[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/grafana-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	576/1000 Why? Recently disclosed, Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	Yes	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-storysource

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request docs: default paths in the docker container. grafana/grafana#13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request Keep legend scroll position when series are toggled grafana/grafana#12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request Allow OAuth authentication with minimal userinfo grafana/grafana#13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request [Feature Request] Add ability to clone Data Source grafana/grafana#13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request Time macros not expanding in non-templated Postgres query grafana/grafana#13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request [Bug] Proper handling of alert rule with a query using template variables grafana/grafana#13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request docs: default paths in the docker container. grafana/grafana#13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request Keep legend scroll position when series are toggled grafana/grafana#12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request Allow OAuth authentication with minimal userinfo grafana/grafana#13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request [Feature Request] Add ability to clone Data Source grafana/grafana#13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request Time macros not expanding in non-templated Postgres query grafana/grafana#13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request [Bug] Proper handling of alert rule with a query using template variables grafana/grafana#13155 from storybookjs/feature/sidebarClassNames

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[guardrails]

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 315 | Considered vulnerability: 113

Hard-Coded Secrets (111)

grafana/docs/sources/developers/plugins/build-a-logs-data-source-plugin.md

Line 119 in d99085e

frame.add({ time: 1589189388597, content: 'user registered', level: 'info', id: 'd3b07384d113edec49eaa6238ad5ff00' });

grafana/docs/sources/developers/plugins/build-a-logs-data-source-plugin.md

Line 120 in d99085e

frame.add({ time: 1589189406480, content: 'unknown error', level: 'error', id: 'c157a79031e1c40f85931829bc5fc552' });

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 80 in d99085e

"keyId": "7e4d0c6a708866e7",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 82 in d99085e

"LICENSE": "12ab7a0961275f5ce7a428e662279cf49bab887d12b2ff7bfde738346178c28c",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 83 in d99085e

"module.js.LICENSE.txt": "0d8f66cd4afb566cb5b7e1540c68f43b939d3eba12ace290f18abc4f4cb53ed0",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 84 in d99085e

"module.js.map": "8a4ede5b5847dec1c6c30008d07bef8a049408d2b1e862841e30357f82e0fa19",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 85 in d99085e

"plugin.json": "13be5f2fd55bee787c5413b5ba6a1fae2dfe8d2df6c867dadc4657b98f821f90",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 86 in d99085e

"README.md": "2d90145b28f22348d4f50a81695e888c68ebd4f8baec731fdf2d79c8b187a27f",

grafana/docs/sources/developers/plugins/sign-a-plugin.md

Line 87 in d99085e

"module.js": "b4b6945bbf3332b08e5e1cb214a5b85c82557b292577eb58c8eb1703bc8e4577"

grafana/docs/sources/http_api/auth.md

Line 127 in d99085e

{"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1=","id":1}

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 45 in d99085e

This should return a response: `{"name":"apikeycurl","key":"eyJrIjoiR0ZXZmt1UFc0OEpIOGN5RWdUalBJTllUTk83VlhtVGwiLCJuIjoiYXBpa2V5Y3VybCIsImlkIjo2fQ=="}`.

grafana/docs/sources/http_api/data_source.md

Line 302 in d99085e

"secretKey": "dGVzdCBrZXkgYmxlYXNlIGRvbid0IHN0ZWFs"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 22 in d99085e

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "010a88df924a81ec21b293b5da8f9b11c176d27c0ee3962dc1738d2352d3c02d"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 30 in d99085e

"e7ab86d833bf9faed39801ab3b5cd294f026d26f9a7da63a42390943ead486cc"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh

Line 43 in d99085e

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 26 in d99085e

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "70ac0dbf60a8ee9236f337ed0daa7a4c3b98f6186d4497826f68e97c0c0413f6"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 34 in d99085e

"9a5d47b51442d68b718af4c7350f4406cdc087e2236a5b9ae52f37aebede6cb3"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh

Line 44 in d99085e

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 6 in d99085e

get_file "https://dl.google.com/go/$filename" "/tmp/$filename" "010a88df924a81ec21b293b5da8f9b11c176d27c0ee3962dc1738d2352d3c02d"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 14 in d99085e

"e7ab86d833bf9faed39801ab3b5cd294f026d26f9a7da63a42390943ead486cc"

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci/scripts/deploy.sh

Line 27 in d99085e

"b4138199aa755ebfe171b57cc46910b13258ace5fbc4eaa099c42607cd0bff32"

grafana/packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/KeyValuesTable.test.js

Line 54 in d99085e

{ key: 'numericString', value: '12345678901234567890' },

grafana/packages/jaeger-ui-components/src/selectors/trace.fixture.js

Line 51 in d99085e

spanID: 'ea7cfaca83f0724b',

grafana/packages/jaeger-ui-components/src/selectors/trace.fixture.js

Line 58 in d99085e

traceID: '2992f2a5b5d037a8aabffd08ef384237',

grafana/pkg/middleware/middleware_basic_auth_test.go

Line 38 in d99085e

authHeader := util.GetBasicAuthHeader("api_key", "eyJrIjoidjVuQXdwTWFmRlA2em5hUzR1cmhkV0RMUzU1MTFNNDIiLCJuIjoiYXNkIiwiaWQiOjF9")

grafana/pkg/plugins/manifest_test.go

Line 19 in d99085e

"LICENSE": "7df059597099bb7dcf25d2a9aedfaf4465f72d8d",

grafana/pkg/plugins/manifest_test.go

Line 20 in d99085e

"README.md": "08ec6d704b6115bef57710f6d7e866c050cb50ee",

grafana/pkg/plugins/manifest_test.go

Line 21 in d99085e

"gfx_sheets_darwin_amd64": "1b8ae92c6e80e502bb0bf2d0ae9d7223805993ab",

grafana/pkg/plugins/manifest_test.go

Line 22 in d99085e

"gfx_sheets_linux_amd64": "f39e0cc7344d3186b1052e6d356eecaf54d75b49",

grafana/pkg/plugins/manifest_test.go

Line 23 in d99085e

"gfx_sheets_windows_amd64.exe": "c8825dfec512c1c235244f7998ee95182f9968de",

grafana/pkg/plugins/manifest_test.go

Line 24 in d99085e

"module.js": "aaec6f51a995b7b843b843cd14041925274d960d",

grafana/pkg/plugins/manifest_test.go

Line 25 in d99085e

"module.js.LICENSE.txt": "7f822fe9341af8f82ad1b0c69aba957822a377cf",

grafana/pkg/plugins/manifest_test.go

Line 26 in d99085e

"module.js.map": "c5a524f5c4237f6ed6a016d43cd46938efeadb45",

grafana/pkg/plugins/manifest_test.go

Line 27 in d99085e

"plugin.json": "55556b845e91935cc48fae3aa67baf0f22694c3f"

grafana/pkg/plugins/manifest_test.go

Line 30 in d99085e

"keyId": "7e4d0c6a708866e7"

grafana/pkg/services/dashboards/dashboard_service_test.go

Line 78 in d99085e

{Uid: "asdfghjklqwertyuiopzxcvbnmasdfghjklqwertyuiopzxcvbnmasdfghjklqwertyuiopzxcvbnm", Error: models.ErrDashboardUidTooLong},

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 250 in d99085e

So(ds.SecureJSONData["tlsCACert"], ShouldEqual, "MjNOcW9RdkbUDHZmpco2HCYzVq9dE+i6Yi+gmUJotq5CDA==")

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 251 in d99085e

So(ds.SecureJSONData["tlsClientCert"], ShouldEqual, "ckN0dGlyMXN503YNfjTcf9CV+GGQneN+xmAclQ==")

grafana/pkg/services/provisioning/datasources/config_reader_test.go

Line 252 in d99085e

So(ds.SecureJSONData["tlsClientKey"], ShouldEqual, "ZkN4aG1aNkja/gKAB1wlnKFIsy2SRDq4slrM0A==")

grafana/pkg/util/encoding_test.go

Line 31 in d99085e

"e59c568621e57756495a468f47c74e07c911b037084dd464bb2ed72410970dc849cabd71b48c394faf08a5405dae53741ce9",

grafana/pkg/util/md5_test.go

Line 13 in d99085e

want := "dd1f7fdb3466c0d09c2e839d1f1530f8"

grafana/public/app/core/utils/richHistory.ts

Line 374 in d99085e

const letters = 'ABCDEFGHIJKLMNOPQRSTUVXYZ';

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 197 in d99085e

spanID: '35118c298fc91f68',

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 200 in d99085e

references: [{ refType: 'CHILD_OF', traceID: '1ed38015486087ca', spanID: '3fb050342773d333' }],

grafana/public/app/features/explore/TraceView/TraceView.test.tsx

Line 217 in d99085e

{ key: 'client-uuid', type: 'string', value: '2a59d08899ef6a8a' },

grafana/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts

Line 82 in d99085e

'QVJST1cxAAD/////GAEAABAAAAAAAAoADgAMAAsABAAKAAAAFAAAAAAAAAEDAAoADAAAAAgABAAKAAAACAAAAFgAAAACAAAAKAAAAAQAAAB8////CAAAAAwAAAAAAAAAAAAAAAUAAAByZWZJZAAAAJz///8IAAAAFAAAAAkAAABsb2dHcm91cHMAAAAEAAAAbmFtZQAAAAABAAAAGAAAAAAAEgAYABQAEwASAAwAAAAIAAQAEgAAABQAAABMAAAAUAAAAAAABQFMAAAAAQAAAAwAAAAIAAwACAAEAAgAAAAIAAAAGAAAAAwAAABsb2dHcm91cE5hbWUAAAAABAAAAG5hbWUAAAAAAAAAAAQABAAEAAAADAAAAGxvZ0dyb3VwTmFtZQAAAAD/////mAAAABQAAAAAAAAADAAWABQAEwAMAAQADAAAAGAGAAAAAAAAFAAAAAAAAAMDAAoAGAAMAAgABAAKAAAAFAAAAEgAAAAhAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiAAAAAAAAACIAAAAAAAAANgFAAAAAAAAAAAAAAEAAAAhAAAAAAAAAAAAAAAAAAAAAAAAADIAAABiAAAAkQAAALwAAADuAAAAHwEAAFQBAACHAQAAtQEAAOoBAAAbAgAASgIAAHQCAAClAgAA1QIAABADAABEAwAAdgMAAKMDAADXAwAACQQAAEAEAAB3BAAAlwQAAK0EAAC8BAAA+wQAAEIFAABhBQAAeAUAAJIFAAC0BQAA1gUAAC9hd3MvY29udGFpbmVyaW5zaWdodHMvZGV2MzAzLXdvcmtzaG9wL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvZGF0YXBsYW5lL2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvZmxvd2xvZ3MvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2RldjMwMy13b3Jrc2hvcC9ob3N0L2F3cy9jb250YWluZXJpbnNpZ2h0cy9kZXYzMDMtd29ya3Nob3AvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2RldjMwMy13b3Jrc2hvcC9wcm9tZXRoZXVzL2F3cy9jb250YWluZXJpbnNpZ2h0cy9lY29tbWVyY2Utc29ja3Nob3AvYXBwbGljYXRpb24vYXdzL2NvbnRhaW5lcmluc2lnaHRzL2Vjb21tZXJjZS1zb2Nrc2hvcC9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL2Vjb21tZXJjZS1zb2Nrc2hvcC9ob3N0L2F3cy9jb250YWluZXJpbnNpZ2h0cy9lY29tbWVyY2Utc29ja3Nob3AvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcGVyZi9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL2hvc3QvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1wZXJmL3BlcmZvcm1hbmNlL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcGVyZi9wcm9tZXRoZXVzL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tcHJvZC11cy1lYXN0LTEvcGVyZm9ybWFuY2UvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL2FwcGxpY2F0aW9uL2F3cy9jb250YWluZXJpbnNpZ2h0cy93YXRjaGRlbW8tc3RhZ2luZy9kYXRhcGxhbmUvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL2hvc3QvYXdzL2NvbnRhaW5lcmluc2lnaHRzL3dhdGNoZGVtby1zdGFnaW5nL3BlcmZvcm1hbmNlL2F3cy9lY3MvY29udGFpbmVyaW5zaWdodHMvYnVnYmFzaC1lYzIvcGVyZm9ybWFuY2UvYXdzL2Vjcy9jb250YWluZXJpbnNpZ2h0cy9lY3MtZGVtb3dvcmtzaG9wL3BlcmZvcm1hbmNlL2F3cy9lY3MvY29udGFpbmVyaW5zaWdodHMvZWNzLXdvcmtzaG9wLWRldi9wZXJmb3JtYW5jZS9hd3MvZWtzL2RldjMwMy13b3Jrc2hvcC9jbHVzdGVyL2F3cy9ldmVudHMvY2xvdWR0cmFpbC9hd3MvZXZlbnRzL2Vjcy9hd3MvbGFtYmRhL2N3c3luLW15Y2FuYXJ5LWZhYzk3ZGVkLWYxMzQtNDk5YS05ZDcxLTRjM2JlMWY2MzE4Mi9hd3MvbGFtYmRhL2N3c3luLXdhdGNoLWxpbmtjaGVja3MtZWY3ZWYyNzMtNWRhMi00NjYzLWFmNTQtZDJmNTJkNTViMDYwL2Vjcy9lY3MtY3dhZ2VudC1kYWVtb24tc2VydmljZS9lY3MvZWNzLWRlbW8tbGltaXRUYXNrQ2xvdWRUcmFpbC9EZWZhdWx0TG9nR3JvdXBjb250YWluZXItaW5zaWdodHMtcHJvbWV0aGV1cy1iZXRhY29udGFpbmVyLWluc2lnaHRzLXByb21ldGhldXMtZGVtbwAAEAAAAAwAFAASAAwACAAEAAwAAAAQAAAALAAAADwAAAAAAAMAAQAAACgBAAAAAAAAoAAAAAAAAABgBgAAAAAAAAAAAAAAAAAAAAAAAAAACgAMAAAACAAEAAoAAAAIAAAAWAAAAAIAAAAoAAAABAAAAHz///8IAAAADAAAAAAAAAAAAAAABQAAAHJlZklkAAAAnP///wgAAAAUAAAACQAAAGxvZ0dyb3VwcwAAAAQAAABuYW1lAAAAAAEAAAAYAAAAAAASABgAFAATABIADAAAAAgABAASAAAAFAAAAEwAAABQAAAAAAAFAUwAAAABAAAADAAAAAgADAAIAAQACAAAAAgAAAAYAAAADAAAAGxvZ0dyb3VwTmFtZQAAAAAEAAAAbmFtZQAAAAAAAAAABAAEAAQAAAAMAAAAbG9nR3JvdXBOYW1lAAAAAEgBAABBUlJPVzE=',

grafana/public/app/plugins/datasource/loki/live_streams.test.ts

Line 50 in d99085e

id: '8c50d09800ce8dda69a2ff25405c9f65',

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 57 in d99085e

expect(data[0].fields[2].values.get(0)).toEqual('2b431b8a98b80b3b2c2f4cd2444ae6cb');

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 60 in d99085e

expect(data[1].fields[2].values.get(0)).toEqual('75d73d66cff40f9d1a1f2d5a0bf295d0');

grafana/public/app/plugins/datasource/loki/result_transformer.test.ts

Line 119 in d99085e

id: '19e8e093d70122b3b53cb6e24efd6e2d',

grafana/scripts/build/gpg-test-vars.sh

Line 3 in d99085e

export GPG_PRIV_KEY="LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFkR0JGNXhGRUFCRUFEZUJrOTZJbHNuendQanQ2aVVGSUZhNG0vR2JEZmxmTVluVURuS21CZWJiVVB1MDNRegpFZU1PeFpER0ZzRmV1K2E5Qk51WWphVkdFREpidVNja25CaitYSHlvN2NzVzEwdmhlck9zTVpxT01kUnU5TExHClZjVFVGbFZBaGI4Y29WbXJoMS8yNHhmd0FzNU5KbUROdVVzTXN1QXpwWHkwUnpwMTdjeXhrR3E3SzNQcjJPRkYKd1hsbXU1c2R5WU94NTlaRGwxejhEanNXVG1aQW45dEFQVTJnd1JTcjdzdWlQVjBFZzVqdkZYVHFaYTk0aG90KwpEMUR3cHdoSGxtaVJLY056WHlkUXYweXJYMGJLdDB5bVh5VmFURWp0bm1yWnZESHJrZTU5V0dZVlozSmRPS2lvClFXQ0EzZEx2RW9Pb2M5K3VEZWhNdWJVQjg3ckxUYmhsOVdTSTllSlNidmt0bUhLMXA1d3JPM3ZINVkrQWxmeHUKQk4xUnBndC84aXpvOEZGeC9Qc3A5RTA3YWFOZHpsRWh2U3RWWWxFWnl2WlJXMnNyWk9HcWtVMXlYRUJJVlZzUQptZmZZNG1pZ2I2UU81Y3ArQ3pnMWNLOTMxUVpjRWFrSFlDZ2I2TXNLMFhCQVVKUmNLb2ROYVlTY1dBZlFMYXJXCmtuNWxFQjNodVo5OG9sVlhNVkw4alVaUEJidDhNVkt6N2lxd0hmaEt2WDBmLzkrZkxIRDZwTVg1Qll2OG9OV0kKdDVZZ2FQdDRGK1IxdFNLVXpwT1BLdEZWSVBQdGl3U0hEcDQzb3FrWittcXo2Z2hBUi93N25rYWZZMFNpNHlGegpyd1JreVpRR2NNR2NhZVd5aGRSdEhlRmtXajBsM2F4QlZqK2c2eHhydHZQTjMxV1BOMWZBZDlFMkt3QVJBUUFCCi9nY0RBbDFxNzByWm1GQVM5TGRoL1NXOU5Vb0JSaUJqWGI2T1JEVVFpWTF4N1NEd0NnSklBc2tBR2dvRi9hMGkKWUU2MW1SYk8xQVhXOVFTem1FNU1CMW1LdXpjM2I1MllkUnlYQ3REcEQ1dlZIM3d3cFlZSUkyM0xGN2gzM3NQNgptNTNSZDBsWFFxNjlHK3VnS1N5RENvZ2NrRHlSWVFxZUVNU2p6TWVLNjFyTm13cjJGbWZXbEN4VVlvdVprUEFsCjdYeGVmN3RjMEgvTG01Q3VDRkxCbzBaRFU1ditsRXE4L3hvRFFobTYrVjBLeXp1NE1LR1JYUzdzK2JzSkR2SnkKZC9xVDlRdHBJS0hhOWtYeDFNaXBXeURvQWNxR3ZhN3RiTnp1M1JRR1VyQjY4MlBrK1ZWTm9EQzY1OXJjVE9oNQpmd25tcFdmSm9yNnZZVHZsZzY3YWJFZWJ1MlB6TWxLS3EvSjlyZWxHY3lCMU5mbVgyZHg4L2JFcTVIS0xIN215CllhNEdrNkJvdVNaVTFENlZmTlBielVLanM4Z3dLV0FTN2dWa1JVWTdaQXY2a0lLbmJuRmxSN1hxUkhPYWJkYngKM0ZUbHRYSjBpZXdwRVJwMU9Qdm9hTldVMlB4NEh5UkRVVFU5Y0FLZHM4VExxS3plcmVNeE9UNG5lRGt6akp4cApOU1g2bFhIL2V2d3R4amtCdmtlTXlqUHV0U0pMWXhhUHppblVSTFRNcHJuL1c5ZlpudUlZMnladkI5Wk1zY2c5CnMzT1ZTT1VMdE1sTUgveldWWE5Ld1QwaVYwV2srVDVPNGhOZlZpWDdEU04rdExaN2VJZmFKeHBXRzR0NTY4SXQKcFJVbzVLcWl0UnJnS3JlaWo0YjllUWVHc3J4NUZhejNlelZTaWdlTHo3WUliSmQ2QW9kN0taeFhkSm5vZ2pDRApzWklnT2Y0OUZFc3BZM2IybkhGeUM3V1VmcmZjeEVEMDBnZ25HbUl2ajZTMW5DQWdlOXRKZjVjV2FYVTNSeWlMCitPSEphT1U5b1o5TkVJWU9ENFRKdXdWRkp0ellZTkpEQitEbVhLQ0ZMSWIvcGRydXRSVUkrUFNUQkdGZlZob1oKZERMS1E0OW4rMWVjOVpHY2hhTk54aEptdVkwMDZjNk9kT0hiMjJ0aWFkMnhpekRDZ3RGMUtWTDdJRHF4UUdoSQpEd2xZL3E3TmVoWWRpb09lSk9jYjVoVmRyV2wvaXJvQllkeW1meUttR28wZnNRMUdjNHJOMVJxd1ZoUjhhZ0lNCjloUzdYTHIra1hhQTllL0tRNTN5a1Z0WWdiVkxZWlMxQzZ6Qk1wNWUrWStYN3lONktiVjFFeTFjVE1ySU9vaFcKWFVJWUFPVHhRVkJiOFE3RHRhc2ViMThIcjBOdlZvamVRYXoveXByN3VOWXB4OEN6V2tqYmtKaUU2TzZ2TmVoaApiQ2lrVDhST1V4M1VHM0hLWVdtKzR3cmxkbXlXMFVKREVTbDl1MVRxRzlVbXUxSkdId3E0aERSZlI0TkpGRGljCmtjc1JyMDU3bnd5Q21nbEdrMGdzZWVjUis5cnRnT1ZQZ0lRUUxXeXR1dkFVSmtKMUhrbFczdE5nN1I0cWg5R3oKNEdpUGpYdFY3QlNHMUpYRGE5RWpiL3pGUjh0YmNrZmFEaG5HRHJWLzBoakd2NkdBT24zeGMzKzVzQzZ1by94dApua2JwWUk2S0dXSjRzVGxxd3NMYUNvM3ZPU2FkcFRMYTNEVmlRbTdXbHBxWXA2VVZ0QTRjZ3g2Q1J3OUN6b1k5CktGZHBCb0NMUzVDeEt1WlBGVTF3YnFVdnBKVXhHMWpCWFZ1WUIxelNabEQ2a0tyQTdDVjB2OURnZk5mYVJxRmkKTmkyY2FmQ1JtdG5HRWdxaDV1NGZCRmJDWURpdE1mTW1rR2NZNjRCNWIrWDcyRlhXMmdaUCtEZS9ld2dIVHpWbApyMWFpUmNLNHdHUk5Lc3ptZlYxaHdkNG5TR0pqMEV6V2toOEJleU9SSUtoeVZ6Y0QyVnJBTzBsaXFWNm1LRVhPCjk2anVubENmWGl1NFdJRWJ2UHEySEhRek9NT3BwakVmWG9GekR0NnV4RVR6RXlpYlN5SlA4cjZ2ZFJxMTE0RDAKZFp4TUlrWi9XWVM3TTFZbER6enBiQmptUWl3LzZuV05DTlY1czVydEhuRkR3VkVpMVpsMXgwc1NWL1pVQlo2QQp0b2gyaTBWaHh1eFJWSi9EbG5SaWNFaHBrR3l2SkRlOWpXdDVtUzE4dDc4dE81QkRmYmJxblRiVlRDVFVORWFuCndLdGxkSWlMQUFTVDNjc29qUjVoSHp3RDNjL044dWhFaERMTE5VdDUvSGdiMERlbk4xQmh4SyswSmtOcGNtTnMKWlVOSklFSnZkQ0E4Wlc1bmFXNWxaWEpwYm1kQVozSmhabUZ1WVM1amIyMCtpUUpPQkJNQkNBQTRGaUVFM3RCYgpNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQ0d3TUZDd2tJQndJR0ZRb0pDQXNDQkJZQ0F3RUNIZ0VDCkY0QUFDZ2tRU3RWV1VOeDJQaXZGbHcvK0ppWWpGbFZLM29pcEtCU3FURVVlR0ZGZlB5bjljZnJZeUpNUkliOWUKMVJvUyt2SlhXdk1EZEN6VXIzWGJrNlFvWmZiWUE5a3pIdnlRWG9aK0ovVHJPbE1zMGs0UVFHNGZDZlJOZE5LZApmRTNXbUM4eSszSUhNSFpXSjc1dFVrN05nM2kvNEV1Y3FxelozelRTMUdMSG1wRDNETTVzRVFiZHFNYkVXbEhaCnAzaVEya010QVpyNU4yYWhmUTdnNVZZMmFBMXlEelgza1NSdForWHZrRUhraHAvWjFpTjZ1V1p2dzQrdHhEalYKVEZCWkFjNVB4Y2RzWm5KcmdSbUxyTUI3aTBJV3Z4RFNTVjlhbVAraWtkR0lCWWlZUGZSR0lhb3FqRnJ1dDNYego3N0JOVzh1VDdxWXVNRVZwNEJwU0t2SHFySXVUL2N3YUtyQmlDK0RmNncyMnhhYTRqemFJaXlaNm1adTNMa2dnCmZublpQMTdVRkh3TjB3ZlBxSC96Q1RFWVBjUjZUcFh2RTlHbm1FQndTNXQya3lxM2FIM0c0MDNicGM0MGhoQXQKN0ZvdGFqazYxNkxRT1lEUWJTK1YyZG9NZVlKREpQZFhrYi80Njl0VVBTbWJLRHRHcklueGZTYVptQjdIenFuMQpWR0lNMkdjZUY3RDdNWlZENkFpY3B2NitjZTlLdHltNGo3SHVkT2xsMjIrb3I5aVI3WTNmQ29FN1dZNGliMHR5Cm5IN2ZFU1BURXN2R0lDV1FFMUFobHlrcktFQ0dNdENzdDJZTG5jZHZCckNFNFlxdDlHeDBrbVZOM3dTRHRwaUcKWVp6a2xtU2xweDMzbVRFOUdSR21wQ1BGcDk3UGNLUEtWU0M5M3ZGRG1vcGMyVEJwNWZiR1A5NzlVaXpIaHVmUApGZU9kQjBVRVhuRVVRQUVRQU9wbEZOaG9ocXkxY0xjV2thSUZYdk0wdk0zQlVIblJNT2dUS2JhSzhYc01sZFZICnBEcjdramhFVE5NYVNOMlcxVkU5akdlTDRTZ0xaOEVvZDRqNXN0cEd4THBwb2gzYUtpYWIwcDRkaThNbWFIdGIKNkwvNmtodEtxNGtRWEdONE9MMWVkaFAvQy9lYkVEY2VhMWhwUkpwM1U4dTlGaGZMVHFvUEcremxMMFllY1NjUwp5L2NVNjZOZDVpeWtCREdNNDBPM1pCendIT3RyWHM5SWJSWVc4dUFUWmZMdkd5WXJLVGJLOWtZcC9xdkh5dG96Cjg0TG1XUXVZNXFaODd1YlRkdVpxRWphbXNheVptQjJoVWNQR2ZjK0JHL1VPNDA1c1lPaHl1bmhSMC8rRE92a3cKUFRORUpoSlV4OGxFbTZKS1RZMUw2RkxJSHhSbmdyTU1qc2NQaHg3M1NveWlzaVBXb1Yrdm9vZWQ1YzQvSUxSWgpoejgxak9uQys4QkRKQVE0MlRqRnFtcE5UZ2NCZTBsUi83WC9yaTBwVlFrbmszL29uZHFRajRuc25BNUhyRHpkClQyZll5WlFEcHJjekJUdEtkVE93aVNXc2F2MGVZemRld2xYaUVkRkM5SkI5bHBRcEZXNWQ3MkI2RE9CN2pQRW0Kc1l6UDFBZUNGWnF4Uk8wajRVdmlCK28wLys5N0tFRFVOclRTL1hRand6WllqN0lDcUI1dTJJb3ducDdOTGt6aQpnNUREQUdVakpQTE1GajIzRzJENTlZa1NzcG5maU80MDhxSWR5N2hET2ZxMkRJVDJNMDZMMDZhL2d3UXkxakJTCkpwbnA5eTlMbXNQMTRFcVFQTUt4cWdwS3VxOURVWVl0WnRkQUM5U0FGM3dGa0MxVHFQQU1PSU9vOE1VTkFCRUIKQUFIK0J3TUNwOU1TcG94VnpTbjBlVXk5Z3JGYUg3a0U0ZU9uc1NNRTNzaVdReEVXVmlLOUFoaHhIV2R5Tk80bApZSllLWHVYM3hOanYwN0FQRTVFeVU0UUtkOStZZ3VXREZRK0VUdUsybkY3cWIzUFAyamxIa0szU0E5dkg0ZlNWCmlQNW9mYkZtR2dwdDRCTjZiTE5OOVhINE00S0hkOHFyNG4rdkQybUFTS1FadTV2MkVSZnREdERlNzB3RGNLdGEKWXZlb3k4Z2lIQU15cFltbGVTWGpmbGJROG0wNUhZdXJGYlV4QnRXRmh0Yk9KWVB6VW5UbmFMam5tY1oyTXR2RAoreU12TWU0VzlPVXZqZDN6bWg0YnYzdmZvKzJmU2U1VjdOVTZEcVg0L3Z6TTlIMWxOdndjVUphMTErNC9FR3JtCmVySTlwZi9uYWlvTmVIbjFpZjA5SjhPUTdaQk5yVFFkbVIrR0hiNXRtL2dGeEY2TEJ1NytDUlN4Zi9qbmlLbC8KeE5TWjBaNlNod1o3alFkUUQ0eUxPTXJUbGpaNGdacVRLcW1QelR3YmIzNzkyZkZHRWV2SGJjWnRCQk5QVTd2OApleXErbEg0OGtsWlJidzVGR002M0d4dmJxbGtuT2ZHN3dMUTErMGNnZnNYQk5uUlp1aUIzMnZQU3BnL1Z0RU9ZCnJ4dnhuRXBQRFRWb1EzeFdJVjFkM2VqOFdSTzVGMWFWdEVrNE44VVpsWXJuNUE1SCtVSVVzdlBQVGluRWZDUDQKcUNLVUllQWxZQUdoYXpjTEJnOXNzRlVMZVVEaGZ3MVRWbVBvcStXVXlLOXkxM3BGbW10aDNiSmNoRkhRVFB5WQphOTdGQ3FpRjJYS25Vb2xRT1RDKy9YTHBTMVF2aDFxeWU1UnQrdmZFdEs1OU9sWjRhUW9hbDdqRjF6bkRzcjRDClU0Q3V0TnZpelBQVzAyVFZwQWxoUzNFTVZNcE5tVTNpcnN2aFVJTXdrd0VSeVVDTGw2WlNnazJMeVdVc0pIeDYKQ3pxNkhndDd2aUNrODZOMk1TbXN6NUhIVVhrSldibUdybVlQUXh2cGl6WkpzK2RoMTJCZmNiaWE4YXVTeEZtdwpyeDh0bFFwR2ZLQTVJQmVYaFVJQ2NuYU9hcVBqMEprKzYxRkFnUmcvNmFGWXNiSDNRanl2VFdVT01rc20vcjFqCkxROTVYaFJwOTFQemhRL2k5c2t0SDIzeWFrMFpqOVlHSm04NERkT1RCYWxpdmZxQ21nKzdVSFMvaGtXRk1kUzUKaHpiSXhUbGNYb0szeG5EbVNSaFlTSFI0bXZNMEF6RWZCenBFZk02WjNuU0cySFFPM1JIUElkelFIMGlSS0tIdwp0eG9jTGdHMllWSG5EanUvak8xL0ljL0NpdFBDRm92S0dFb0pMOHNzNkxOU1VWY0x2cDgyREtqTnRzWjBZOHhjCm1tdTBxb2dGQ24wdC9xWGxpRVBCUmRSZ0tqUEd5N0JOdVp3RVhSRERGQWlYamZQRytWVWhtcmtzdjd0UUhNd3AKa00xdTF0RnArWWtaSGJ4RWpaMEY5a3IvdW9pV2g3R2ovUUFtY1c5T2lybGsxczNhM0Rub2RKK2ttZ1dyZkdWMgpOcUxqTkI0dWgzbnRsK3Q0YnVKQ3VUWW1xRUl6VWd2bG01R1ljUStOOEMxS2NTTEZUa0NMNzBZWE9jY09HamdzCktVcGJlQ2FtMlhJNlZuc25hck11WEs3dzYvNGRnT2dmYXJORmowd3ZjeHcxdy96aHBDdEg3eG9SNzNrcFpzT1EKcVRlM2M3RjhVZzZwUkZlMDJIa1E3aGJzYU9IVXkyeXBuT1lVN09YQS94VjV5L1dsNC9hNWtoSnRxcFlZZW5vagpPdTF2c2czUk5LOW1kRGYxZmh6WnNxMU5PUGpXdFJtdEtnNERhNU8wdHRFYjBNd3Z2a0RZM3VoV1NWUW5YL3RSCldLMndXY0hwT1luR1ZOczQ2QkJFeEhtc21Kc1dybmpYTlFpMGhmM1lDcWo4OFRGcVp3Z3ROUjlVczlsYnRzQ3UKR3VyYWxLNHl6aDNObkR0V0NnTFlac1lJV3BSMDlaemxGdVROSGZLSkhmbWMxZ2xDeitxM1VycDBhZHF6ZGVlVgp0K0JlUlVKcG9MK280eVVqejZ3c0hTeEVFWjZJa1lCdi83by8veS9lQlV5TzFraW0wbm9hU1cvRHlBRnJNTWZGCm5TZEhQOGRtSGh4UHFRei9FbDhQbHphRm5lOVNoYlgySXloekt6VFZYRlk0NU02YzJ5THZtZ2hZdnYyTU5PSysKZEZ1RC8vdHhHYTA0UGl3RnA3d0lMRjVpdG5ncElzbUFPcnNEZlN0eFFaZTVERUxNWlVldXcyUFZpUUkyQkJnQgpDQUFnRmlFRTN0QmJNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQ0d3d0FDZ2tRU3RWV1VOeDJQaXY5Ci93LytPMG1RaW9UVElNcGxvd1M5c21jZmo3U0VqazZCUUVlRjQ3RUFWTUMrd2FlT2g1ZWtGSERlajJjQS9PQUcKYmR4OGNweGIxOThGQ0djaVp1dHByU29Ma0IxTjhYQ0w1TEhUUWZsYVUwSWE4em1FVmo0bjBLelRSK3NRRzZhTQp6OVUrUEJnTm5TYmsxSm1VSnA2NE5OZ2JhdlFrS1M0MWZCdjI4b1ZYS0FZemJocEMyaUlNWXpkaXl6U29sbTQ1CkhGYysxNWhGb1hOWDIyVGVRZzMrNUF3bEJiVjdvaGFXQ3EybVc4Y1pYalc5RTQvUEZzRkoyQTlXaiszYTNBWjgKR0l0eGlwREMvNXBIbkY0WnBWczNRenRMVXJLdDUvUFdjODlVT1U0MkU1Q3N3WXNSYzlFWFM1RU16b01KbXNycApBdC85NkhyQUNTS05aRzhhSktqNFVEME9jTlIyWVU0aXlnLzNPVERneWNoc0tWK2l6bU5VN25qZ2p0NElSeDJxClFpdVQ4eGhvSS9DS0VKbFVUY1JsQk1oRXh6MWMwanpiTFluZndTZTVlS2tLUmJyRHBOc0N5WTZqbDN5LzM4TUIKVXY4ZytWZk5VYWp6UVRPYWpvanpweElNTGhQNitjQ0FGTEw0a1lkM083VUFPVzl2T1dtZzJQcVJTbmJPN1dMVgo5aUVFV2FQYkxCQzI2N3h4WEJtQXFnU2ZIMUJCc2lOaXFlZEdOblkzWlAzelRvMDMzSkt1RmprWi9MN3B3WUQzCldWV0VIcFMrOWdTQUNmaS9JZDNrMFhlUzJQbnF5bkEycjM5dTBtczdiKytwa3NjNCtUanJCajh3QURreXo3emEKVFlIenVLQjRxM3c4QjhGb3FOU2hzeXl3bEx1bUVKSVlBQ3kxNUdlQVFHblJBWm89Cj1mNFZlCi0tLS0tRU5EIFBHUCBQUklWQVRFIEtFWSBCTE9DSy0tLS0tCg=="

grafana/scripts/build/gpg-test-vars.sh

Line 4 in d99085e

export GPG_PUB_KEY="LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkY1eEZFQUJFQURlQms5Nklsc256d1BqdDZpVUZJRmE0bS9HYkRmbGZNWW5VRG5LbUJlYmJVUHUwM1F6CkVlTU94WkRHRnNGZXUrYTlCTnVZamFWR0VESmJ1U2NrbkJqK1hIeW83Y3NXMTB2aGVyT3NNWnFPTWRSdTlMTEcKVmNUVUZsVkFoYjhjb1ZtcmgxLzI0eGZ3QXM1TkptRE51VXNNc3VBenBYeTBSenAxN2N5eGtHcTdLM1ByMk9GRgp3WGxtdTVzZHlZT3g1OVpEbDF6OERqc1dUbVpBbjl0QVBVMmd3UlNyN3N1aVBWMEVnNWp2RlhUcVphOTRob3QrCkQxRHdwd2hIbG1pUktjTnpYeWRRdjB5clgwYkt0MHltWHlWYVRFanRubXJadkRIcmtlNTlXR1lWWjNKZE9LaW8KUVdDQTNkTHZFb09vYzkrdURlaE11YlVCODdyTFRiaGw5V1NJOWVKU2J2a3RtSEsxcDV3ck8zdkg1WStBbGZ4dQpCTjFScGd0Lzhpem84RkZ4L1BzcDlFMDdhYU5kemxFaHZTdFZZbEVaeXZaUlcyc3JaT0dxa1UxeVhFQklWVnNRCm1mZlk0bWlnYjZRTzVjcCtDemcxY0s5MzFRWmNFYWtIWUNnYjZNc0swWEJBVUpSY0tvZE5hWVNjV0FmUUxhclcKa241bEVCM2h1Wjk4b2xWWE1WTDhqVVpQQmJ0OE1WS3o3aXF3SGZoS3ZYMGYvOStmTEhENnBNWDVCWXY4b05XSQp0NVlnYVB0NEYrUjF0U0tVenBPUEt0RlZJUFB0aXdTSERwNDNvcWtaK21xejZnaEFSL3c3bmthZlkwU2k0eUZ6CnJ3Umt5WlFHY01HY2FlV3loZFJ0SGVGa1dqMGwzYXhCVmorZzZ4eHJ0dlBOMzFXUE4xZkFkOUUyS3dBUkFRQUIKdENaRGFYSmpiR1ZEU1NCQ2IzUWdQR1Z1WjJsdVpXVnlhVzVuUUdkeVlXWmhibUV1WTI5dFBva0NUZ1FUQVFnQQpPQlloQk43UVd6SEhhQkg4Sjlxa1cwclZWbERjZGo0ckJRSmVjUlJBQWhzREJRc0pDQWNDQmhVS0NRZ0xBZ1FXCkFnTUJBaDRCQWhlQUFBb0pFRXJWVmxEY2RqNHJ4WmNQL2lZbUl4WlZTdDZJcVNnVXFreEZIaGhSWHo4cC9YSDYKMk1pVEVTRy9YdFVhRXZyeVYxcnpBM1FzMUs5MTI1T2tLR1gyMkFQWk14NzhrRjZHZmlmMDZ6cFRMTkpPRUVCdQpId24wVFhUU25YeE4xcGd2TXZ0eUJ6QjJWaWUrYlZKT3pZTjR2K0JMbktxczJkODAwdFJpeDVxUTl3ek9iQkVHCjNhakd4RnBSMmFkNGtOcERMUUdhK1RkbW9YME80T1ZXTm1nTmNnODE5NUVrYldmbDc1QkI1SWFmMmRZamVybG0KYjhPUHJjUTQxVXhRV1FIT1Q4WEhiR1p5YTRFWmk2ekFlNHRDRnI4UTBrbGZXcGovb3BIUmlBV0ltRDMwUmlHcQpLb3hhN3JkMTgrK3dUVnZMays2bUxqQkZhZUFhVWlyeDZxeUxrLzNNR2lxd1lndmczK3NOdHNXbXVJODJpSXNtCmVwbWJ0eTVJSUg1NTJUOWUxQlI4RGRNSHo2aC84d2t4R0QzRWVrNlY3eFBScDVoQWNFdWJkcE1xdDJoOXh1Tk4KMjZYT05JWVFMZXhhTFdvNU90ZWkwRG1BMEcwdmxkbmFESG1DUXlUM1Y1Ry8rT3ZiVkQwcG15ZzdScXlKOFgwbQptWmdleDg2cDlWUmlETmhuSGhldyt6R1ZRK2dJbktiK3ZuSHZTcmNwdUkreDduVHBaZHR2cUsvWWtlMk4zd3FCCk8xbU9JbTlMY3B4KzN4RWoweExMeGlBbGtCTlFJWmNwS3loQWhqTFFyTGRtQzUzSGJ3YXdoT0dLcmZSc2RKSmwKVGQ4RWc3YVlobUdjNUpaa3BhY2Q5NWt4UFJrUnBxUWp4YWZlejNDanlsVWd2ZDd4UTVxS1hOa3dhZVgyeGovZQovVklzeDRibnp4WGp1UUlOQkY1eEZFQUJFQURxWlJUWWFJYXN0WEMzRnBHaUJWN3pOTHpOd1ZCNTBURG9FeW0yCml2RjdESlhWUjZRNis1STRSRXpUR2tqZGx0VlJQWXhuaStFb0MyZkJLSGVJK2JMYVJzUzZhYUlkMmlvbW05S2UKSFl2REptaDdXK2kvK3BJYlNxdUpFRnhqZURpOVhuWVQvd3YzbXhBM0htdFlhVVNhZDFQTHZSWVh5MDZxRHh2cwo1UzlHSG5FbkVzdjNGT3VqWGVZc3BBUXhqT05EdDJRYzhCenJhMTdQU0cwV0Z2TGdFMlh5N3hzbUt5azJ5dlpHCktmNnJ4OHJhTS9PQzVsa0xtT2FtZk83bTAzYm1haEkycHJHc21aZ2RvVkhEeG4zUGdSdjFEdU5PYkdEb2NycDQKVWRQL2d6cjVNRDB6UkNZU1ZNZkpSSnVpU2syTlMraFN5QjhVWjRLekRJN0hENGNlOTBxTW9ySWoxcUZmcjZLSApuZVhPUHlDMFdZYy9OWXpwd3Z2QVF5UUVPTms0eGFwcVRVNEhBWHRKVWYrMS82NHRLVlVKSjVOLzZKM2FrSStKCjdKd09SNnc4M1U5bjJNbVVBNmEzTXdVN1NuVXpzSWtsckdyOUhtTTNYc0pWNGhIUlF2U1FmWmFVS1JWdVhlOWcKZWd6Z2U0enhKckdNejlRSGdoV2FzVVR0SStGTDRnZnFOUC92ZXloQTFEYTAwdjEwSThNMldJK3lBcWdlYnRpSwpNSjZlelM1TTRvT1F3d0JsSXlUeXpCWTl0eHRnK2ZXSkVyS1ozNGp1TlBLaUhjdTRRem42dGd5RTlqTk9pOU9tCnY0TUVNdFl3VWlhWjZmY3ZTNXJEOWVCS2tEekNzYW9LU3JxdlExR0dMV2JYUUF2VWdCZDhCWkF0VTZqd0REaUQKcVBERkRRQVJBUUFCaVFJMkJCZ0JDQUFnRmlFRTN0QmJNY2RvRWZ3bjJxUmJTdFZXVU54MlBpc0ZBbDV4RkVBQwpHd3dBQ2drUVN0VldVTngyUGl2OS93LytPMG1RaW9UVElNcGxvd1M5c21jZmo3U0VqazZCUUVlRjQ3RUFWTUMrCndhZU9oNWVrRkhEZWoyY0EvT0FHYmR4OGNweGIxOThGQ0djaVp1dHByU29Ma0IxTjhYQ0w1TEhUUWZsYVUwSWEKOHptRVZqNG4wS3pUUitzUUc2YU16OVUrUEJnTm5TYmsxSm1VSnA2NE5OZ2JhdlFrS1M0MWZCdjI4b1ZYS0FZegpiaHBDMmlJTVl6ZGl5elNvbG00NUhGYysxNWhGb1hOWDIyVGVRZzMrNUF3bEJiVjdvaGFXQ3EybVc4Y1pYalc5CkU0L1BGc0ZKMkE5V2orM2EzQVo4R0l0eGlwREMvNXBIbkY0WnBWczNRenRMVXJLdDUvUFdjODlVT1U0MkU1Q3MKd1lzUmM5RVhTNUVNem9NSm1zcnBBdC85NkhyQUNTS05aRzhhSktqNFVEME9jTlIyWVU0aXlnLzNPVERneWNocwpLVitpem1OVTduamdqdDRJUngycVFpdVQ4eGhvSS9DS0VKbFVUY1JsQk1oRXh6MWMwanpiTFluZndTZTVlS2tLClJickRwTnNDeVk2amwzeS8zOE1CVXY4ZytWZk5VYWp6UVRPYWpvanpweElNTGhQNitjQ0FGTEw0a1lkM083VUEKT1c5dk9XbWcyUHFSU25iTzdXTFY5aUVFV2FQYkxCQzI2N3h4WEJtQXFnU2ZIMUJCc2lOaXFlZEdOblkzWlAzegpUbzAzM0pLdUZqa1ovTDdwd1lEM1dWV0VIcFMrOWdTQUNmaS9JZDNrMFhlUzJQbnF5bkEycjM5dTBtczdiKytwCmtzYzQrVGpyQmo4d0FEa3l6N3phVFlIenVLQjRxM3c4QjhGb3FOU2hzeXl3bEx1bUVKSVlBQ3kxNUdlQVFHblIKQVpvPQo9SnFzcwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg=="

grafana/scripts/lib.star

Line 514 in d99085e

'CHKSUM': 'beca3d7819a6bdcfbd044576df4fc284053b48f468b2f03428fe66f4ceb2c05d9b5411357fa15003cb0' +

grafana/scripts/lib.star

Line 515 in d99085e

'311406c255084cf7283a3b8fce644c340c2f6aa910b9f',

grafana/pkg/models/datasource_cache_test.go

Line 412 in d99085e

const clientKey string = `-----BEGIN RSA PRIVATE KEY-----

grafana/docs/sources/datasources/cloudmonitoring.md

Line 304 in d99085e

-----BEGIN PRIVATE KEY-----

grafana/packages/grafana-ui/src/components/DataSourceSettings/TLSAuthSettings.tsx

Line 79 in d99085e

placeholder="Begins with -----BEGIN RSA PRIVATE KEY-----"

grafana/public/app/features/datasources/partials/tls_auth_settings.html

Line 52 in d99085e

placeholder="Begins with -----BEGIN RSA PRIVATE KEY-----"

grafana/.drone.yml

Line 1330 in d99085e

- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"

grafana/.drone.yml

Line 2086 in d99085e

- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"

grafana/.drone.yml

Line 2793 in d99085e

- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"

grafana/conf/sample.ini

Line 84 in d99085e

# Example: mysql://user:secret@host:port/database

grafana/conf/defaults.ini

Line 82 in d99085e

# Example: mysql://user:secret@host:port/database

grafana/CHANGELOG_ARCHIVE.md

Line 2240 in d99085e

- #16 Add support for Basic Auth (use http://username:password@yourgraphitedomain.com)

grafana/pkg/api/pluginproxy/test-data/access-token-1.json

Line 8 in d99085e

"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL2FwaS5sb2dhbmFseXRpY3MuaW8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9lN2YzZjY2MS1hOTMzLTRiM2YtODE3Ni01MWM0Zjk4MmVjNDgvIiwiaWF0IjoxNTI4NzM2NTE3LCJuYmYiOjE1Mjg3MzY1MTcsImV4cCI6MTUyODc0MDQxNywiYWlvIjoiWTJkZ1lBaStzaWRsT3NmQ2JicGhLMSsremttN0NBQT0iLCJhcHBpZCI6IjdmMzJkYjdjLTZmNmYtNGU4OC05M2Q5LTlhZTEyNmMwYTU1ZiIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2U3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OC8iLCJvaWQiOiI1NDQ5ZmJjOS1mYWJhLTRkNjItODE2Yy05ZmMwMzZkMWViN2UiLCJzdWIiOiI1NDQ5ZmJjOS1mYWJhLTRkNjItODE2Yy05ZmMwMzZkMWViN2UiLCJ0aWQiOiJlN2YzZjY2MS1hOTMzLTRiM2YtODE3Ni01MWM0Zjk4MmVjNDgiLCJ1dGkiOiJZQTlQa2lxUy1VV1hMQjhIRnU0U0FBIiwidmVyIjoiMS4wIn0.ga5qudt4LDMKTStAxUmzjyZH8UFBAaFirJqpTdmYny4NtkH6JT2EILvjTjYxlKeTQisvwx9gof0PyicZIab9d6wlMa2xiLzr2nmaOonYClY8fqBaRTgc1xVjrKFw5SCgpx3FnEyJhIWvVPIfaWaogSHcQbIpe4kdk4tz-ccmrx0D1jsziSI4BZcJcX04aJuHZGz9k4mQZ_AA5sQSeQaNuojIng6rYoIifAXFYBZPTbeeeqmiGq8v0IOLeNKbC0POeQCJC_KKBG6Z_MV2KgPxFEzQuX2ZFmRD_wGPteV5TUBxh1kARdqexA3e0zAKSawR9kmrAiZ21lPr4tX2Br_HDg"

grafana/pkg/api/pluginproxy/test-data/access-token-2.json

Line 8 in d99085e

"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2U3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OC8iLCJpYXQiOjE1Mjg2NTgxNTksIm5iZiI6MTUyODY1ODE1OSwiZXhwIjoxNTI4NjYyMDU5LCJhaW8iOiJZMmRnWUFpK3NpZGxPc2ZDYmJwaEsxKyt6a203Q0FBPSIsImFwcGlkIjoiODg5YjdlZDgtMWFlZC00ODZlLTk3ODktODE5NzcwYmJiNjFhIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZTdmM2Y2NjEtYTkzMy00YjNmLTgxNzYtNTFjNGY5ODJlYzQ4LyIsIm9pZCI6IjY0YzQxNjMyLTliOWUtNDczNy05MTYwLTBlNjAzZTg3NjljYyIsInN1YiI6IjY0YzQxNjMyLTliOWUtNDczNy05MTYwLTBlNjAzZTg3NjljYyIsInRpZCI6ImU3ZjNmNjYxLWE5MzMtNGIzZi04MTc2LTUxYzRmOTgyZWM0OCIsInV0aSI6IkQ1ODZHSGUySDBPd0ptOU0xeVlKQUEiLCJ2ZXIiOiIxLjAifQ.Pw8c8gpoZptw3lGreQoHQaMVOozSaTE5D38Vm2aCHRB3DvD3N-Qcm1x0ZCakUEV2sJd7jvx4XtPFuW7063T0V1deExL4rzzvIo0ZfMmURf9tCTiKFKYibqf8_PtfPSz0t9eNDEUGmWDh1Wgssb4W_H-wPqgl9VPMT7T6ynkfIm0-ODPZTBzgSHiY8C_L1-DkhsK7XiqbUlSDgx9FpfChZS3ah8QhA8geqnb_HVuSktg7WhpxmogSpK5QdrwSE3jsbItpzOfLJ4iBd2ExzS2C0y8H_Coluk3Y1YA07tAxJ6Y7oBv-XwGqNfZhveOCQOzX-U3dFod3fXXysjB0UB89WQ"

grafana/pkg/setting/setting_test.go

Line 85 in d99085e

os.Setenv("GF_DATABASE_URL", "mysql://user:secret@localhost:3306/database")

grafana/pkg/setting/setting_test.go

Line 91 in d99085e

So(appliedEnvOverrides, ShouldContain, "GF_DATABASE_URL=mysql://user:-redacted-@localhost:3306/database")

grafana/pkg/login/social/generic_oauth_test.go

Line 205 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 215 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 225 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 269 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 283 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.9PtHcCaXxZa2HDlASyKIaFGfOKlw2ILQo32xlvhvhRg",

grafana/pkg/login/social/generic_oauth_test.go

Line 297 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4ifQ.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 310 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.k5GwPcZvGe2BE_jgwN0ntz0nz4KlYhEd0hRRLApkTJ4",

grafana/pkg/login/social/generic_oauth_test.go

Line 371 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.sg4sRJCNpax_76XMgr277fdxhjjtNSWXKIOFv4_GJN8",

grafana/pkg/login/social/generic_oauth_test.go

Line 380 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIn0.sg4sRJCNpax_76XMgr277fdxhjjtNSWXKIOFv4_GJN8",

grafana/pkg/login/social/generic_oauth_test.go

Line 466 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIn0.oMsXH0mHxUSYMXh6FonZIWh8LgNIcYbKRLSO1bwnfSI",

grafana/pkg/login/social/generic_oauth_test.go

Line 475 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6ImpvaG5kb2UiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIn0.oMsXH0mHxUSYMXh6FonZIWh8LgNIcYbKRLSO1bwnfSI",

grafana/pkg/login/social/generic_oauth_test.go

Line 561 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkRFRiJ9.eJyrVkrNTczMUbJSysrPyNNLyU91SK1IzC3ISdVLzs9V0lEqys9JBco6puRm5inVAgCFRw_6.XrV4ZKhw19dTcnviXanBD8lwjeALCYtDiESMmGzC-ho",

grafana/pkg/login/social/generic_oauth_test.go

Line 569 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkRFRiJ9.00eJyrVkrNTczMUbJSysrPyNNLyU91SK1IzC3ISdVLzs9V0lEqys9JBco6puRm5inVAgCFRw_6.XrV4ZKhw19dTcnviXanBD8lwjeALCYtDiESMmGzC-ho",

grafana/pkg/login/social/generic_oauth_test.go

Line 577 in d99085e

"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAKtWSs1NzMxRslLKys_I00vJT3VIrUjMLchJ1UvOz1XSUSrKz0kFyjqm5GbmKdUCANotxTkvAAAA.85AXm3JOF5qflEA0goDFvlbZl2q3eFvqVcehz860W-o",

grafana/scripts/lib.star

Line 936 in d99085e

'git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"',

grafana/docs/sources/http_api/curl-examples.md

Line 20 in d99085e

curl http://admin:admin@localhost:3000/api/search

grafana/docs/sources/http_api/auth.md

Line 21 in d99085e

?curl http://admin:admin@localhost:3000/api/org

grafana/docs/sources/http_api/user.md

Line 365 in d99085e

}' http://admin:oldpass@<your_grafana_host>:3000/api/user/password

grafana/docs/sources/http_api/org.md

Line 336 in d99085e

to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs

grafana/docs/sources/http_api/org.md

Line 418 in d99085e

to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs/1/users

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 25 in d99085e

curl -X POST -H "Content-Type: application/json" -d '{"name":"apiorg"}' http://admin:admin@localhost:3000/api/orgs

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 32 in d99085e

curl -X POST -H "Content-Type: application/json" -d '{"loginOrEmail":"admin", "role": "Admin"}' http://admin:admin@localhost:3000/api/orgs/<org id of new org>/users

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 37 in d99085e

curl -X POST http://admin:admin@localhost:3000/api/user/using/<id of new org>

grafana/docs/sources/http_api/create-api-tokens-for-org.md

Line 42 in d99085e

curl -X POST -H "Content-Type: application/json" -d '{"name":"apikeycurl", "role": "Admin"}' http://admin:admin@localhost:3000/api/auth/keys

grafana/docs/sources/administration/configuration.md

Line 295 in d99085e

Example: `mysql://user:secret@host:port/database`

grafana/devenv/docker/ha_test/alerts.sh

Line 12 in d99085e

STATUS=$(curl -s -o /dev/null -w '%{http_code}' http://admin:admin@grafana.loc/api/alert-notifications/1)

grafana/devenv/docker/ha_test/alerts.sh

Line 27 in d99085e

http://admin:admin@grafana.loc/api/alert-notifications

grafana/devenv/docker/ha_test/alerts.sh

Line 30 in d99085e

STATUS=$(curl -s -o /dev/null -w '%{http_code}' http://admin:admin@grafana.loc/api/alert-notifications/2)

grafana/devenv/docker/ha_test/alerts.sh

Line 42 in d99085e

http://admin:admin@grafana.loc/api/alert-notifications

grafana/devenv/docker/ha_test/alerts.sh

Line 84 in d99085e

http://admin:admin@grafana.loc/api/alert-notifications/2

grafana/devenv/docker/ha_test/alerts.sh

Line 111 in d99085e

http://admin:admin@grafana.loc/api/admin/pause-all-alerts

grafana/devenv/docker/ha_test/alerts.sh

Line 117 in d99085e

http://admin:admin@grafana.loc/api/admin/pause-all-alerts

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 399 in d99085e

# url = "postgres://user:password@localhost/schema?sslmode=disable"

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 1823 in d99085e

# ## http://admin:secret@couchbase-0.example.com:8091/

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 1989 in d99085e

# # servers = ["http://user:pass@localhost:9200"]

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 2875 in d99085e

# ## mongodb://user:auth_key@10.10.3.30:27017,

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 3434 in d99085e

# ## rethinkdb://user:auth_key@10.10.3.30:28105,

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 3445 in d99085e

# # servers = ["rethinkdb://username:auth_key@127.0.0.1:28015"]

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4736 in d99085e

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4749 in d99085e

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/devenv/docker/blocks/influxdb/telegraf.conf

Line 4784 in d99085e

# ## postgres://[pqgotest[:password]]@localhost[/dbname]\

grafana/devenv/docker/blocks/graphite1/conf/opt/graphite/webapp/graphite/local_settings.py

Line 208 in d99085e

SECRET_KEY = '$(date +%s | sha256sum | base64 | head -c 64)'

grafana/devenv/docker/blocks/graphite/files/initial_data.json

Line 15 in d99085e

"password": "sha1$1b11b$edeb0a67a9622f1f2cfeabf9188a711f5ac7d236",

More info on how to fix Hard-Coded Secrets in General, Python and Javascript.

---

Insecure Use of Dangerous Function (15)

grafana/Gruntfile.js

Line 56 in d99085e

grunt.util._.extend(config[key], require(path + option)(config, grunt));

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 49 in d99085e

require(entrypoint()).run(includeInternalScripts);

grafana/pkg/plugins/backendplugin/grpcplugin/client.go

Line 35 in d99085e

cmd := exec.Command(executablePath)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 118 in d99085e

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 126 in d99085e

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 130 in d99085e

os.system('ls -al /tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 163 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 187 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 195 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 203 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 211 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 220 in d99085e

os.system('cp -pr nssm/nssm-2.24 .')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 233 in d99085e

os.system(cmd)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 248 in d99085e

os.system('ls -al /tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/utils.py

Line 101 in d99085e

os.system("ls -al templates")

More info on how to fix Insecure Use of Dangerous Function in Javascript, Go and Python.

---

Information Disclosure (3)

grafana/devenv/docker/blocks/graphite/files/statsd_config.js

Line 3 in d99085e

graphiteHost: "127.0.0.1",

grafana/devenv/docker/blocks/graphite1/conf/opt/statsd/config.js

Line 2 in d99085e

"graphiteHost": "127.0.0.1",

grafana/scripts/webpack/webpack.common.js

Line 22 in d99085e

for (const package of packagesToProcessbyBabel) {

More info on how to fix Information Disclosure in Javascript.

---

Insecure File Management (82)

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 19 in d99085e

return fs.lstatSync(resolvedPath).isSymbolicLink();

grafana/packages/grafana-toolkit/bin/grafana-toolkit.js

Line 32 in d99085e

if (isLinkedMode() || !fs.existsSync(resolvedJsDir)) {

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 42 in d99085e

var files = fs.readdirSync(srcLocation);

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 47 in d99085e

fileStat = fs.statSync(srcLocation + '/' + file);

grafana/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/install/bin/githubRelease.js

Line 48 in d99085e

fileData = fs.readFileSync(srcLocation + '/' + file);

grafana/pkg/services/rendering/http_mode.go

Line 99 in d99085e

defer out.Close()

grafana/pkg/services/provisioning/notifiers/config_reader.go

Line 64 in d99085e

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/services/ldap/ldap.go

Line 98 in d99085e

pem, err := ioutil.ReadFile(caCertFile)

grafana/pkg/services/ldap/settings.go

Line 121 in d99085e

fileBytes, err := ioutil.ReadFile(configFile)

grafana/pkg/services/alerting/notifiers/slack.go

Line 356 in d99085e

f, err := os.Open(file)

grafana/pkg/services/provisioning/dashboards/file_reader.go

Line 350 in d99085e

defer reader.Close()

grafana/pkg/infra/log/file.go

Line 126 in d99085e

r, err := os.OpenFile(w.Filename, os.O_RDONLY, 0644)

grafana/pkg/services/alerting/notifiers/pushover.go

Line 295 in d99085e

defer f.Close()

grafana/pkg/services/alerting/notifiers/discord.go

Line 172 in d99085e

defer f.Close()

grafana/pkg/services/alerting/notifiers/discord.go

Line 161 in d99085e

f, err := os.Open(imagePath)

grafana/pkg/api/avatar/avatar.go

Line 137 in d99085e

if data, err := ioutil.ReadFile(path); err != nil {

grafana/pkg/infra/log/file.go

Line 122 in d99085e

return os.OpenFile(w.Filename, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)

grafana/pkg/services/provisioning/dashboards/file_reader.go

Line 346 in d99085e

reader, err := os.Open(path)

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 49 in d99085e

f, err := os.Open(url)

grafana/pkg/cmd/grafana-cli/services/io_util.go

Line 24 in d99085e

return ioutil.ReadFile(filename)

grafana/pkg/services/provisioning/dashboards/config_reader.go

Line 22 in d99085e

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/plugins/dashboards.go

Line 100 in d99085e

reader, err := os.Open(dashboardFilePath)

grafana/pkg/plugins/dashboards.go

Line 105 in d99085e

defer reader.Close()

grafana/pkg/plugins/manifest.go

Line 90 in d99085e

byteValue, err := ioutil.ReadFile(manifestPath)

grafana/pkg/plugins/manifest.go

Line 112 in d99085e

f, err := os.Open(fp)

grafana/pkg/plugins/manifest.go

Line 116 in d99085e

defer f.Close()

grafana/pkg/plugins/plugins.go

Line 272 in d99085e

reader, err := os.Open(jsonFPath)

grafana/pkg/plugins/plugins.go

Line 276 in d99085e

defer reader.Close()

grafana/pkg/plugins/plugins.go

Line 342 in d99085e

reader, err := os.Open(pluginJSONFilePath)

grafana/pkg/plugins/plugins.go

Line 346 in d99085e

defer reader.Close()

grafana/pkg/plugins/plugins.go

Line 483 in d99085e

data, err := ioutil.ReadFile(path)

grafana/pkg/services/provisioning/plugins/config_reader.go

Line 72 in d99085e

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/api/dashboard.go

Line 345 in d99085e

file, err := os.Open(filePath)

grafana/pkg/api/dashboard.go

Line 349 in d99085e

defer file.Close()

grafana/pkg/api/http_server.go

Line 180 in d99085e

if err := os.Chmod(setting.SocketPath, 0660); err != nil {

grafana/pkg/services/provisioning/datasources/config_reader.go

Line 52 in d99085e

yamlFile, err := ioutil.ReadFile(filename)

grafana/pkg/middleware/recovery.go

Line 55 in d99085e

data, err := ioutil.ReadFile(file)

grafana/pkg/services/alerting/notifiers/slack.go

Line 360 in d99085e

defer f.Close()

grafana/pkg/setting/expanders.go

Line 141 in d99085e

f, err := ioutil.ReadFile(s)

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 243 in d99085e

if err := os.MkdirAll(filepath.Dir(newFile), 0755); err != nil {

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 231 in d99085e

if err := os.MkdirAll(newFile, 0755); err != nil {

grafana/pkg/cmd/grafana-server/main.go

Line 119 in d99085e

defer f.Close()

grafana/pkg/components/imguploader/webdavuploader.go

Line 58 in d99085e

imgData, err := ioutil.ReadFile(pa)

grafana/pkg/components/imguploader/s3uploader.go

Line 83 in d99085e

defer file.Close()

grafana/pkg/components/imguploader/gcs/gcsuploader.go

Line 152 in d99085e

fileReader, err := os.Open(imageDiskPath)

grafana/pkg/components/imguploader/gcs/gcsuploader.go

Line 156 in d99085e

defer fileReader.Close()

grafana/pkg/components/imguploader/azureblobuploader.go

Line 48 in d99085e

file, err := os.Open(imageDiskPath)

grafana/pkg/components/imguploader/azureblobuploader.go

Line 52 in d99085e

defer file.Close()

grafana/pkg/components/imguploader/s3uploader.go

Line 79 in d99085e

file, err := os.Open(imageDiskPath)

grafana/pkg/server/server.go

Line 262 in d99085e

if err := ioutil.WriteFile(s.pidFile, []byte(pid), 0644); err != nil {

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 55 in d99085e

DIST_LOCATION = '/tmp/dist'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 82 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_querystring_builder.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 83 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_querystring_builder.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 84 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_log_analytics/azure_log_analytics_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 85 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_log_analytics/azure_log_analytics_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 86 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 87 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 88 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 89 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/app_insights/app_insights_datasource.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 90 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/insights_analytics/insights_analytics_datasource.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 91 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_filter_builder.test.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 92 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/azure_monitor/azure_monitor_filter_builder.ts',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 93 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/AnalyticsConfig.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 94 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/AzureCredentialsForm.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 95 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/InsightsConfig.test.tsx',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 96 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/AnalyticsConfig.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 97 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/AzureCredentialsForm.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 98 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/InsightsConfig.test.tsx.snap',

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 99 in d99085e

'/tmp/a/grafana/public/app/plugins/datasource/grafana-azure-monitor-datasource/components/__snapshots__/ConfigEditor.test.tsx.snap'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 114 in d99085e

if not os.path.isdir('/tmp/a'):

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 115 in d99085e

os.mkdir('/tmp/a')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 116 in d99085e

target_dir_name = '/tmp/a'

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 141 in d99085e

if not os.path.isdir('/tmp/scratch'):

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 142 in d99085e

os.mkdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 143 in d99085e

os.chdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 168 in d99085e

nssm_file = get_nssm('/tmp/cache', NSSM_VERSION)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 174 in d99085e

generate_firewall_wxs(env, PRODUCT_VERSION, '/tmp/scratch/grafana-firewall.wxs', target_dir_name)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 175 in d99085e

generate_service_wxs(env, PRODUCT_VERSION, '/tmp/scratch/grafana-service.wxs', target_dir_name, NSSM_VERSION)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 176 in d99085e

generate_product_wxs(env, config, features, '/tmp/scratch/product.wxs', target_dir_name)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 182 in d99085e

os.chdir('/tmp/scratch')

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 242 in d99085e

msi_filename = '/tmp/scratch/grafana-{}{}.windows-amd64.msi'.format(PRODUCT_VERSION, hash)

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 245 in d99085e

msi_filename = '/tmp/scratch/grafana-enterprise-{}{}.windows-amd64.msi'.format(PRODUCT_VERSION, hash)

More info on how to fix Insecure File Management in Javascript, Go and Python.

---

Insecure Use of Regular Expressions (6)

grafana/packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/AccordianLogs.test.js

Line 59 in d99085e

const regex = new RegExp(`Logs \\(${logs.length}\\)`);

grafana/public/vendor/angular-other/datepicker.js

Line 899 in d99085e

if (/^[\-+]\d+[dmwy]([\s,]+[\-+]\d+[dmwy])*$/.test(date)) {

grafana/public/vendor/bootstrap/bootstrap.js

Line 1170 in d99085e

return item.replace(new RegExp('(' + query + ')', 'ig'), function ($1, match) {

grafana/public/vendor/flot/jquery.flot.js

Line 32 in d99085e

(function($){$.color={};$.color.make=function(r,g,b,a){var o={};o.r=r||0;o.g=g||0;o.b=b||0;o.a=a!=null?a:1;o.add=function(c,d){for(var i=0;i<c.length;++i)o[c.charAt(i)]+=d;return o.normalize()};o.scale=function(c,f){for(var i=0;i<c.length;++i)o[c.charAt(i)]*=f;return o.normalize()};o.toString=function(){if(o.a>=1){return"rgb("+[o.r,o.g,o.b].join(",")+")"}else{return"rgba("+[o.r,o.g,o.b,o.a].join(",")+")"}};o.normalize=function(){function clamp(min,value,max){return value<min?min:value>max?max:value}o.r=clamp(0,parseInt(o.r),255);o.g=clamp(0,parseInt(o.g),255);o.b=clamp(0,parseInt(o.b),255);o.a=clamp(0,o.a,1);return o};o.clone=function(){return $.color.make(o.r,o.b,o.g,o.a)};return o.normalize()};$.color.extract=function(elem,css){var c;do{c=elem.css(css).toLowerCase();if(c!=""&&c!="transparent")break;elem=elem.parent()}while(elem.length&&!$.nodeName(elem.get(0),"body"));if(c=="rgba(0, 0, 0, 0)")c="transparent";return $.color.parse(c)};$.color.parse=function(str){var res,m=$.color.make;if(res=/rgb\(\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*\)/.exec(str))return m(parseInt(res[1],10),parseInt(res[2],10),parseInt(res[3],10));if(res=/rgba\(\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*\)/.exec(str))return m(parseInt(res[1],10),parseInt(res[2],10),parseInt(res[3],10),parseFloat(res[4]));if(res=/rgb\(\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*\)/.exec(str))return m(parseFloat(res[1])*2.55,parseFloat(res[2])*2.55,parseFloat(res[3])*2.55);if(res=/rgba\(\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*\)/.exec(str))return m(parseFloat(res[1])*2.55,parseFloat(res[2])*2.55,parseFloat(res[3])*2.55,parseFloat(res[4]));if(res=/#([a-fA-F0-9]{2})([a-fA-F0-9]{2})([a-fA-F0-9]{2})/.exec(str))return m(parseInt(res[1],16),parseInt(res[2],16),parseInt(res[3],16));if(res=/#([a-fA-F0-9])([a-fA-F0-9])([a-fA-F0-9])/.exec(str))return m(parseInt(res[1]+res[1],16),parseInt(res[2]+res[2],16),parseInt(res[3]+res[3],16));var name=$.trim(str).toLowerCase();if(name=="transparent")return m(255,255,255,0);else{res=lookupColors[name]||[0,0,0];return m(res[0],res[1],res[2])}};var lookupColors={aqua:[0,255,255],azure:[240,255,255],beige:[245,245,220],black:[0,0,0],blue:[0,0,255],brown:[165,42,42],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgrey:[169,169,169],darkgreen:[0,100,0],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkviolet:[148,0,211],fuchsia:[255,0,255],gold:[255,215,0],green:[0,128,0],indigo:[75,0,130],khaki:[240,230,140],lightblue:[173,216,230],lightcyan:[224,255,255],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightyellow:[255,255,224],lime:[0,255,0],magenta:[255,0,255],maroon:[128,0,0],navy:[0,0,128],olive:[128,128,0],orange:[255,165,0],pink:[255,192,203],purple:[128,0,128],violet:[128,0,128],red:[255,0,0],silver:[192,192,192],white:[255,255,255],yellow:[255,255,0]}})(jQuery);

grafana/public/vendor/tagsinput/bootstrap-tagsinput.js

Line 284 in d99085e

var regex = new RegExp( '(' + this.query + ')', 'gi' );

grafana/scripts/webpack/webpack.hot.js

Line 113 in d99085e

test: /\.(png|jpg|gif|ttf|eot|svg|woff(2)?)(\?[a-z0-9=&.]+)?$/,

More info on how to fix Insecure Use of Regular Expressions in Javascript.

---

Insecure Network Communication (9)

grafana/pkg/services/notifications/mailer.go

Line 101 in d99085e

InsecureSkipVerify: ns.Cfg.Smtp.SkipVerify,

grafana/pkg/models/datasource_cache.go

Line 218 in d99085e

InsecureSkipVerify: tlsSkipVerify,

grafana/pkg/infra/remotecache/redis_storage.go

Line 62 in d99085e

options.TLSConfig = &tls.Config{InsecureSkipVerify: true}

grafana/pkg/api/http_server.go

Line 216 in d99085e

tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

grafana/pkg/api/app_routes.go

Line 23 in d99085e

InsecureSkipVerify: hs.Cfg.PluginsAppsSkipVerifyTLS,

grafana/pkg/cmd/grafana-cli/services/services.go

Line 56 in d99085e

InsecureSkipVerify: skipTLSVerify,

grafana/pkg/login/social/social.go

Line 253 in d99085e

InsecureSkipVerify: info.TlsSkipVerify,

grafana/pkg/services/ldap/ldap.go

Line 118 in d99085e

InsecureSkipVerify: server.Config.SkipVerifySSL,

grafana/pkg/api/http_server.go

Line 252 in d99085e

PreferServerCipherSuites: false,

More info on how to fix Insecure Network Communication in Go.

---

Insecure Configuration (1)

grafana/pkg/cmd/grafana-server/main.go

Line 8 in d99085e

_ "net/http/pprof"

More info on how to fix Insecure Configuration in Go.

---

Insecure Use of SQL Queries (55)

grafana/pkg/services/sqlstore/quota.go

Line 39 in d99085e

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where org_id=?", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/migrator/dialect.go

Line 183 in d99085e

return fmt.Sprintf("INSERT INTO %s (%s) SELECT %s FROM %s", quote(targetTable), targetColsSQL, sourceColsSQL, quote(sourceTable))

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 109 in d99085e

sql := "SELECT 1 FROM " + db.Quote("INFORMATION_SCHEMA") + "." + db.Quote("STATISTICS") + " WHERE " + db.Quote("TABLE_SCHEMA") + " = DATABASE() AND " + db.Quote("TABLE_NAME") + "=? AND " + db.Quote("INDEX_NAME") + "=?"

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 115 in d99085e

sql := "SELECT 1 FROM " + db.Quote("INFORMATION_SCHEMA") + "." + db.Quote("COLUMNS") + " WHERE " + db.Quote("TABLE_SCHEMA") + " = DATABASE() AND " + db.Quote("TABLE_NAME") + "=? AND " + db.Quote("COLUMN_NAME") + "=?"

grafana/pkg/services/sqlstore/migrator/mysql_dialect.go

Line 156 in d99085e

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %v WHERE dashboard_id != -1 AND org_id != -1;", db.Quote(table.Name))); err != nil {

grafana/pkg/services/sqlstore/migrator/postgres_dialect.go

Line 109 in d99085e

sql := "SELECT 1 FROM " + db.Quote("pg_indexes") + " WHERE" + db.Quote("tablename") + "=? AND " + db.Quote("indexname") + "=?"

grafana/pkg/services/sqlstore/migrator/postgres_dialect.go

Line 156 in d99085e

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %v WHERE dashboard_id != -1 AND org_id != -1;", db.Quote(table.Name))); err != nil {

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 75 in d99085e

sql := "SELECT 1 FROM " + db.Quote("sqlite_master") + " WHERE " + db.Quote("type") + "='index' AND " + db.Quote("tbl_name") + "=? AND " + db.Quote("name") + "=?"

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 105 in d99085e

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %q WHERE dashboard_id != -1 AND org_id != -1;", table.Name)); err != nil {

grafana/pkg/services/sqlstore/migrator/sqlite_dialect.go

Line 112 in d99085e

if _, err := sess.Exec(fmt.Sprintf("DELETE FROM %s;", table.Name)); err != nil {

grafana/pkg/services/auth/auth_token.go

Line 330 in d99085e

sql := "DELETE from user_auth_token WHERE user_id IN (?" + user_id_params + ")"

grafana/pkg/services/sqlstore/searchstore/builder.go

Line 107 in d99085e

b.sql.WriteString(fmt.Sprintf(" WHERE %s", strings.Join(wheres, " AND ")))

grafana/pkg/services/sqlstore/alert.go

Line 339 in d99085e

buffer.WriteString(` WHERE id IN (?` + strings.Repeat(",?", len(cmd.AlertIds)-1) + `)`)

grafana/pkg/services/sqlstore/annotation.go

Line 124 in d99085e

sql.WriteString(`

grafana/pkg/services/sqlstore/annotation.go

Line 204 in d99085e

tagsSubQuery := fmt.Sprintf(`

grafana/pkg/services/sqlstore/dashboard.go

Line 478 in d99085e

sql += `

grafana/pkg/services/sqlstore/dashboard_version.go

Line 111 in d99085e

deleteExpiredSQL := `DELETE FROM dashboard_version WHERE id IN (?` + strings.Repeat(",?", len(versionIdsToDelete)-1) + `)`

grafana/pkg/services/sqlstore/quota.go

Line 82 in d99085e

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where org_id=?", dialect.Quote(q.Target))

grafana/pkg/services/sqlstore/quota.go

Line 142 in d99085e

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where user_id=?", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/quota.go

Line 185 in d99085e

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s where user_id=?", dialect.Quote(q.Target))

grafana/pkg/services/sqlstore/quota.go

Line 234 in d99085e

rawSQL := fmt.Sprintf("SELECT COUNT(*) as count from %s", dialect.Quote(query.Target))

grafana/pkg/services/sqlstore/sqlbuilder.go

Line 44 in d99085e

sb.sql.WriteString(` AND

grafana/pkg/services/sqlstore/stats.go

Line 25 in d99085e

var rawSQL = `SELECT COUNT(*) AS count, type FROM ` + dialect.Quote("alert_notification") + ` GROUP BY type`

grafana/pkg/services/sqlstore/stats.go

Line 32 in d99085e

var rawSQL = `SELECT COUNT(*) AS count, type FROM ` + dialect.Quote("data_source") + ` GROUP BY type`

grafana/pkg/services/sqlstore/stats.go

Line 39 in d99085e

var rawSQL = `SELECT COUNT(*) AS count, type, access FROM ` + dialect.Quote("data_source") + ` GROUP BY type, access`

grafana/pkg/services/sqlstore/stats.go

Line 48 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("user") + `) AS users,`)

grafana/pkg/services/sqlstore/stats.go

Line 49 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("org") + `) AS orgs,`)

grafana/pkg/services/sqlstore/stats.go

Line 50 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("dashboard") + `) AS dashboards,`)

grafana/pkg/services/sqlstore/stats.go

Line 51 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("data_source") + `) AS datasources,`)

grafana/pkg/services/sqlstore/stats.go

Line 52 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("star") + `) AS stars,`)

grafana/pkg/services/sqlstore/stats.go

Line 53 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("playlist") + `) AS playlists,`)

grafana/pkg/services/sqlstore/stats.go

Line 54 in d99085e

sb.Write(`(SELECT COUNT(*) FROM ` + dialect.Quote("alert") + `) AS alerts,`)

grafana/pkg/services/sqlstore/stats.go

Line 57 in d99085e

sb.Write(`(SELECT COUNT(*) FROM `+dialect.Quote("user")+` WHERE last_seen_at > ?) AS active_users,`, activeUserDeadlineDate)

grafana/pkg/services/sqlstore/stats.go

Line 59 in d99085e

sb.Write(`(SELECT COUNT(id) FROM `+dialect.Quote("dashboard")+` WHERE is_folder = ?) AS folders,`, dialect.BooleanStr(true))

grafana/pkg/services/sqlstore/stats.go

Line 61 in d99085e

sb.Write(`(

grafana/pkg/services/sqlstore/stats.go

Line 69 in d99085e

sb.Write(`(

grafana/pkg/services/sqlstore/stats.go

Line 77 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_provisioning") + `) AS provisioned_dashboards,`)

grafana/pkg/services/sqlstore/stats.go

Line 78 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_snapshot") + `) AS snapshots,`)

grafana/pkg/services/sqlstore/stats.go

Line 79 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("dashboard_version") + `) AS dashboard_versions,`)

grafana/pkg/services/sqlstore/stats.go

Line 80 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("annotation") + `) AS annotations,`)

grafana/pkg/services/sqlstore/stats.go

Line 81 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("team") + `) AS teams,`)

grafana/pkg/services/sqlstore/stats.go

Line 82 in d99085e

sb.Write(`(SELECT COUNT(id) FROM ` + dialect.Quote("user_auth_token") + `) AS auth_tokens,`)

grafana/pkg/services/sqlstore/stats.go

Line 116 in d99085e

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/stats.go

Line 175 in d99085e

var rawSQL = `SELECT COUNT(id) AS Count FROM ` + dialect.Quote("user")

grafana/pkg/services/sqlstore/stats.go

Line 227 in d99085e

query := `

grafana/pkg/services/sqlstore/temp_user.go

Line 67 in d99085e

rawSQL := `SELECT

grafana/pkg/services/sqlstore/temp_user.go

Line 105 in d99085e

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/user.go

Line 386 in d99085e

var rawSQL = `SELECT

grafana/pkg/services/sqlstore/user.go

Line 540 in d99085e

disableSQL := "UPDATE " + dialect.Quote("user") + " SET is_disabled=? WHERE Id IN (?" + user_id_params + ")"

grafana/pkg/services/sqlstore/user.go

Line 575 in d99085e

"DELETE FROM " + dialect.Quote("user") + " WHERE id = ?",

grafana/pkg/services/sqlstore/permissions/dashboard.go

Line 30 in d99085e

sql := `(

grafana/pkg/services/sqlstore/migrations/temp_user.go

Line 108 in d99085e

if _, err := sess.Exec("UPDATE "+mg.Dialect.Quote("temp_user")+

grafana/pkg/services/sqlstore/migrations/user_mig.go

Line 147 in d99085e

err := sess.SQL(fmt.Sprintf("SELECT id, login from %s WHERE rands = ''", mg.Dialect.Quote("user"))).Find(&users)

grafana/pkg/services/sqlstore/migrations/user_mig.go

Line 161 in d99085e

if _, err := sess.Exec("UPDATE "+mg.Dialect.Quote("user")+

grafana/pkg/tsdb/influxdb/query.go

Line 120 in d99085e

return fmt.Sprintf(` FROM %s%s`, policy, measurement)

More info on how to fix Insecure Use of SQL Queries in Go.

---

Insecure Use of Crypto (7)

grafana/pkg/services/notifications/codes.go

Line 40 in d99085e

sh := sha1.New()

grafana/pkg/util/md5.go

Line 13 in d99085e

hash := md5.New()

grafana/pkg/api/dtos/models.go

Line 4 in d99085e

"crypto/md5"

grafana/pkg/api/dtos/models.go

Line 62 in d99085e

hasher := md5.New()

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 5 in d99085e

"crypto/md5"

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 97 in d99085e

h := md5.New()

grafana/pkg/util/md5.go

Line 4 in d99085e

"crypto/md5"

More info on how to fix Insecure Use of Crypto in Go.

---

Insecure Processing of Data (6)

grafana/scripts/build/release_publisher/externalrelease.go

Line 59 in d99085e

response, err := http.Get(url)

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 319 in d99085e

_, err = io.Copy(dst, src)

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 278 in d99085e

if _, err := io.Copy(buf, src); err != nil {

grafana/scripts/build/ci-msi-build/msigenerator/generator/build.py

Line 319 in d99085e

env = Environment(loader=file_loader)

grafana/public/app/plugins/datasource/cloudwatch/utils/query/ScrollQLLexer.js

Line 788 in d99085e

var atn = new antlr4.atn.ATNDeserializer().deserialize(serializedATN);

grafana/public/app/plugins/datasource/cloudwatch/utils/query/ScrollQLParser.js

Line 408 in d99085e

var atn = new antlr4.atn.ATNDeserializer().deserialize(serializedATN);

More info on how to fix Insecure Processing of Data in Go, Python and Javascript.

---

Insecure Use of Language/Framework API (19)

grafana/pkg/infra/usagestats/usage_stats.go

Line 211 in d99085e

resp.Body.Close()

grafana/pkg/infra/tracing/tracing.go

Line 133 in d99085e

ts.closer.Close()

grafana/pkg/cmd/grafana-cli/commands/install_command.go

Line 118 in d99085e

tmpFile.Close()

grafana/devenv/docker/blocks/alert_webhook_listener/main.go

Line 23 in d99085e

http.ListenAndServe(":3010", nil)

grafana/devenv/docker/blocks/alert_webhook_listener/main.go

Line 18 in d99085e

io.WriteString(w, line)

grafana/pkg/services/alerting/notifiers/telegram.go

Line 192 in d99085e

w.Close()

grafana/pkg/middleware/auth_proxy/auth_proxy.go

Line 155 in d99085e

hasher.Write([]byte(key)) // nolint: errcheck

grafana/pkg/cmd/grafana-cli/services/api_client.go

Line 101 in d99085e

w.Flush()

grafana/pkg/infra/log/syslog.go

Line 81 in d99085e

sw.syslog.Close()

grafana/pkg/infra/log/file.go

Line 252 in d99085e

fd.Close()

grafana/pkg/infra/log/file.go

Line 232 in d99085e

w.mw.fd.Close()

grafana/pkg/services/alerting/notifiers/discord.go

Line 195 in d99085e

w.Close()

grafana/pkg/infra/log/file.go

Line 190 in d99085e

fd.Close()

grafana/pkg/services/alerting/notifiers/pushover.go

Line 387 in d99085e

w.Close()

grafana/pkg/infra/log/file.go

Line 60 in d99085e

l.fd.Close()

grafana/pkg/plugins/backendplugin/manager.go

Line 269 in d99085e

stream.Close()

grafana/pkg/services/alerting/notifiers/slack.go

Line 379 in d99085e

w.Close()

grafana/pkg/components/imguploader/azureblobuploader.go

Line 76 in d99085e

resp.Body.Close()

grafana/devenv/docker/blocks/graphite/files/events_views.py

Line 46 in d99085e

assert isinstance(event, dict)

More info on how to fix Insecure Use of Language/Framework API in Go and Python.

---

Vulnerable Libraries (1)

• pkg:golang/github.com/prometheus/prometheus@1.8.2-0.20200727090838-6f296594a852 no details available

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.