From 43e9e18d406ba1c4cb38f52fda64e2ad71eaf5c4 Mon Sep 17 00:00:00 2001 From: lowlighter <22963968+lowlighter@users.noreply.github.com> Date: Fri, 29 Jul 2022 16:59:57 -0400 Subject: [PATCH] docs: add undocumented web permissions --- .github/readme/partials/documentation/setup/web.md | 5 ++--- source/app/web/settings.example.json | 5 ++--- source/plugins/stargazers/metadata.yml | 1 + 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/readme/partials/documentation/setup/web.md b/.github/readme/partials/documentation/setup/web.md index 587625d3..e6c14485 100644 --- a/.github/readme/partials/documentation/setup/web.md +++ b/.github/readme/partials/documentation/setup/web.md @@ -109,6 +109,7 @@ The following extra features are supported: | `metrics.setup.community.templates` | Allow community templates download | | `metrics.setup.community.presets` | Allow community presets usage | | `metrics.api.github.overuse` | Allow GitHub API intensive requests | +| `metrics.api.*` | Allow use of external API requests | | `metrics.cpu.overuse` | Allow CPU intensive requests | | `metrics.run.tempdir` | Allow access to temporary directory (including I/O) | | `metrics.run.git` | Allow to run git | @@ -117,9 +118,7 @@ The following extra features are supported: | `metrics.run.puppeteer.scrapping` | Allow to run puppeteer to scrape data | | `metrics.run.puppeteer.user.css` | Allow to run CSS by user during puppeteer render | | `metrics.run.puppeteer.user.js` | Allow to run JavaScript by user during puppeteer render | -| ⚠️ `metrics.npm.optional.chartist` | Allow use of chartist (vulnerable to [CVE-2021-20066](https://github.com/advisories/GHSA-f4c9-cqv8-9v98)) | -| `metrics.npm.optional.gifencoder` | Allow use of gifencoder | -| `metrics.npm.optional.libxmljs2` | Allow use of libxmljs2 | +| ⚠️ `metrics.npm.optional.*` | Allow use of specified dependency (CONSULT RESPECTIVE DEPENDENCY CVE FIRST) | If a plugin is used without sufficient permissions, it will result in an error. diff --git a/source/app/web/settings.example.json b/source/app/web/settings.example.json index 0992f187..f1381d0a 100644 --- a/source/app/web/settings.example.json +++ b/source/app/web/settings.example.json @@ -38,6 +38,7 @@ "//": "metrics.setup.community.templates | Allow community templates download", "//": "metrics.setup.community.presets | Allow community presets usage", "//": "metrics.api.github.overuse | Allow GitHub API intensive requests", + "//": "metrics.api.* | Allow use of external API requests", "//": "metrics.cpu.overuse | Allow CPU intensive requests", "//": "metrics.run.tempdir | Allow access to temporary directory (I/O operations may be performed)", "//": "metrics.run.git | Allow to run git", @@ -46,9 +47,7 @@ "//": "metrics.run.puppeteer.scrapping | Allow to run puppeteer to scrape data", "//": "metrics.run.puppeteer.user.css | Allow to run CSS by user during puppeteer render", "//": "metrics.run.puppeteer.user.js | Allow to run JavaScript by user during puppeteer render", - "//": "metrics.npm.optional.chartist | Allow use of chartist", - "//": "metrics.npm.optional.gifencoder | Allow use of gifencoder", - "//": "metrics.npm.optional.libxmljs2 | Allow use of libxmljs2" + "//": "metrics.npm.optional.* | Allow use of specified dependency" }, "plugins.default": false, "//": "Default plugin state (advised to let 'false' unless in debug mode)", "plugins": { "//": "Global plugin configuration", diff --git a/source/plugins/stargazers/metadata.yml b/source/plugins/stargazers/metadata.yml index 7682e93d..670705c0 100644 --- a/source/plugins/stargazers/metadata.yml +++ b/source/plugins/stargazers/metadata.yml @@ -50,6 +50,7 @@ inputs: default: no extras: - metrics.api.google.maps + - metrics.npm.optional.d3 plugin_stargazers_worldmap_token: description: |