Golang Code Review

R3zk0n · October 2, 2025

Research

Contents

Grafana Race Condition

# Appending to global list expecting a new list but actually just adding on to existing list (memory management issue)
c.mws = append(c.mws, mwFromHandler(h))

Directory Traversal

https://labs.detectify.com/2021/12/15/zero-day-path-traversal-grafana/ - Grafana Directory Traversal
filepath.Clean()

requestedFile := filepath.Clean(web.Params(c.Req)["*"])
pluginFilePath := filepath.Join(plugin.PluginDir, requestedFile)

f, err := os.Open(pluginFilePath)

tempFile, err := ioutil.TempFile("/tmp", handler.Filename)

Share: Twitter, Facebook