public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitize paths before evaluating access to route

Browse Source
This commit is contained in:
Andres Martinez Gotor
2025-03-31 12:15:52 +02:00
committed by Kevin Minehart
parent f6036260aa
commit dbfbf82e38
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/pluginproxy/ds_proxy_test.go
+8
View File
@@ -258,6 +258,14 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
err = proxy.validateRequest()
require.NoError(t, err)
})
t.Run("path with slashes and user is editor", func(t *testing.T) {
ctx, _ := setUp()
proxy, err := setupDSProxyTest(t, ctx, ds, routes, "//api//admin")
require.NoError(t, err)
err = proxy.validateRequest()
require.Error(t, err)
})
})
t.Run("plugin route with RBAC protection user is allowed", func(t *testing.T) {