Git Product home page Git Product logo

spenttime's Introduction

SpentTime

Build Status JDK Supported versions SpigotMC Bukkit PaperMC Modrinth bStats

Information

This is a plugin that allows you to check how much time a player has spent on the server.

  • Performance-focused - Minimizes the impact on server resources, allowing you to maintain high server performance.
  • Simplicity of configuration - Thanks to clear documentation, even people without advanced knowledge can easily adapt the plugin to their own needs.
  • Regularly Updated - We update our plugin regularly, both fixing bugs and adding new features to ensure full compatibility with the latest versions of the game.

Features

  • Customizable top spent time player GUI,
  • Configurable items showing where top players spent their time,
  • Option to change the type of GUI displaying top players based on time spent,
  • Ability to customize the appearance of the top players spent time GUI,
  • Option to set a custom number of players displayed in the top spent time list,
  • Option to customize messages (ACTIONBAR, CHAT, etc.),
  • Offline time tracking for players,
  • Resetting spent time for individual players,
  • Resetting spent time for all players on the server,
  • Placeholder API support,
  • Adventure components support.

Preview

  • Top spent time GUI

gif

  • Checking your time spent

gif

  • Resetting time spent

gif

Command permissions

Command Permission
spenttime command.spenttime
spenttime <target> command.spenttime.target
spenttime top command.spenttime.top
spenttime set command.spenttime.set
spenttime reset command.spenttime.reset
spenttime reset-all command.spenttime.reset.all

Gui types

GuiType Description
STANDARD Standard Gui that should be used when the player list does not exceed 10
PAGINATED A Gui with pages that allow you to move between pages through items
SCROLLING A Gui that allows you to scroll through items
DISABLED The list of players will be sent in the chat

Notification types

  • CHAT
  • ACTIONBAR
  • TITLE
  • SUBTITLE
  • DISABLED

Supported database types

  • SQLITE
  • MYSQL

Placeholder API Formats

  • %spent-time% - Displays the converted value in human-readable (e.g. 10h 30m) of the player's spent time.

Why doesn't my time at the top count immediately?

  • This is specifically done to make the plugin efficient. The player's time updates when entering and exiting the server and there is an additional task that updates the spent time of all players. You can change its frequency in the configuration by changing spentTimeSaveDelay.

Reporting issues

If you have any suggestions or find a bug, please report it using this site.

spenttime's People

Contributors

dependabot[bot] avatar imdmk avatar mend-bolt-for-github[bot] avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

andersonwest

spenttime's Issues

triumph-gui-3.1.7.jar: 2 vulnerabilities (highest severity is: 7.7)

Vulnerable Library - triumph-gui-3.1.7.jar

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.0/c4ba5371a29ac9b2ad6129b1d39ea38750043eff/gson-2.8.0.jar

Found in HEAD commit: 71f9d7e270be4972f71dc98767844b434506958e

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (triumph-gui version) Remediation Possible**
WS-2021-0419 High 7.7 gson-2.8.0.jar Transitive N/A*
CVE-2022-25647 High 7.5 gson-2.8.0.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2021-0419

Vulnerable Library - gson-2.8.0.jar

Gson JSON library

Library home page: https://github.com/google/gson

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.0/c4ba5371a29ac9b2ad6129b1d39ea38750043eff/gson-2.8.0.jar

Dependency Hierarchy:

  • triumph-gui-3.1.7.jar (Root Library)
    • adventure-text-serializer-gson-4.16.0.jar
      • gson-2.8.0.jar (Vulnerable Library)

Found in HEAD commit: 71f9d7e270be4972f71dc98767844b434506958e

Found in base branch: main

Vulnerability Details

Denial of Service vulnerability was discovered in gson before 2.8.9 via the writeReplace() method.

Publish Date: 2021-10-11

URL: WS-2021-0419

CVSS 3 Score Details (7.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-10-11

Fix Resolution: com.google.code.gson:gson:2.8.9

Step up your Open Source Security Game with Mend here

CVE-2022-25647

Vulnerable Library - gson-2.8.0.jar

Gson JSON library

Library home page: https://github.com/google/gson

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.0/c4ba5371a29ac9b2ad6129b1d39ea38750043eff/gson-2.8.0.jar

Dependency Hierarchy:

  • triumph-gui-3.1.7.jar (Root Library)
    • adventure-text-serializer-gson-4.16.0.jar
      • gson-2.8.0.jar (Vulnerable Library)

Found in HEAD commit: 71f9d7e270be4972f71dc98767844b434506958e

Found in base branch: main

Vulnerability Details

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Publish Date: 2022-05-01

URL: CVE-2022-25647

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647`

Release Date: 2022-05-01

Fix Resolution: com.google.code.gson:gson:gson-parent-2.8.9

Step up your Open Source Security Game with Mend here

okaeri-configs-yaml-snakeyaml-5.0.0-beta.5.jar: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - okaeri-configs-yaml-snakeyaml-5.0.0-beta.5.jar

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Found in HEAD commit: 71f9d7e270be4972f71dc98767844b434506958e

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (okaeri-configs-yaml-snakeyaml version) Remediation Possible**
CVE-2022-1471 Critical 9.8 snakeyaml-1.33.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-1471

Vulnerable Library - snakeyaml-1.33.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Dependency Hierarchy:

  • okaeri-configs-yaml-snakeyaml-5.0.0-beta.5.jar (Root Library)
    • snakeyaml-1.33.jar (Vulnerable Library)

Found in HEAD commit: 71f9d7e270be4972f71dc98767844b434506958e

Found in base branch: main

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution: org.yaml:snakeyaml:2.0

Step up your Open Source Security Game with Mend here

Duration not showing more than 1 day

Duration does not support showing days, months, etc. If you have more than 24 hours, e.g. 26, it will not be 1 day 2 hours but 26 hours.
You need to implement your own converter like in litecommands.

okaeri-configs-yaml-snakeyaml-5.0.1.jar: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - okaeri-configs-yaml-snakeyaml-5.0.1.jar

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Found in HEAD commit: c36d9f0cb010e13d63409a35f58f1234578fdbaa

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (okaeri-configs-yaml-snakeyaml version) Remediation Possible**
CVE-2022-1471 Critical 9.8 snakeyaml-1.33.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-1471

Vulnerable Library - snakeyaml-1.33.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Dependency Hierarchy:

  • okaeri-configs-yaml-snakeyaml-5.0.1.jar (Root Library)
    • snakeyaml-1.33.jar (Vulnerable Library)

Found in HEAD commit: c36d9f0cb010e13d63409a35f58f1234578fdbaa

Found in base branch: main

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution: org.yaml:snakeyaml:2.0

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.