=== RUN TestReproWildcardBypass repro_bypass_test.go:65: mapper.Get("widget.ext.grafana.app", "widgets", "") found=false (expected false = mapper-miss) repro_bypass_test.go:91: List response: All=true, Folders=[], Items=[] repro_bypass_test.go:94: VULNERABLE: LIST request for folder-scoped CRD returned All=true with only wildcard resource permission and NO folder-level authorization — BYPASS CONFIRMED --- PASS: TestReproWildcardBypass (0.00s) PASS ok github.com/grafana/grafana/pkg/services/authz/rbac 0.049s