Skip to content

feat(modules): add grafana anonymous access exposure module#259

Open
TBX3D wants to merge 1 commit into
vmfunc:mainfrom
TBX3D:feat/grafana-anonymous-exposure-module
Open

feat(modules): add grafana anonymous access exposure module#259
TBX3D wants to merge 1 commit into
vmfunc:mainfrom
TBX3D:feat/grafana-anonymous-exposure-module

Conversation

@TBX3D

@TBX3D TBX3D commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

modules/recon/grafana-anonymous-exposure.yaml flags a grafana with anonymous access enabled over /api/search?type=dash-db, keyed on a "type":"dash-db" entry paired with the uri and isStarred fields, then extracts the dashboard title; default grafana answers 401 here, so a 200 lists every dashboard and the anonymous session can reach backend data sources through the datasource proxy.

build/vet/lint clean, go test ./internal/modules/ green (the module module end to end via ExecuteHTTPModule, real-hit and near-miss cases).

@TBX3D
feat(modules): add grafana anonymous access exposure module
dadbdde 
add a recon module for a grafana with anonymous access enabled: by default
grafana requires a login and /api/search returns 401, but when anonymous
access is turned on the endpoint lists every dashboard without credentials,
exposing the internal metrics, hostnames and queries they contain, and the same
anonymous session can reach backend data sources through the data source proxy;
a grafana that requires login returns 401 and is not flagged.
@TBX3D TBX3D requested a review from vmfunc as a code owner June 26, 2026 08:26
@codecov-commenter

codecov-commenter commented Jun 26, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@96092da). Learn more about missing BASE report.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #259   +/-   ##
=======================================
  Coverage        ?   53.26%           
=======================================
  Files           ?       81           
  Lines           ?     6852           
  Branches        ?        0           
=======================================
  Hits            ?     3650           
  Misses          ?     2936           
  Partials        ?      266

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions github-actions Bot added size/m <200 lines changed modules changes to scan modules tests test changes labels Jun 26, 2026
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

pr summary

2 files changed (+134 -0)

category files
go source 1
tests 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmfunc vmfunc Awaiting requested review from vmfunc vmfunc is a code owner

Assignees

No one assigned

Labels

modules changes to scan modules size/m <200 lines changed tests test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TBX3D @codecov-commenter