dyb3VwcwAAAAQAAABuYW1lAAAAAAEAAAAYAAAAAAASABgAFAATABIADAAAAAgABAASAAAAFAAAAEwAAABQAAAAAAAFAUwAAAABAAAADAAAAAgADAAIAAQACAAAAAgAAAAYAAAADAAAAGxvZ0dyb3VwTmFtZQAAAAAEAAAAbmFtZQAAAAAAAAAABAAEAAQAAAAMAAAAbG9nR3JvdXBOYW1lAAAAAEgBAABBUlJPVzE=',

grafana/public/app/plugins/datasource/loki/live_streams.test.ts

Line 50 in 08351e3

id: '8c50d09800ce8dda69a2ff25405c9f65',

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 57 in 08351e3

expect(data[0].fields[2].values.get(0)).toEqual('2b431b8a98b80b3b2c2f4cd2444ae6cb');

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 60 in 08351e3

expect(data[1].fields[2].values.get(0)).toEqual('75d73d66cff40f9d1a1f2d5a0bf295d0');

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 119 in 08351e3

id: '19e8e093d70122b3b53cb6e24efd6e2d',

grafana/scripts/build/gpg-test-vars.sh

Line 3 in 08351e3

export GPG_PRIV_KEY="LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFkR0JGNXhGRUFCRUFEZUJrOTZJbHNuendQanQ2aVVGSUZhNG0vR2JEZmxmTVluVURuS21CZWJiVVB1MDNRegpFZU1PeFpER0ZzRmV1K2E5Qk51WWphVkdFREpidVNja25CaitYSHlvN2NzVzEwdmhlck9zTVpxT01kUnU5TExHClZjVFVGbFZBaGI4Y29WbXJoMS8yNHhmd0FzNU5KbUROdVVzTXN1QXpwWHkwUnpwMTdjeXhrR3E3SzNQcjJPRkYKd1hsbXU1c2R5WU94NTlaRGwxejhEanNXVG1aQW45dEFQVTJnd1JTcjdzdWlQVjBFZzVqdkZYVHFaYTk0aG90KwpEMUR3cHdoSGxtaVJLY056WHlkUXYweXJYMGJLdDB5bVh5VmFURWp0bm1yWnZESHJrZTU5V0dZVlozSmRPS2lvClFXQ0EzZEx2RW9Pb2M5K3VEZWhNdWJVQjg3ckxUYmhsOVdTSTllSlNidmt0bUhLMXA1d3JPM3ZINVkrQWxmeHUKQk4xUnBndC84aXpvOEZGeC9Qc3A5RTA3YWFOZHpsRWh2U3RWWWxFWnl2WlJXMnNyWk9HcWtVMXlYRUJJVlZzUQptZmZZNG1pZ2I2UU81Y3ArQ3pnMWNLOTMxUVpjRWFrSFlDZ2I2TXNLMFhCQVVKUmNLb2ROYVlTY1dBZlFMYXJXCmtuNWxFQjNodVo5OG9sVlhNVkw4alVaUEJidDhNVkt6N2lxd0hmaEt2WDBmLzkrZkxIRDZwTVg1Qll2OG9OV0kKdDVZZ2FQdDRGK1IxdFNLVXpwT1BLdEZWSVBQdGl3U0hEcDQzb3FrWittcXo2Z2hBUi93N25rYWZZMFNpNHlGegpyd1JreVpRR2NNR2NhZVd5aGRSdEhlRmtXajBsM2F4QlZqK2c2eHhydHZQTjMxV1BOMWZBZDlFMkt3QVJBUUFCCi9nY0RBbDFxNzByWm1GQVM5TGRoL1NXOU5Vb0JSaUJqWGI2T1JEVVFpWTF4N1NEd0NnSklBc2tBR2dvRi9hMGkKWUU2MW1SYk8xQVhXOVFTem1FNU1CMW1LdXpjM2I1MllkUnlYQ3REcEQ1dlZIM3d3cFlZSUkyM0xGN2gzM3NQNgptNTNSZDBsWFFxNjlHK3VnS1N5RENvZ2NrRHlSWVFxZUVNU2p6TWVLNjFyTm13cjJGbWZXbEN4VVlvdVprUEFsCjdYeGVmN3RjMEgvTG01Q3VDRkxCbzBaRFU1ditsRXE4L3hvRFFobTYrVjBLeXp1NE1LR1JYUzdzK2JzSkR2SnkKZC9xVDlRdHBJS0hhOWtYeDFNaXBXeURvQWNxR3ZhN3RiTnp1M1JRR1VyQjY4MlBrK1ZWTm9EQzY1OXJjVE9oNQpmd25tcFdmSm9yNnZZVHZsZzY3YWJFZWJ1MlB6TWxLS3EvSjlyZWxHY3lCMU5mbVgyZHg4L2JFcTVIS0xIN215CllhNEdrNkJvdVNaVTFENlZmTlBielVLanM4Z3dLV0FTN2dWa1JVWTdaQXY2a0lLbmJuRmxSN1hxUkhPYWJkYngKM0ZUbHRYSjBpZXdwRVJwMU9Qdm9hTldVMlB4NEh5UkRVVFU5Y0FLZHM4VExxS3plcmVNeE9UNG5lRGt6akp4cApOU1g2bFhIL2V2d3R4amtCdmtlTXlqUHV0U0pMWXhhUHppblVSTFRNcHJuL1c5ZlpudUlZMnladkI5Wk1zY2c5CnMzT1ZTT1VMdE1sTUgveldWWE5Ld1QwaVYwV2srVDVPNGhOZlZpWDdEU04rdExaN2VJZmFKeHBXRzR0NTY4SXQKcFJVbzVLcWl0UnJnS3JlaWo0YjllUWVHc3J4NUZhejNlelZTaWdlTHo3WUliSmQ2QW9kN0taeFhkSm5vZ2pDRApzWklnT2Y0OUZFc3BZM2IybkhGeUM3V1VmcmZjeEVEMDBnZ25HbUl2ajZTMW5DQWdlOXRKZjVjV2FYVTNSeWlMCitPSEphT1U5b1o5TkVJWU9ENFRKdXdWRkp0ellZTkpEQitEbVhLQ0ZMSWIvcGRydXRSVUkrUFNUQkdGZlZob1oKZERMS1E0OW4rMWVjOVpHY2hhTk54aEptdVkwMDZjNk9kT0hiMjJ0aWFkMnhpekRDZ3RGMUtWTDdJRHF4UUdoSQpEd2xZL3E3TmVoWWRpb09lSk9jYjVoVmRyV2wvaXJvQllkeW1meUttR28wZnNRMUdjNHJOMVJxd1ZoUjhhZ0lNCjloUzdYTHIra1hhQTllL0tRNTN5a1Z0WWdiVkxZWlMxQzZ6Qk1wNWUrWStYN3lONktiVjFFeTFjVE1ySU9vaFcKWFVJWUFPVHhRVkJiOFE3RHRhc2ViMThIcjBOdlZvamVRYXoveXByN3VOWXB4OEN6V2tqYmtKaUU2TzZ2TmVoaApiQ2lrVDhST1V4M1VHM0hLWVdtKzR3cmxkbXlXMFVKREVTbDl1MVRxRzlVbXUxSkdId3E0aERSZlI0TkpGRGljCmtjc1JyMDU3bnd5Q21nbEdrMGdzZWVjUis5cnRnT1ZQZ0lRUUxXeXR1dkFVSmtKMUhrbFczdE5nN1I0cWg5R3oKNEdpUGpYdFY3QlNHMUpYRGE5RWpiL3pGUjh0YmNrZmFEaG5HRHJWLzBoakd2NkdBT24zeGMzKzVzQzZ1by94dApua2JwWUk2S0dXSjRzVGxxd3NMYUNvM3ZPU2FkcFRMYTNEVmlRbTdXbHBxWXA2VVZ0QTRjZ3g2Q1J3OUN6b1k5CktGZHBCb0NMUzVDeEt1WlBGVTF3YnFVdnBKVXhHMWpCWFZ1WUIxelNabEQ2a0tyQTdDVjB2OURnZk5mYVJxRmkKTmkyY2FmQ1JtdG5HRWdxaDV1NGZCRmJDWURpdE1mTW1rR2NZNjRCNWIrWDcyRlhXMmdaUCtEZS9ld2dIVHpWbApyMWFpUmNLNHdHUk5Lc3ptZlYxaHdkNG5TR0pqMEV6V2toOEJleU9SSUtoeVZ6Y0QyVnJBTzBsaXFWNm1LRVhPCjk2anVubENmWGl1NFdJRWJ2UHEySEhRek9NT3BwakVmWG9GekR0NnV4RVR6RXlpYlN5SlA4cjZ2ZFJxMTE0RDAKZFp4TUlrWi9XWVM3TTFZbER6enBiQmptUWl3LzZuV05DTlY1czVydEhuRkR3VkVpMVpsMXgwc1NWL1pVQlo2QQp0b2gyaTBWaHh1eFJWSi9EbG5SaWNFaHBrR3l2SkRlOWpXdDVtUzE4dDc4dE81QkRmYmJxblRiVlRDVFVORWFuCndLdGxkSWlMQUFTVDNjc29qUjVoSHp3RDNjL044dWhFaERMTE5VdDUvSGdiMERlbk4xQmh4SyswSmtOcGNtTnMKWlVOSklFSnZkQ0E4Wlc1bmFXNWxaWEpwYm1kQVozSmhabUZ1WVM1amIyMCtpUUpPQkJNQkNBQTRGaUVFM3RCYgpNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQ0d3TUZDd2tJQndJR0ZRb0pDQXNDQkJZQ0F3RUNIZ0VDCkY0QUFDZ2tRU3RWV1VOeDJQaXZGbHcvK0ppWWpGbFZLM29pcEtCU3FURVVlR0ZGZlB5bjljZnJZeUpNUkliOWUKMVJvUyt2SlhXdk1EZEN6VXIzWGJrNlFvWmZiWUE5a3pIdnlRWG9aK0ovVHJPbE1zMGs0UVFHNGZDZlJOZE5LZApmRTNXbUM4eSszSUhNSFpXSjc1dFVrN05nM2kvNEV1Y3FxelozelRTMUdMSG1wRDNETTVzRVFiZHFNYkVXbEhaCnAzaVEya010QVpyNU4yYWhmUTdnNVZZMmFBMXlEelgza1NSdForWHZrRUhraHAvWjFpTjZ1V1p2dzQrdHhEalYKVEZCWkFjNVB4Y2RzWm5KcmdSbUxyTUI3aTBJV3Z4RFNTVjlhbVAraWtkR0lCWWlZUGZSR0lhb3FqRnJ1dDNYego3N0JOVzh1VDdxWXVNRVZwNEJwU0t2SHFySXVUL2N3YUtyQmlDK0RmNncyMnhhYTRqemFJaXlaNm1adTNMa2dnCmZublpQMTdVRkh3TjB3ZlBxSC96Q1RFWVBjUjZUcFh2RTlHbm1FQndTNXQya3lxM2FIM0c0MDNicGM0MGhoQXQKN0ZvdGFqazYxNkxRT1lEUWJTK1YyZG9NZVlKREpQZFhrYi80Njl0VVBTbWJLRHRHcklueGZTYVptQjdIenFuMQpWR0lNMkdjZUY3RDdNWlZENkFpY3B2NitjZTlLdHltNGo3SHVkT2xsMjIrb3I5aVI3WTNmQ29FN1dZNGliMHR5Cm5IN2ZFU1BURXN2R0lDV1FFMUFobHlrcktFQ0dNdENzdDJZTG5jZHZCckNFNFlxdDlHeDBrbVZOM3dTRHRwaUcKWVp6a2xtU2xweDMzbVRFOUdSR21wQ1BGcDk3UGNLUEtWU0M5M3ZGRG1vcGMyVEJwNWZiR1A5NzlVaXpIaHVmUApGZU9kQjBVRVhuRVVRQUVRQU9wbEZOaG9ocXkxY0xjV2thSUZYdk0wdk0zQlVIblJNT2dUS2JhSzhYc01sZFZICnBEcjdramhFVE5NYVNOMlcxVkU5akdlTDRTZ0xaOEVvZDRqNXN0cEd4THBwb2gzYUtpYWIwcDRkaThNbWFIdGIKNkwvNmtodEtxNGtRWEdONE9MMWVkaFAvQy9lYkVEY2VhMWhwUkpwM1U4dTlGaGZMVHFvUEcremxMMFllY1NjUwp5L2NVNjZOZDVpeWtCREdNNDBPM1pCendIT3RyWHM5SWJSWVc4dUFUWmZMdkd5WXJLVGJLOWtZcC9xdkh5dG96Cjg0TG1XUXVZNXFaODd1YlRkdVpxRWphbXNheVptQjJoVWNQR2ZjK0JHL1VPNDA1c1lPaHl1bmhSMC8rRE92a3cKUFRORUpoSlV4OGxFbTZKS1RZMUw2RkxJSHhSbmdyTU1qc2NQaHg3M1NveWlzaVBXb1Yrdm9vZWQ1YzQvSUxSWgpoejgxak9uQys4QkRKQVE0MlRqRnFtcE5UZ2NCZTBsUi83WC9yaTBwVlFrbmszL29uZHFRajRuc25BNUhyRHpkClQyZll5WlFEcHJjekJUdEtkVE93aVNXc2F2MGVZemRld2xYaUVkRkM5SkI5bHBRcEZXNWQ3MkI2RE9CN2pQRW0Kc1l6UDFBZUNGWnF4Uk8wajRVdmlCK28wLys5N0tFRFVOclRTL1hRand6WllqN0lDcUI1dTJJb3ducDdOTGt6aQpnNUREQUdVakpQTE1GajIzRzJENTlZa1NzcG5maU80MDhxSWR5N2hET2ZxMkRJVDJNMDZMMDZhL2d3UXkxakJTCkpwbnA5eTlMbXNQMTRFcVFQTUt4cWdwS3VxOURVWVl0WnRkQUM5U0FGM3dGa0MxVHFQQU1PSU9vOE1VTkFCRUIKQUFIK0J3TUNwOU1TcG94VnpTbjBlVXk5Z3JGYUg3a0U0ZU9uc1NNRTNzaVdReEVXVmlLOUFoaHhIV2R5Tk80bApZSllLWHVYM3hOanYwN0FQRTVFeVU0UUtkOStZZ3VXREZRK0VUdUsybkY3cWIzUFAyamxIa0szU0E5dkg0ZlNWCmlQNW9mYkZtR2dwdDRCTjZiTE5OOVhINE00S0hkOHFyNG4rdkQybUFTS1FadTV2MkVSZnREdERlNzB3RGNLdGEKWXZlb3k4Z2lIQU15cFltbGVTWGpmbGJROG0wNUhZdXJGYlV4QnRXRmh0Yk9KWVB6VW5UbmFMam5tY1oyTXR2RAoreU12TWU0VzlPVXZqZDN6bWg0YnYzdmZvKzJmU2U1VjdOVTZEcVg0L3Z6TTlIMWxOdndjVUphMTErNC9FR3JtCmVySTlwZi9uYWlvTmVIbjFpZjA5SjhPUTdaQk5yVFFkbVIrR0hiNXRtL2dGeEY2TEJ1NytDUlN4Zi9qbmlLbC8KeE5TWjBaNlNod1o3alFkUUQ0eUxPTXJUbGpaNGdacVRLcW1QelR3YmIzNzkyZkZHRWV2SGJjWnRCQk5QVTd2OApleXErbEg0OGtsWlJidzVGR002M0d4dmJxbGtuT2ZHN3dMUTErMGNnZnNYQk5uUlp1aUIzMnZQU3BnL1Z0RU9ZCnJ4dnhuRXBQRFRWb1EzeFdJVjFkM2VqOFdSTzVGMWFWdEVrNE44VVpsWXJuNUE1SCtVSVVzdlBQVGluRWZDUDQKcUNLVUllQWxZQUdoYXpjTEJnOXNzRlVMZVVEaGZ3MVRWbVBvcStXVXlLOXkxM3BGbW10aDNiSmNoRkhRVFB5WQphOTdGQ3FpRjJYS25Vb2xRT1RDKy9YTHBTMVF2aDFxeWU1UnQrdmZFdEs1OU9sWjRhUW9hbDdqRjF6bkRzcjRDClU0Q3V0TnZpelBQVzAyVFZwQWxoUzNFTVZNcE5tVTNpcnN2aFVJTXdrd0VSeVVDTGw2WlNnazJMeVdVc0pIeDYKQ3pxNkhndDd2aUNrODZOMk1TbXN6NUhIVVhrSldibUdybVlQUXh2cGl6WkpzK2RoMTJCZmNiaWE4YXVTeEZtdwpyeDh0bFFwR2ZLQTVJQmVYaFVJQ2NuYU9hcVBqMEprKzYxRkFnUmcvNmFGWXNiSDNRanl2VFdVT01rc20vcjFqCkxROTVYaFJwOTFQemhRL2k5c2t0SDIzeWFrMFpqOVlHSm04NERkT1RCYWxpdmZxQ21nKzdVSFMvaGtXRk1kUzUKaHpiSXhUbGNYb0szeG5EbVNSaFlTSFI0bXZNMEF6RWZCenBFZk02WjNuU0cySFFPM1JIUElkelFIMGlSS0tIdwp0eG9jTGdHMllWSG5EanUvak8xL0ljL0NpdFBDRm92S0dFb0pMOHNzNkxOU1VWY0x2cDgyREtqTnRzWjBZOHhjCm1tdTBxb2dGQ24wdC9xWGxpRVBCUmRSZ0tqUEd5N0JOdVp3RVhSRERGQWlYamZQRytWVWhtcmtzdjd0UUhNd3AKa00xdTF0RnArWWtaSGJ4RWpaMEY5a3IvdW9pV2g3R2ovUUFtY1c5T2lybGsxczNhM0Rub2RKK2ttZ1dyZkdWMgpOcUxqTkI0dWgzbnRsK3Q0YnVKQ3VUWW1xRUl6VWd2bG01R1ljUStOOEMxS2NTTEZUa0NMNzBZWE9jY09HamdzCktVcGJlQ2FtMlhJNlZuc25hck11WEs3dzYvNGRnT2dmYXJORmowd3ZjeHcxdy96aHBDdEg3eG9SNzNrcFpzT1EKcVRlM2M3RjhVZzZwUkZlMDJIa1E3aGJzYU9IVXkyeXBuT1lVN09YQS94VjV5L1dsNC9hNWtoSnRxcFlZZW5vagpPdTF2c2czUk5LOW1kRGYxZmh6WnNxMU5PUGpXdFJtdEtnNERhNU8wdHRFYjBNd3Z2a0RZM3VoV1NWUW5YL3RSCldLMndXY0hwT1luR1ZOczQ2QkJFeEhtc21Kc1dybmpYTlFpMGhmM1lDcWo4OFRGcVp3Z3ROUjlVczlsYnRzQ3UKR3VyYWxLNHl6aDNObkR0V0NnTFlac1lJV3BSMDlaemxGdVROSGZLSkhmbWMxZ2xDeitxM1VycDBhZHF6ZGVlVgp0K0JlUlVKcG9MK280eVVqejZ3c0hTeEVFWjZJa1lCdi83by8veS9lQlV5TzFraW0wbm9hU1cvRHlBRnJNTWZGCm5TZEhQOGRtSGh4UHFRei9FbDhQbHphRm5lOVNoYlgySXloekt6VFZYRlk0NU02YzJ5THZtZ2hZdnYyTU5PSysKZEZ1RC8vdHhHYTA0UGl3RnA3d0lMRjVpdG5ncElzbUFPcnNEZlN0eFFaZTVERUxNWlVldXcyUFZpUUkyQkJnQgpDQUFnRmlFRTN0QmJNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQ0d3d0FDZ2tRU3RWV1VOeDJQaXY5Ci93LytPMG1RaW9UVElNcGxvd1M5c21jZmo3U0VqazZCUUVlRjQ3RUFWTUMrd2FlT2g1ZWtGSERlajJjQS9PQUcKYmR4OGNweGIxOThGQ0djaVp1dHByU29Ma0IxTjhYQ0w1TEhUUWZsYVUwSWE4em1FVmo0bjBLelRSK3NRRzZhTQp6OVUrUEJnTm5TYmsxSm1VSnA2NE5OZ2JhdlFrS1M0MWZCdjI4b1ZYS0FZemJocEMyaUlNWXpkaXl6U29sbTQ1CkhGYysxNWhGb1hOWDIyVGVRZzMrNUF3bEJiVjdvaGFXQ3EybVc4Y1pYalc5RTQvUEZzRkoyQTlXaiszYTNBWjgKR0l0eGlwREMvNXBIbkY0WnBWczNRenRMVXJLdDUvUFdjODlVT1U0MkU1Q3N3WXNSYzlFWFM1RU16b01KbXNycApBdC85NkhyQUNTS05aRzhhSktqNFVEME9jTlIyWVU0aXlnLzNPVERneWNoc0tWK2l6bU5VN25qZ2p0NElSeDJxClFpdVQ4eGhvSS9DS0VKbFVUY1JsQk1oRXh6MWMwanpiTFluZndTZTVlS2tLUmJyRHBOc0N5WTZqbDN5LzM4TUIKVXY4ZytWZk5VYWp6UVRPYWpvanpweElNTGhQNitjQ0FGTEw0a1lkM083VUFPVzl2T1dtZzJQcVJTbmJPN1dMVgo5aUVFV2FQYkxCQzI2N3h4WEJtQXFnU2ZIMUJCc2lOaXFlZEdOblkzWlAzelRvMDMzSkt1RmprWi9MN3B3WUQzCldWV0VIcFMrOWdTQUNmaS9JZDNrMFhlUzJQbnF5bkEycjM5dTBtczdiKytwa3NjNCtUanJCajh3QURreXo3emEKVFlIenVLQjRxM3c4QjhGb3FOU2hzeXl3bEx1bUVKSVlBQ3kxNUdlQVFHblJBWm89Cj1mNFZlCi0tLS0tRU5EIFBHUCBQUklWQVRFIEtFWSBCTE9DSy0tLS0tCg=="

grafana/scripts/build/gpg-test-vars.sh

Line 4 in 08351e3

export GPG_PUB_KEY="LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkY1eEZFQUJFQURlQms5Nklsc256d1BqdDZpVUZJRmE0bS9HYkRmbGZNWW5VRG5LbUJlYmJVUHUwM1F6CkVlTU94WkRHRnNGZXUrYTlCTnVZamFWR0VESmJ1U2NrbkJqK1hIeW83Y3NXMTB2aGVyT3NNWnFPTWRSdTlMTEcKVmNUVUZsVkFoYjhjb1ZtcmgxLzI0eGZ3QXM1TkptRE51VXNNc3VBenBYeTBSenAxN2N5eGtHcTdLM1ByMk9GRgp3WGxtdTVzZHlZT3g1OVpEbDF6OERqc1dUbVpBbjl0QVBVMmd3UlNyN3N1aVBWMEVnNWp2RlhUcVphOTRob3QrCkQxRHdwd2hIbG1pUktjTnpYeWRRdjB5clgwYkt0MHltWHlWYVRFanRubXJadkRIcmtlNTlXR1lWWjNKZE9LaW8KUVdDQTNkTHZFb09vYzkrdURlaE11YlVCODdyTFRiaGw5V1NJOWVKU2J2a3RtSEsxcDV3ck8zdkg1WStBbGZ4dQpCTjFScGd0Lzhpem84RkZ4L1BzcDlFMDdhYU5kemxFaHZTdFZZbEVaeXZaUlcyc3JaT0dxa1UxeVhFQklWVnNRCm1mZlk0bWlnYjZRTzVjcCtDemcxY0s5MzFRWmNFYWtIWUNnYjZNc0swWEJBVUpSY0tvZE5hWVNjV0FmUUxhclcKa241bEVCM2h1Wjk4b2xWWE1WTDhqVVpQQmJ0OE1WS3o3aXF3SGZoS3ZYMGYvOStmTEhENnBNWDVCWXY4b05XSQp0NVlnYVB0NEYrUjF0U0tVenBPUEt0RlZJUFB0aXdTSERwNDNvcWtaK21xejZnaEFSL3c3bmthZlkwU2k0eUZ6CnJ3Umt5WlFHY01HY2FlV3loZFJ0SGVGa1dqMGwzYXhCVmorZzZ4eHJ0dlBOMzFXUE4xZkFkOUUyS3dBUkFRQUIKdENaRGFYSmpiR1ZEU1NCQ2IzUWdQR1Z1WjJsdVpXVnlhVzVuUUdkeVlXWmhibUV1WTI5dFBva0NUZ1FUQVFnQQpPQlloQk43UVd6SEhhQkg4Sjlxa1cwclZWbERjZGo0ckJRSmVjUlJBQWhzREJRc0pDQWNDQmhVS0NRZ0xBZ1FXCkFnTUJBaDRCQWhlQUFBb0pFRXJWVmxEY2RqNHJ4WmNQL2lZbUl4WlZTdDZJcVNnVXFreEZIaGhSWHo4cC9YSDYKMk1pVEVTRy9YdFVhRXZyeVYxcnpBM1FzMUs5MTI1T2tLR1gyMkFQWk14NzhrRjZHZmlmMDZ6cFRMTkpPRUVCdQpId24wVFhUU25YeE4xcGd2TXZ0eUJ6QjJWaWUrYlZKT3pZTjR2K0JMbktxczJkODAwdFJpeDVxUTl3ek9iQkVHCjNhakd4RnBSMmFkNGtOcERMUUdhK1RkbW9YME80T1ZXTm1nTmNnODE5NUVrYldmbDc1QkI1SWFmMmRZamVybG0KYjhPUHJjUTQxVXhRV1FIT1Q4WEhiR1p5YTRFWmk2ekFlNHRDRnI4UTBrbGZXcGovb3BIUmlBV0ltRDMwUmlHcQpLb3hhN3JkMTgrK3dUVnZMays2bUxqQkZhZUFhVWlyeDZxeUxrLzNNR2lxd1lndmczK3NOdHNXbXVJODJpSXNtCmVwbWJ0eTVJSUg1NTJUOWUxQlI4RGRNSHo2aC84d2t4R0QzRWVrNlY3eFBScDVoQWNFdWJkcE1xdDJoOXh1Tk4KMjZYT05JWVFMZXhhTFdvNU90ZWkwRG1BMEcwdmxkbmFESG1DUXlUM1Y1Ry8rT3ZiVkQwcG15ZzdScXlKOFgwbQptWmdleDg2cDlWUmlETmhuSGhldyt6R1ZRK2dJbktiK3ZuSHZTcmNwdUkreDduVHBaZHR2cUsvWWtlMk4zd3FCCk8xbU9JbTlMY3B4KzN4RWoweExMeGlBbGtCTlFJWmNwS3loQWhqTFFyTGRtQzUzSGJ3YXdoT0dLcmZSc2RKSmwKVGQ4RWc3YVlobUdjNUpaa3BhY2Q5NWt4UFJrUnBxUWp4YWZlejNDanlsVWd2ZDd4UTVxS1hOa3dhZVgyeGovZQovVklzeDRibnp4WGp1UUlOQkY1eEZFQUJFQURxWlJUWWFJYXN0WEMzRnBHaUJWN3pOTHpOd1ZCNTBURG9FeW0yCml2RjdESlhWUjZRNis1STRSRXpUR2tqZGx0VlJQWXhuaStFb0MyZkJLSGVJK2JMYVJzUzZhYUlkMmlvbW05S2UKSFl2REptaDdXK2kvK3BJYlNxdUpFRnhqZURpOVhuWVQvd3YzbXhBM0htdFlhVVNhZDFQTHZSWVh5MDZxRHh2cwo1UzlHSG5FbkVzdjNGT3VqWGVZc3BBUXhqT05EdDJRYzhCenJhMTdQU0cwV0Z2TGdFMlh5N3hzbUt5azJ5dlpHCktmNnJ4OHJhTS9PQzVsa0xtT2FtZk83bTAzYm1haEkycHJHc21aZ2RvVkhEeG4zUGdSdjFEdU5PYkdEb2NycDQKVWRQL2d6cjVNRDB6UkNZU1ZNZkpSSnVpU2syTlMraFN5QjhVWjRLekRJN0hENGNlOTBxTW9ySWoxcUZmcjZLSApuZVhPUHlDMFdZYy9OWXpwd3Z2QVF5UUVPTms0eGFwcVRVNEhBWHRKVWYrMS82NHRLVlVKSjVOLzZKM2FrSStKCjdKd09SNnc4M1U5bjJNbVVBNmEzTXdVN1NuVXpzSWtsckdyOUhtTTNYc0pWNGhIUlF2U1FmWmFVS1JWdVhlOWcKZWd6Z2U0enhKckdNejlRSGdoV2FzVVR0SStGTDRnZnFOUC92ZXloQTFEYTAwdjEwSThNMldJK3lBcWdlYnRpSwpNSjZlelM1TTRvT1F3d0JsSXlUeXpCWTl0eHRnK2ZXSkVyS1ozNGp1TlBLaUhjdTRRem42dGd5RTlqTk9pOU9tCnY0TUVNdFl3VWlhWjZmY3ZTNXJEOWVCS2tEekNzYW9LU3JxdlExR0dMV2JYUUF2VWdCZDhCWkF0VTZqd0REaUQKcVBERkRRQVJBUUFCaVFJMkJCZ0JDQUFnRmlFRTN0QmJNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQwpHd3dBQ2drUVN0VldVTngyUGl2OS93LytPMG1RaW9UVElNcGxvd1M5c21jZmo3U0VqazZCUUVlRjQ3RUFWTUMrCndhZU9oNWVrRkhEZWoyY0EvT0FHYmR4OGNweGIxOThGQ0djaVp1dHByU29Ma0IxTjhYQ0w1TEhUUWZsYVUwSWEKOHptRVZqNG4wS3pUUitzUUc2YU16OVUrUEJnTm5TYmsxSm1VSnA2NE5OZ2JhdlFrS1M0MWZCdjI4b1ZYS0FZegpiaHBDMmlJTVl6ZGl5elNvbG00NUhGYysxNWhGb1hOWDIyVGVRZzMrNUF3bEJiVjdvaGFXQ3EybVc4Y1pYalc5CkU0L1BGc0ZKMkE5V2orM2EzQVo4R0l0eGlwREMvNXBIbkY0WnBWczNRenRMVXJLdDUvUFdjODlVT1U0MkU1Q3MKd1lzUmM5RVhTNUVNem9NSm1zcnBBdC85NkhyQUNTS05aRzhhSktqNFVEME9jTlIyWVU0aXlnLzNPVERneWNocwpLVitpem1OVTduamdqdDRJUngycVFpdVQ4eGhvSS9DS0VKbFVUY1JsQk1oRXh6MWMwanpiTFluZndTZTVlS2tLClJickRwTnNDeVk2amwzeS8zOE1CVXY4ZytWZk5VYWp6UVRPYWpvanpweElNTGhQNitjQ0FGTEw0a1lkM083VUEKT1c5dk9XbWcyUHFSU25iTzdXTFY5aUVFV2FQYkxCQzI2N3h4WEJtQXFnU2ZIMUJCc2lOaXFlZEdOblkzWlAzegpUbzAzM0pLdUZqa1ovTDdwd1lEM1dWV0VIcFMrOWdTQUNmaS9JZDNrMFhlUzJQbnF5bkEycjM5dTBtczdiKytwCmtzYzQrVGpyQmo4d0FEa3l6N3phVFlIenVLQjRxM3c4QjhGb3FOU2hzeXl3bEx1bUVKSVlBQ3kxNUdlQVFHblIKQVpvPQo9SnFzcwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg=="

grafana/scripts/lib.star

Line 514 in 08351e3

'CHKSUM': 'beca3d7819a6bdcfbd044576df4fc284053b48f468b2f03428fe66f4ceb2c05d9b5411357fa15003cb0' +

grafana/scripts/lib.star

Line 515 in 08351e3

'311406c255084cf7283a3b8fce644c340c2f6aa910b9f',

grafana/public/app/features/datasources/partials/tls_auth_settings.html

Line 52 in 08351e3

placeholder="Begins with -----BEGIN RSA PRIVATE KEY-----"

grafana/pkg/models/datasource_cache_test.go

Line 412 in 08351e3

const clientKey string = `-----BEGIN RSA PRIVATE KEY-----

grafana/docs/sources/datasources/cloudmonitoring.md

Line 304 in 08351e3

-----BEGIN PRIVATE KEY-----

grafana/packages/grafana-ui/src/components/DataSourceSettings/TLSAuthSettings.tsx

Line 79 in 08351e3

placeholder="Begins with -----BEGIN RSA PRIVATE KEY-----"

grafana/devenv/docker/ha_test/alerts.sh

Line 12 in 08351e3

STATUS=$(curl -s -o /dev/null -w '%{http_code}' http://admin:[email protected]/api/alert-notifications/1)

grafana/devenv/docker/ha_test/alerts.sh

Line 27 in 08351e3

http://admin:[email protected]/api/alert-notifications

grafana/devenv/docker/ha_test/alerts.sh

Line 30 in 08351e3

STATUS=$(curl -s -o /dev/null -w '%{http_code}' http://admin:[email protected]/api/alert-notifications/2)

grafana/devenv/docker/ha_test/alerts.sh

Line 42 in 08351e3

http://admin:[email protected]/api/alert-notifications

grafana/devenv/docker/ha_test/alerts.sh

Line 84 in 08351e3

http://admin:[email protected]/api/alert-notifications/2

grafana/devenv/docker/ha_test/alerts.sh

Line 111 in 08351e3

http://admin:[email protected]/api/admin/pause-all-alerts

grafana/devenv/docker/ha_test/alerts.sh

Line 117 in 08351e3

http://admin:[email protected]/api/admin/pause-all-alerts

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 399 in 08351e3

# url = "postgres://user:password@localhost/schema?sslmode=disable"

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 1823 in 08351e3

# ## http://admin:[email protected]:8091/

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 1989 in 08351e3

# # servers = ["http://user:pass@localhost:9200"]

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 2875 in 08351e3

# ## mongodb://user:[email protected]:27017,

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 3434 in 08351e3

# ## rethinkdb://user:[email protected]:28105,

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 3445 in 08351e3

# # servers = ["rethinkdb://username:[email protected]:28015"]

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4736 in 08351e3

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4749 in 08351e3

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4784 in 08351e3

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/pkg/login/social/generic_oauth_test.go

Line 205 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 215 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 225 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 269 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 283 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 297 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4ifQ.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 310 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 371 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.sg4sRJCNpax_76XMgr277fdxhjjtNSWXKIOFv4_GJN8",

grafana/pkg/login/social/generic_oauth_test.go

Line 380 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.sg4sRJCNpax_76XMgr277fdxhjjtNSWXKIOFv4_GJN8",

grafana/pkg/login/social/generic_oauth_test.go

Line 466 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIn0.oMsXH0mHxUSYMXh6FonZIWh8LgNIcYbKRLSO1bwnfSI",

grafana/pkg/login/social/generic_oauth_test.go

Line 475 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIn0.oMsXH0mHxUSYMXh6FonZIWh8LgNIcYbKRLSO1bwnfSI",

grafana/pkg/login/social/generic_oauth_test.go

Line 561 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkRFRiJ9.eJyrVkrNTczMUbJSysrPyNNLyU91SK1IzC3ISdVLzs9V0lEqys9JBco6puRm5inVAgCFRw_6.XrV4ZKhw19dTcnviXanBD8lwjeALCYtDiESMmGzC-ho",

grafana/pkg/login/social/generic_oauth_test.go

Line 569 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkRFRiJ9.00eJyrVkrNTczMUbJSysrPyNNLyU91SK1IzC3ISdVLzs9V0lEqys9JBco6puRm5inVAgCFRw_6.XrV4ZKhw19dTcnviXanBD8lwjeALCYtDiESMmGzC-ho",

grafana/pkg/login/social/generic_oauth_test.go

Line 577 in 08351e3

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAKtWSs1NzMxRslLKys_I00vJT3VIrUjMLchJ1UvOz1XSUSrKz0kFyjqm5GbmKdUCANotxTkvAAAA.85AXm3JOF5qflEA0goDFvlbZl2q3eFvqVcehz860W-o",

grafana/pkg/setting/setting_test.go

Line 85 in 08351e3

os.Setenv("GF_DATABASE_URL", "mysql://user:secret@localhost:3306/database")

grafana/pkg/setting/setting_test.go

Line 91 in 08351e3

So(appliedEnvOverrides, ShouldContain, "GF_DATABASE_URL=mysql://user:-redacted-@localhost:3306/database")

grafana/pkg/api/pluginproxy/test-data/access-token-2.json

Line 8 in 08351e3

"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2U3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OC8iLCJpYXQiOjE1Mjg2NTgxNTksIm5iZiI6MTUyODY1ODE1OSwiZXhwIjoxNTI4NjYyMDU5LCJhaW8iOiJZMmRnWUFpK3NpZGxPc2ZDYmJwaEsxKyt6a203Q0FBPSIsImFwcGlkIjoiODg5YjdlZDgtMWFlZC00ODZlLTk3ODktODE5NzcwYmJiNjFhIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZTdmM2Y2NjEtYTkzMy00YjNmLTgxNzYtNTFjNGY5ODJlYzQ4LyIsIm9pZCI6IjY0YzQxNjMyLTliOWUtNDczNy05MTYwLTBlNjAzZTg3NjljYyIsInN1YiI6IjY0YzQxNjMyLTliOWUtNDczNy05MTYwLTBlNjAzZTg3NjljYyIsInRpZCI6ImU3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OCIsInV0aSI6IkQ1ODZHSGUySDBPd0ptOU0xeVlKQUEiLCJ2ZXIiOiIxLjAifQ.Pw8c8gpoZptw3lGreQoHQaMVOozSaTE5D38Vm2aCHRB3DvD3N-Qcm1x0ZCakUEV2sJd7jvx4XtPFuW7063T0V1deExL4rzzvIo0ZfMmURf9tCTiKFKYibqf8_PtfPSz0t9eNDEUGmWDh1Wgssb4W_H-wPqgl9VPMT7T6ynkfIm0-ODPZTBzgSHiY8C_L1-DkhsK7XiqbUlSDgx9FpfChZS3ah8QhA8geqnb_HVuSktg7WhpxmogSpK5QdrwSE3jsbItpzOfLJ4iBd2ExzS2C0y8H_Coluk3Y1YA07tAxJ6Y7oBv-XwGqNfZhveOCQOzX-U3dFod3fXXysjB0UB89WQ"

grafana/pkg/api/pluginproxy/test-data/access-token-1.json

Line 8 in 08351e3

"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL2FwaS5sb2dhbmFseXRpY3MuaW8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9lN2YzZjY2MS1hOTMzLTRiM2YtODE3Ni01MWM0Zjk4MmVjNDgvIiwiaWF0IjoxNTI4NzM2NTE3LCJuYmYiOjE1Mjg3MzY1MTcsImV4cCI6MTUyODc0MDQxNywiYWlvIjoiWTJkZ1lBaStzaWRsT3NmQ2JicGhLMSsremttN0NBQT0iLCJhcHBpZCI6IjdmMzJkYjdjLTZmNmYtNGU4OC05M2Q5LTlhZTEyNmMwYTU1ZiIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2U3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OC8iLCJvaWQiOiI1NDQ5ZmJjOS1mYWJhLTRkNjItODE2Yy05ZmMwMzZkMWViN2UiLCJzdWIiOiI1NDQ5ZmJjOS1mYWJhLTRkNjItODE2Yy05ZmMwMzZkMWViN2UiLCJ0aWQiOiJlN2YzZjY2MS1hOTMzLTRiM2YtODE3Ni01MWM0Zjk4MmVjNDgiLCJ1dGkiOiJZQTlQa2lxUy1VV1hMQjhIRnU0U0FBIiwidmVyIjoiMS4wIn0.ga5qudt4LDMKTStAxUmzjyZH8UFBAaFirJqpTdmYny4NtkH6JT2EILvjTjYxlKeTQisvwx9gof0PyicZIab9d6wlMa2xiLzr2nmaOonYClY8fqBaRTgc1xVjrKFw5SCgpx3FnEyJhIWvVPIfaWaogSHcQbIpe4kdk4tz-ccmrx0D1jsziSI4BZcJcX04aJuHZGz9k4mQZ_AA5sQSeQaNuojIng6rYoIifAXFYBZPTbeeeqmiGq8v0IOLeNKbC0POeQCJC_KKBG6Z_MV2KgPxFEzQuX2ZFmRD_wGPteV5TUBxh1kARdqexA3e0zAKSawR9kmrAiZ21lPr4tX2Br_HDg"

grafana/conf/defaults.ini

Line 82 in 08351e3

# Example: mysql://user:secret@host:port/database

grafana/conf/sample.ini

Line 84 in 08351e3

# Example: mysql://user:secret@host:port/database

grafana/docs/sources/administration/configuration.md

Line 295 in 08351e3

Example: `mysql://user:secret@host:port/database`

grafana/docs/sources/http_api/curl-examples.md

Line 20 in 08351e3

curl http://admin:admin@localhost:3000/api/search

grafana/docs/sources/http_api/user.md

Line 365 in 08351e3

}' http://admin:oldpass@<your_grafana_host>:3000/api/user/password

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 25 in 08351e3

curl -X POST -H "Content-Type: application/json" -d '{"name":"apiorg"}' http://admin:admin@localhost:3000/api/orgs

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 32 in 08351e3

curl -X POST -H "Content-Type: application/json" -d '{"loginOrEmail":"admin", "role": "Admin"}' http://admin:admin@localhost:3000/api/orgs/<org id of new org>/users

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 37 in 08351e3

curl -X POST http://admin:admin@localhost:3000/api/user/using/<id of new org>

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 42 in 08351e3

curl -X POST -H "Content-Type: application/json" -d '{"name":"apikeycurl", "role": "Admin"}' http://admin:admin@localhost:3000/api/auth/keys

grafana/docs/sources/http_api/auth.md

Line 21 in 08351e3

?curl http://admin:admin@localhost:3000/api/org

grafana/docs/sources/http_api/org.md

Line 336 in 08351e3

to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs

grafana/docs/sources/http_api/org.md

Line 418 in 08351e3

to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs/1/users

grafana/CHANGELOG_ARCHIVE.md

Line 2240 in 08351e3

- #16 Add support for Basic Auth (use http://username:[email protected])

grafana/scripts/lib.star

Line 936 in 08351e3

'git clone "https://$$env:[email protected]/grafana/grafana-enterprise.git"',

grafana/.drone.yml

Line 1330 in 08351e3

- git clone "https://$$env:[email protected]/grafana/grafana-enterprise.git"

grafana/.drone.yml

Line 2086 in 08351e3

- git clone "https://$$env:[email protected]/grafana/grafana-enterprise.git"

grafana/.drone.yml

Line 2793 in 08351e3

- git clone "https://$$env:[email protected]/grafana/grafana-enterprise.git"

grafana/devenv/docker/blocks/graphite1/conf/opt/graphite/webapp/graphite/local_settings.py

Line 208 in 08351e3

SECRET_KEY = '$(date +%s | sha256sum | base64 | head -c 64)'

grafana/devenv/docker/blocks/graphite/files/initial_data.json

Line 15 in 08351e3

"password": "sha1$1b11b$edeb0a67a9622f1f2cfeabf9188a711f5ac7d236",

More info on how to fix Hard-Coded Secrets in General, Python and Javascript.

Insecure Use of Dangerous Function (15)

grafana/Gruntfile.js

Line 56 in 08351e3

grunt.util._.extend(config[key], require(path + option)(config, grunt));

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 49 in 08351e3

require(entrypoint()).run(includeInternalScripts);

grafana/pkg/plugins/backendplugin/grpcplugin/client.go

Line 35 in 08351e3

cmd := exec.Command(executablePath)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 118 in 08351e3

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 126 in 08351e3

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 130 in 08351e3

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 163 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 187 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 195 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 203 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 211 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 220 in 08351e3

os.system('cp -pr nssm/nssm-2.24 .')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 233 in 08351e3

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 248 in 08351e3

os.system('ls -al /tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/utils.py

Line 101 in 08351e3

os.system("ls -al templates")

More info on how to fix Insecure Use of Dangerous Function in Javascript, Go and Python.

Information Disclosure (3)

grafana/devenv/docker/blocks/graphite/files/statsd_config.js

Line 3 in 08351e3

graphiteHost: "127.0.0.1",

grafana/devenv/docker/blocks/graphite1/conf/opt/statsd/config.js

Line 2 in 08351e3

"graphiteHost": "127.0.0.1",

grafana/scripts/webpack/webpack.common.js

Line 22 in 08351e3

for (const package of packagesToProcessbyBabel) {

More info on how to fix Information Disclosure in Javascript.

Insecure File Management (82)

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 19 in 08351e3

return fs.lstatSync(resolvedPath).isSymbolicLink();

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 32 in 08351e3

if (isLinkedMode() || !fs.existsSync(resolvedJsDir)) {

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 42 in 08351e3

var files = fs.readdirSync(srcLocation);

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 47 in 08351e3

fileStat = fs.statSync(srcLocation + '/' + file);

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 48 in 08351e3

fileData = fs.readFileSync(srcLocation + '/' + file);

grafana/pkg/components/imguploader/s3uploader.go

Line 83 in 08351e3

defer file.Close()

grafana/pkg/api/dashboard.go

Line 345 in 08351e3

file, err := os.Open(filePath)

grafana/pkg/api/dashboard.go

Line 349 in 08351e3

defer file.Close()

grafana/pkg/api/http_server.go

Line 180 in 08351e3

if err := os.Chmod(setting.SocketPath, 0660); err != nil {

grafana/pkg/middleware/recovery.go

Line 55 in 08351e3

data, err := ioutil.ReadFile(file)

grafana/pkg/components/imguploader/s3uploader.go

Line 79 in 08351e3

file, err := os.Open(imageDiskPath)

grafana/pkg/infra/log/file.go

Line 122 in 08351e3

return os.OpenFile(w.Filename, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)

grafana/pkg/infra/log/file.go

Line 126 in 08351e3

r, err := os.OpenFile(w.Filename, os.O_RDONLY, 0644)

grafana/pkg/components/imguploader/azureblobuploader.go

Line 52 in 08351e3

defer file.Close()

grafana/pkg/components/imguploader/azureblobuploader.go

Line 48 in 08351e3

file, err := os.Open(imageDiskPath)

grafana/pkg/api/avatar/avatar.go

Line 137 in 08351e3

if data, err := ioutil.ReadFile(path); err != nil {

grafana/pkg/setting/expanders.go

Line 141 in 08351e3

f, err := ioutil.ReadFile(s)

grafana/pkg/services/provisioning/datasources/config_reader.go

Line 52 in 08351e3

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/server/server.go

Line 262 in 08351e3

if err := ioutil.WriteFile(s.pidFile, []byte(pid), 0644); err != nil {

grafana/pkg/services/rendering/http_mode.go

Line 99 in 08351e3

defer out.Close()

grafana/pkg/components/imguploader/gcs/gcsuploader.go

Line 152 in 08351e3

fileReader, err := os.Open(imageDiskPath)

grafana/pkg/components/imguploader/gcs/gcsuploader.go

Line 156 in 08351e3

defer fileReader.Close()

grafana/pkg/services/provisioning/plugins/config_reader.go

Line 72 in 08351e3

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/services/ldap/ldap.go

Line 98 in 08351e3

pem, err := ioutil.ReadFile(caCertFile)

grafana/pkg/cmd/grafana-server/main.go

Line 119 in 08351e3

defer f.Close()

grafana/pkg/services/ldap/settings.go

Line 121 in 08351e3

fileBytes, err := ioutil.ReadFile(configFile)

grafana/pkg/services/provisioning/dashboards/config_reader.go

Line 22 in 08351e3

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/services/provisioning/dashboards/file_reader.go

Line 346 in 08351e3

reader, err := os.Open(path)

grafana/pkg/services/provisioning/dashboards/file_reader.go

Line 350 in 08351e3

defer reader.Close()

grafana/pkg/plugins/dashboards.go

Line 100 in 08351e3

reader, err := os.Open(dashboardFilePath)

grafana/pkg/plugins/dashboards.go

Line 105 in 08351e3

defer reader.Close()

grafana/pkg/plugins/manifest.go

Line 90 in 08351e3

byteValue, err := ioutil.ReadFile(manifestPath)

grafana/pkg/plugins/manifest.go

Line 112 in 08351e3

f, err := os.Open(fp)

grafana/pkg/plugins/manifest.go

Line 116 in 08351e3

defer f.Close()

grafana/pkg/plugins/plugins.go

Line 272 in 08351e3

reader, err := os.Open(jsonFPath)

grafana/pkg/plugins/plugins.go

Line 276 in 08351e3

defer reader.Close()

grafana/pkg/plugins/plugins.go

Line 342 in 08351e3

reader, err := os.Open(pluginJSONFilePath)

grafana/pkg/plugins/plugins.go

Line 346 in 08351e3

defer reader.Close()

grafana/pkg/plugins/plugins.go

Line 483 in 08351e3

data, err := ioutil.ReadFile(path)

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 231 in 08351e3

if err := os.MkdirAll(newFile, 0755); err != nil {

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 243 in 08351e3

if err := os.MkdirAll(filepath.Dir(newFile), 0755); err != nil {

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 49 in 08351e3

f, err := os.Open(url)

grafana/pkg/cmd/grafana-cli/services/io_util.go

Line 24 in 08351e3

return ioutil.ReadFile(filename)

grafana/pkg/services/provisioning/notifiers/config_reader.go

Line 64 in 08351e3

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/services/alerting/notifiers/discord.go

Line 161 in 08351e3

f, err := os.Open(imagePath)

grafana/pkg/services/alerting/notifiers/discord.go

Line 172 in 08351e3

defer f.Close()

grafana/pkg/services/alerting/notifiers/pushover.go

Line 295 in 08351e3

defer f.Close()

grafana/pkg/services/alerting/notifiers/slack.go

Line 356 in 08351e3

f, err := os.Open(file)

grafana/pkg/services/alerting/notifiers/slack.go

Line 360 in 08351e3

defer f.Close()

grafana/pkg/components/imguploader/webdavuploader.go

Line 58 in 08351e3

imgData, err := ioutil.ReadFile(pa)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 55 in 08351e3

DIST_LOCATION = '/tmp/dist'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 82 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_querystring_builder.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 83 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_querystring_builder.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 84 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_log_analytics/azure_log_analytics_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 85 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_log_analytics/azure_log_analytics_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 86 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 87 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 88 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 89 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 90 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/insights_analytics/insights_analytics_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 91 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_filter_builder.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 92 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_filter_builder.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 93 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/AnalyticsConfig.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 94 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/AzureCredentialsForm.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 95 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/InsightsConfig.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 96 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/AnalyticsConfig.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 97 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/AzureCredentialsForm.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 98 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/InsightsConfig.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 99 in 08351e3

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/ConfigEditor.test.tsx.snap'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 114 in 08351e3

if not os.path.isdir('/tmp/a'):

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 115 in 08351e3

os.mkdir('/tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 116 in 08351e3

target_dir_name = '/tmp/a'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 141 in 08351e3

if not os.path.isdir('/tmp/scratch'):

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 142 in 08351e3

os.mkdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 143 in 08351e3

os.chdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 168 in 08351e3

nssm_file = get_nssm('/tmp/cache', NSSM_VERSION)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 174 in 08351e3

generate_firewall_wxs(env, PRODUCT_VERSION, '/tmp/scratch/grafana-firewall.wxs', target_dir_name)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 175 in 08351e3

generate_service_wxs(env, PRODUCT_VERSION, '/tmp/scratch/grafana-service.wxs', target_dir_name, NSSM_VERSION)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 176 in 08351e3

generate_product_wxs(env, config, features, '/tmp/scratch/product.wxs', target_dir_name)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 182 in 08351e3

os.chdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 242 in 08351e3

msi_filename = '/tmp/scratch/grafana-{}{}.windows-amd64.msi'.format(PRODUCT_VERSION, hash)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 245 in 08351e3

msi_filename = '/tmp/scratch/grafana-enterprise-{}{}.windows-amd64.msi'.format(PRODUCT_VERSION, hash)

More info on how to fix Insecure File Management in Javascript, Go and Python.

Insecure Use of Regular Expressions (6)

grafana/packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/AccordianLogs.test.js

Line 59 in 08351e3

const regex = new RegExp(`Logs \\(${logs.length}\\)`);

grafana/public/vendor/angular-other/datepicker.js

Line 899 in 08351e3

if (/^[\-+]\d+[dmwy]([\s,]+[\-+]\d+[dmwy])*$/.test(date)) {

grafana/public/vendor/bootstrap/bootstrap.js

Line 1170 in 08351e3

return item.replace(new RegExp('(' + query + ')', 'ig'), function ($1, match) {

grafana/public/vendor/flot/jquery.flot.js

Line 32 in 08351e3

(function($){$.color={};$.color.make=function(r,g,b,a){var o={};o.r=r||0;o.g=g||0;o.b=b||0;o.a=a!=null?a:1;o.add=function(c,d){for(var i=0;i<c.length;++i)o[c.charAt(i)]+=d;return o.normalize()};o.scale=function(c,f){for(var i=0;i<c.length;++i)o[c.charAt(i)]*=f;return o.normalize()};o.toString=function(){if(o.a>=1){return"rgb("+[o.r,o.g,o.b].join(",")+")"}else{return"rgba("+[o.r,o.g,o.b,o.a].join(",")+")"}};o.normalize=function(){function clamp(min,value,max){return value<min?min:value>max?max:value}o.r=clamp(0,parseInt(o.r),255);o.g=clamp(0,parseInt(o.g),255);o.b=clamp(0,parseInt(o.b),255);o.a=clamp(0,o.a,1);return o};o.clone=function(){return $.color.make(o.r,o.b,o.g,o.a)};return o.normalize()};$.color.extract=function(elem,css){var c;do{c=elem.css(css).toLowerCase();if(c!=""&&c!="transparent")break;elem=elem.parent()}while(elem.length&&!$.nodeName(elem.get(0),"body"));if(c=="rgba(0, 0, 0, 0)")c="transparent";return $.color.parse(c)};$.color.parse=function(str){var res,m=$.color.make;if(res=/rgb\(\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*\)/.exec(str))return m(parseInt(res[1],10),parseInt(res[2],10),parseInt(res[3],10));if(res=/rgba\(\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*\)/.exec(str))return m(parseInt(res[1],10),parseInt(res[2],10),parseInt(res[3],10),parseFloat(res[4]));if(res=/rgb\(\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*\)/.exec(str))return m(parseFloat(res[1])*2.55,parseFloat(res[2])*2.55,parseFloat(res[3])*2.55);if(res=/rgba\(\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*\)/.exec(str))return m(parseFloat(res[1])*2.55,parseFloat(res[2])*2.55,parseFloat(res[3])*2.55,parseFloat(res[4]));if(res=/#([a-fA-F0-9]{2})([a-fA-F0-9]{2})([a-fA-F0-9]{2})/.exec(str))return m(parseInt(res[1],16),parseInt(res[2],16),parseInt(res[3],16));if(res=/#([a-fA-F0-9])([a-fA-F0-9])([a-fA-F0-9])/.exec(str))return m(parseInt(res[1]+res[1],16),parseInt(res[2]+res[2],16),parseInt(res[3]+res[3],16));var name=$.trim(str).toLowerCase();if(name=="transparent")return m(255,255,255,0);else{res=lookupColors[name]||[0,0,0];return m(res[0],res[1],res[2])}};var lookupColors={aqua:[0,255,255],azure:[240,255,255],beige:[245,245,220],black:[0,0,0],blue:[0,0,255],brown:[165,42,42],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgrey:[169,169,169],darkgreen:[0,100,0],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkviolet:[148,0,211],fuchsia:[255,0,255],gold:[255,215,0],green:[0,128,0],indigo:[75,0,130],khaki:[240,230,140],lightblue:[173,216,230],lightcyan:[224,255,255],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightyellow:[255,255,224],lime:[0,255,0],magenta:[255,0,255],maroon:[128,0,0],navy:[0,0,128],olive:[128,128,0],orange:[255,165,0],pink:[255,192,203],purple:[128,0,128],violet:[128,0,128],red:[255,0,0],silver:[192,192,192],white:[255,255,255],yellow:[255,255,0]}})(jQuery);

grafana/public/vendor/tagsinput/bootstrap-tagsinput.js

Line 284 in 08351e3

var regex = new RegExp( '(' + this.query + ')', 'gi' );

grafana/scripts/webpack/webpack.hot.js

Line 113 in 08351e3

test: /\.(png|jpg|gif|ttf|eot|svg|woff(2)?)(\?[a-z0-9=&.]+)?$/,

More info on how to fix Insecure Use of Regular Expressions in Javascript.

Insecure Network Communication (9)

grafana/pkg/models/datasource_cache.go

Line 218 in 08351e3

InsecureSkipVerify: tlsSkipVerify,

grafana/pkg/cmd/grafana-cli/services/services.go

Line 56 in 08351e3

InsecureSkipVerify: skipTLSVerify,

grafana/pkg/login/social/social.go

Line 253 in 08351e3

InsecureSkipVerify: info.TlsSkipVerify,

grafana/pkg/services/ldap/ldap.go

Line 118 in 08351e3

InsecureSkipVerify: server.Config.SkipVerifySSL,

grafana/pkg/services/notifications/mailer.go

Line 101 in 08351e3

InsecureSkipVerify: ns.Cfg.Smtp.SkipVerify,

grafana/pkg/infra/remotecache/redis_storage.go

Line 62 in 08351e3

options.TLSConfig = &tls.Config{InsecureSkipVerify: true}

grafana/pkg/api/http_server.go

Line 216 in 08351e3

tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

grafana/pkg/api/app_routes.go

Line 23 in 08351e3

InsecureSkipVerify: hs.Cfg.PluginsAppsSkipVerifyTLS,

grafana/pkg/api/http_server.go

Line 252 in 08351e3

PreferServerCipherSuites: false,

More info on how to fix Insecure Network Communication in Go.

Insecure Configuration (1)

grafana/pkg/cmd/grafana-server/main.go

Line 8 in 08351e3

_ "net/http/pprof"

More info on how to fix Insecure Configuration in Go.

Insecure Use of SQL Queries (55)

grafana/pkg/services/auth/auth_token.go

Line 330 in 08351e3

sql := "DELETE from user_auth_token WHERE user_id IN (?" + user_id_params + ")"

grafana/pkg/services/sqlstore/permissions/dashboard.go

Line 30 in 08351e3

sql := `(

grafana/pkg/services/sqlstore/searchstore/builder.go

Line 107 in 08351e3

b.sql.WriteString(fmt.Sprintf(" WHERE %s", strings.Join(wheres, " AND ")))

grafana/pkg/tsdb/influxdb/query.go

Line 120 in 08351e3

return fmt.Sprintf(` FROM %s%s`, policy, measurement)

grafana/pkg/services/sqlstore/alert.go

Line 339 in 08351e3

buffer.WriteString(` WHERE id IN (?` + strings.Repeat(",?", len(cmd.AlertIds)-1) + `)`)

grafana/pkg/services/sqlstore/annotation.go

Line 124 in 08351e3

sql.WriteString(`

grafana/pkg/services/sqlstore/annotation.go

Line 204 in 08351e3

tagsSubQuery := fmt.Sprintf(`

grafana/pkg/services/sqlstore/dashboard.go

Line 478 in 08351e3

sql += `

grafana/pkg/services/sqlstore/dashboard_version.go

Line 111 in 08351e3

deleteExpiredSQL := `DELETE FROM dashboard_version WHERE id IN (?` + strings.Repeat(",?", len(versionIdsToDelete)-1) + `)`

grafana/pkg/services/sqlstore/quota.go

Line 39 in 08351e3

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where org_id=?", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/quota.go

Line 82 in 08351e3

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where org_id=?", dialect.Quote(q.Target))

grafana/pkg/services/sqlstore/quota.go

Line 142 in 08351e3

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where user_id=?", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/quota.go

Line 185 in 08351e3

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where user_id=?", dialect.Quote(q.Target))

grafana/pkg/services/sqlstore/quota.go

Line 234 in 08351e3

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/sqlbuilder.go

Line 44 in 08351e3

sb.sql.WriteString(` AND

grafana/pkg/services/sqlstore/stats.go

Line 25 in 08351e3

var rawSQL = `SELECT COUNT(*) AS count, type FROM ` + dialect.Quote("alert_notification") + ` GROUP BY type`

grafana/pkg/services/sqlstore/stats.go

Line 32 in 08351e3

var rawSQL = `SELECT COUNT(*) AS count, type FROM ` + dialect.Quote("data_source") + ` GROUP BY type`

grafana/pkg/services/sqlstore/stats.go

Line 39 in 08351e3

var rawSQL = `SELECT COUNT(*) AS count, type, access FROM ` + dialect.Quote("data_source") + ` GROUP BY type, access`

grafana/pkg/services/sqlstore/stats.go

Line 48 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("user") + `) AS users,`)

grafana/pkg/services/sqlstore/stats.go

Line 49 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("org") + `) AS orgs,`)

grafana/pkg/services/sqlstore/stats.go

Line 50 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("dashboard") + `) AS dashboards,`)

grafana/pkg/services/sqlstore/stats.go

Line 51 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("data_source") + `) AS datasources,`)

grafana/pkg/services/sqlstore/stats.go

Line 52 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("star") + `) AS stars,`)

grafana/pkg/services/sqlstore/stats.go

Line 53 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("playlist") + `) AS playlists,`)

grafana/pkg/services/sqlstore/stats.go

Line 54 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("alert") + `) AS alerts,`)

grafana/pkg/services/sqlstore/stats.go

Line 57 in 08351e3

sb.Write(`(SELECT COUNT(*) FROM `+dialect.Quote("user")+` WHERE last_seen_at > ?) AS active_users,`, activeUserDeadlineDate)

grafana/pkg/services/sqlstore/stats.go

Line 59 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM `+dialect.Quote("dashboard")+` WHERE is_folder = ?) AS folders,`, dialect.BooleanStr(true))

grafana/pkg/services/sqlstore/stats.go

Line 61 in 08351e3

sb.Write(`(

grafana/pkg/services/sqlstore/stats.go

Line 69 in 08351e3

sb.Write(`(

grafana/pkg/services/sqlstore/stats.go

Line 77 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_provisioning") + `) AS provisioned_dashboards,`)

grafana/pkg/services/sqlstore/stats.go

Line 78 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_snapshot") + `) AS snapshots,`)

grafana/pkg/services/sqlstore/stats.go

Line 79 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_version") + `) AS dashboard_versions,`)

grafana/pkg/services/sqlstore/stats.go

Line 80 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("annotation") + `) AS annotations,`)

grafana/pkg/services/sqlstore/stats.go

Line 81 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("team") + `) AS teams,`)

grafana/pkg/services/sqlstore/stats.go

Line 82 in 08351e3

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("user_auth_token") + `) AS auth_tokens,`)

grafana/pkg/services/sqlstore/stats.go

Line 116 in 08351e3

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/stats.go

Line 175 in 08351e3

var rawSQL = `SELECT COUNT(id) AS Count FROM ` + dialect.Quote("user")

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 109 in 08351e3

sql := "SELECT 1 FROM " + db.Quote("INFORMATION_SCHEMA") + "." + db.Quote("STATISTICS") + " WHERE " + db.Quote("TABLE_SCHEMA") + " = DATABASE() AND " + db.Quote("TABLE_NAME") + "=? AND " + db.Quote("INDEX_NAME") + "=?"

grafana/pkg/services/sqlstore/temp_user.go

Line 67 in 08351e3

rawSQL := `SELECT

grafana/pkg/services/sqlstore/temp_user.go

Line 105 in 08351e3

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/user.go

Line 386 in 08351e3

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/user.go

Line 540 in 08351e3

disableSQL := "UPDATE " + dialect.Quote("user") + " SET is_disabled=? WHERE Id IN (?" + user_id_params + ")"

grafana/pkg/services/sqlstore/user.go

Line 575 in 08351e3

"DELETE FROM " + dialect.Quote("user") + " WHERE id = ?",

grafana/pkg/services/sqlstore/migrations/temp_user.go

Line 108 in 08351e3

if _, err := sess.Exec("UPDATE "+mg.Dialect.Quote("temp_user")+

grafana/pkg/services/sqlstore/migrations/user_mig.go

Line 147 in 08351e3

err := sess.SQL(fmt.Sprintf("SELECT id, login from %s WHERE rands = ''", mg.Dialect.Quote("user"))).Find(&users)

grafana/pkg/services/sqlstore/migrations/user_mig.go

Line 161 in 08351e3

if _, err := sess.Exec("UPDATE "+mg.Dialect.Quote("user")+

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 112 in 08351e3

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %s;", table.Name)); err != nil {

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 105 in 08351e3

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %q WHERE dashboard_id != -1 AND org_id != -1;", table.Name)); err != nil {

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 75 in 08351e3

sql := "SELECT 1 FROM " + db.Quote("sqlite_master") + " WHERE " + db.Quote("type") + "='index' AND " + db.Quote("tbl_name") + "=? AND " + db.Quote("name") + "=?"

grafana/pkg/services/sqlstore/migrator/postgres_dialect.go

Line 156 in 08351e3

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %v WHERE dashboard_id != -1 AND org_id != -1;", db.Quote(table.Name))); err != nil {

grafana/pkg/services/sqlstore/migrator/postgres_dialect.go

Line 109 in 08351e3

sql := "SELECT 1 FROM " + db.Quote("pg_indexes") + " WHERE" + db.Quote("tablename") + "=? AND " + db.Quote("indexname") + "=?"

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 156 in 08351e3

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %v WHERE dashboard_id != -1 AND org_id != -1;", db.Quote(table.Name))); err != nil {

grafana/pkg/services/sqlstore/migrator/dialect.go

Line 183 in 08351e3

return fmt.Sprintf("INSERT INTO %s (%s) SELECT %s FROM %s", quote(targetTable), targetColsSQL, sourceColsSQL, quote(sourceTable))

grafana/pkg/services/sqlstore/stats.go

Line 227 in 08351e3

query := `

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 115 in 08351e3

sql := "SELECT 1 FROM " + db.Quote("INFORMATION_SCHEMA") + "." + db.Quote("COLUMNS") + " WHERE " + db.Quote("TABLE_SCHEMA") + " = DATABASE() AND " + db.Quote("TABLE_NAME") + "=? AND " + db.Quote("COLUMN_NAME") + "=?"

More info on how to fix Insecure Use of SQL Queries in Go.

Insecure Use of Crypto (7)

grafana/pkg/api/dtos/models.go

Line 62 in 08351e3

hasher := md5.New()

grafana/pkg/api/dtos/models.go

Line 4 in 08351e3

"crypto/md5"

grafana/pkg/util/md5.go

Line 4 in 08351e3

"crypto/md5"

grafana/pkg/util/md5.go

Line 13 in 08351e3

hash := md5.New()

grafana/pkg/services/notifications/codes.go

Line 40 in 08351e3

sh := sha1.New()

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 5 in 08351e3

"crypto/md5"

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 97 in 08351e3

h := md5.New()

More info on how to fix Insecure Use of Crypto in Go.

Insecure Processing of Data (6)

grafana/scripts/build/release_publisher/externalrelease.go

Line 59 in 08351e3

response, err := http.Get(url)

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 278 in 08351e3

if _, err := io.Copy(buf, src); err != nil {

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 319 in 08351e3

_, err = io.Copy(dst, src)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 319 in 08351e3

env = Environment(loader=file_loader)

grafana/public/app/plugins/datasource/cloudwatch/utils/query/ScrollQLParser.js

Line 408 in 08351e3

var atn = new antlr4.atn.ATNDeserializer().deserialize(serializedATN);

grafana/public/app/plugins/datasource/cloudwatch/utils/query/ScrollQLLexer.js

Line 788 in 08351e3

var atn = new antlr4.atn.ATNDeserializer().deserialize(serializedATN);

More info on how to fix Insecure Processing of Data in Go, Python and Javascript.

Insecure Use of Language/Framework API (19)

grafana/pkg/services/alerting/notifiers/telegram.go

Line 192 in 08351e3

w.Close()

grafana/pkg/services/alerting/notifiers/slack.go

Line 379 in 08351e3

w.Close()

grafana/pkg/services/alerting/notifiers/pushover.go

Line 387 in 08351e3

w.Close()

grafana/pkg/services/alerting/notifiers/discord.go

Line 195 in 08351e3

w.Close()

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 101 in 08351e3

w.Flush()

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 118 in 08351e3

tmpFile.Close()

grafana/pkg/plugins/backendplugin/manager.go

Line 269 in 08351e3

stream.Close()

grafana/pkg/infra/usagestats/usage_stats.go

Line 211 in 08351e3

resp.Body.Close()

grafana/devenv/docker/blocks/alert_webhook_listener/main.go

Line 23 in 08351e3

http.ListenAndServe(":3010", nil)

grafana/devenv/docker/blocks/alert_webhook_listener/main.go

Line 18 in 08351e3

io.WriteString(w, line)

grafana/pkg/infra/log/syslog.go

Line 81 in 08351e3

sw.syslog.Close()

grafana/pkg/infra/log/file.go

Line 252 in 08351e3

fd.Close()

grafana/pkg/infra/log/file.go

Line 232 in 08351e3

w.mw.fd.Close()

grafana/pkg/infra/log/file.go

Line 190 in 08351e3

fd.Close()

grafana/pkg/components/imguploader/azureblobuploader.go

Line 76 in 08351e3

resp.Body.Close()

grafana/pkg/infra/log/file.go

Line 60 in 08351e3

l.fd.Close()

grafana/pkg/middleware/auth_proxy/auth_proxy.go

Line 155 in 08351e3

hasher.Write([]byte(key)) // nolint: errcheck

grafana/pkg/infra/tracing/tracing.go

Line 133 in 08351e3

ts.closer.Close()

grafana/devenv/docker/blocks/graphite/files/events_views.py

Line 46 in 08351e3

assert isinstance(event, dict)

More info on how to fix Insecure Use of Language/Framework API in Go and Python.

Vulnerable Libraries (1)

More info on how to fix Vulnerable Libraries in Go.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot