tomasalias/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Security notice (#767)

Browse Source 
Co-authored-by: triphora <emmaffle@modrinth.com>
This commit is contained in:
Geometrically
2022-11-26 18:16:34 -08:00
committed by GitHub
parent de170ebdd2
commit 8f137cf49d
6 changed files with 99 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -1,41 +0,0 @@
name: Bug report
description: Create a report to help us improve knossos
labels: [bug]
body:
- type: dropdown
attributes:
label: Environment
options:
- Staging
- Website
validations:
required: false
- type: textarea
attributes:
label: Describe the bug
description: A clear and concise description of what the bug is.
validations:
required: false
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior.
placeholder: |
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
validations:
required: false
- type: textarea
attributes:
label: Expected behavior
description: A clear and concise description of what you expected to happen.
validations:
required: false
- type: textarea
attributes:
label: Additional context
description: Add any other context about the problem here.
validations:
required: false

8
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,8 +0,0 @@
blank_issues_enabled: true
contact_links:
- name: Discord
about: Ask questions on our Discord Server.
url: https://discord.gg/EUHuJHt
- name: Documentation
about: Useful documentation about Modrinth, its API, and how you can contribute.
url: https://docs.modrinth.com

28
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,28 +0,0 @@
name: Feature request
description: Suggest an idea for this project
labels: [feature request]
body:
- type: textarea
attributes:
label: Is your feature request related to a problem? Please describe.
description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
validations:
required: false
- type: textarea
attributes:
label: Describe the solution you'd like
description: A clear and concise description of what you want to happen.
validations:
required: false
- type: textarea
attributes:
label: Describe alternatives you've considered
description: A clear and concise description of any alternative solutions or features you've considered.
validations:
required: false
- type: textarea
attributes:
label: Additional context
description: Add any other context or screenshots about the feature request here.
validations:
required: false

7
layouts/default.vue
View File

@@ -340,12 +340,7 @@
<nuxt-link to="/legal/terms">Terms</nuxt-link>
<nuxt-link to="/legal/privacy">Privacy</nuxt-link>
<nuxt-link to="/legal/rules">Rules</nuxt-link>
<a
:target="$external()"
href="https://github.com/modrinth/knossos/blob/master/LICENSE.md"
>
License
</a>
<nuxt-link to="/legal/security">Security</nuxt-link>
</div>
<div class="links links-2" role="region" aria-label="Resources">
<h4 aria-hidden="true">Resources</h4>

5
pages/legal.vue
View File

@@ -13,6 +13,9 @@
<NavStackItem link="/legal/rules" label="Content Rules">
<RulesIcon />
</NavStackItem>
<NavStackItem link="/legal/security" label="Security Notice">
<ShieldIcon />
</NavStackItem>
</NavStack>
</aside>
</div>
@@ -29,6 +32,7 @@ import NavStackItem from '~/components/ui/NavStackItem'
import TermsIcon from '~/assets/images/utils/heart-handshake.svg?inline'
import PrivacyIcon from '~/assets/images/utils/lock.svg?inline'
import RulesIcon from '~/assets/images/sidebar/admin.svg?inline'
import ShieldIcon from '~/assets/images/utils/shield.svg?inline'
export default {
name: 'Settings',
@@ -38,6 +42,7 @@ export default {
TermsIcon,
PrivacyIcon,
RulesIcon,
ShieldIcon,
},
}
</script>

93
pages/legal/security.vue Normal file
View File

@@ -0,0 +1,93 @@
<template>
<div>
<h1>Security Notice</h1>
<p>
This is the security notice for all Modrinth repositories. The notice
explains how vulnerabilities should be reported.
</p>
<h2>Reporting a Vulnerability</h2>
<p>
If you've found a vulnerability, we would like to know so we can fix it
before it is released publicly.
<strong>Do not open a GitHub issue for a found vulnerability</strong>.
</p>
<p>
Send details to <a href="mailto:jai@modrinth.com">jai@modrinth.com</a>
including:
</p>
<ul>
<li>
the website, page or repository where the vulnerability can be observed
</li>
<li>a brief description of the vulnerability</li>
<li>
optionally the type of vulnerability and any related
<a
href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project"
>
OWASP category
</a>
</li>
<li>non-destructive exploitation details</li>
</ul>
<p>We will do our best to reply as fast as possible.</p>
<h2>Scope</h2>
<p>The following vulnerabilities <strong>are not</strong> in scope:</p>
<ul>
<li>
volumetric vulnerabilities, for example overwhelming a service with a
high volume of requests
</li>
<li>
reports indicating that our services do not fully align with "best
practice", for example missing security headers
</li>
</ul>
<p>
If you aren't sure, you can still reach out via email or direct message.
</p>
<hr />
<p>
This notice is inspired by the
<a href="https://www.pythondiscord.com/pages/security-notice/">
Python Discord Security Notice</a
>.
</p>
<p><em>Version 2022-11</em></p>
</div>
</template>
<script>
export default {
auth: false,
head: {
title: 'Security Notice - Modrinth',
meta: [
{
hid: 'description',
name: 'description',
content:
'The Security Notice of Modrinth, an open source modding platform focused on Minecraft.',
},
{
hid: 'apple-mobile-web-app-title',
name: 'apple-mobile-web-app-title',
content: 'Security Notice',
},
{
hid: 'og:title',
name: 'og:title',
content: 'Security Notice',
},
{
hid: 'og:url',
name: 'og:url',
content: `https://modrinth.com/legal/security`,
},
],
},
}
</script>
<style lang="scss" scoped></style>