RubyGems - appcanary - Versions diffs - 0.1.2 → 0.1.3 - Mend

appcanary 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +20 -4
data/lib/appcanary/http.rb +1 -1
data/lib/appcanary/tasks/appcanary/check.rake +12 -2
data/lib/appcanary/version.rb +1 -1
metadata +3 -4
data/.travis.yml +0 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 96de267898e55b67de4bd2f10c794548b559725c
-  data.tar.gz: 57731358db822db9c9843866a7de38dc26e875fd
+  metadata.gz: 284939affc1454e5a6d28abe108b4c9949288c2e
+  data.tar.gz: 59b656003a5ac8a4533377757197d79d25ca1784
 SHA512:
-  metadata.gz: fc2d60a3ab2bc5c1e290c6aed16454e6f2f1e7a7e28778bcfdb5645aecf22b60ccab6d1691a63c2af149cfd3b1cf8ecdb09a4eafb020e5b97f2706fbe9bd6ce9
-  data.tar.gz: e0cff42089de63d3c3931951a7a319a522b3a34a26bae473bed4c6f0a95fca8d9d12fa5cd92d476131375cd4f1c11f215a4da20a7b49e400e58ce241f77f4225
+  metadata.gz: 201fd68b7ef60153da6d237043726f558c04ad23fcc430f1090def068ce5880c2982b1f5307d26feb6396121fd5415233675b9628e2a8a22a84e74c18f4b407f
+  data.tar.gz: a3f711c3e6997fe909af3225404472f7f4e27499b5daff2710a83e07e11292a1fd69788a2f639565aeacf5977c2c1af77d8a89b36e586c4871b68333dc530bb7

data/README.md CHANGED

@@ -2,7 +2,7 @@
 [![CircleCI](https://circleci.com/gh/appcanary/appcanary.rb.svg?style=svg)](https://circleci.com/gh/appcanary/appcanary.rb)
-[Appcanary](https://appcanary.co) is a service which keeps track of which
+[Appcanary](https://appcanary.com) is a service which keeps track of which
 versions of what packages are vulnerable to which security vulnerabilities, so
 you don't have to.
@@ -17,7 +17,7 @@ These instructions will get you going on CircleCI with a rails project.
 First, add the appcanary gem to your Gemfile:
 ```ruby
-gem "appcanary", :git => "https://github.com/appcanary/appcanary.rb"
+gem "appcanary"
 ```
 `bundle install` it to update your `Gemfile.lock`.
@@ -31,7 +31,7 @@ Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
 Now, add the following lines to your `circle.yml` file:
 ```yaml
-dependencies:
+test:
   # [ ... other dependency bits elided ... ]
   post:
     # outputs CVEs and references
@@ -79,7 +79,7 @@ end
 ```
 This config style is perhaps best suited to use an initializer file in rails
-projects.
+projects. We suggest `config/initializers/appcanary.rb` as a good spot for that.
 Here's a static configuration which is a bit less railsish:
@@ -124,6 +124,22 @@ base_uri: "https://appcanary.com/api/v3"
 monitor_name: "my_monitor"
 ```
+### Heroku
+For Heroku rails deployments, everything should really "just work".
+1. Include the `appcanary` gem in your `Gemfile` - see previous section.
+2. Ensure you have the `api_key` set to `ENV["APPCANARY_API_KEY"]` - see previous section.
+3. Set the env var like this: `heroku config:set APPCANARY_API_KEY=xxxx -a yorapp`, where `yorapp` is replaced with the name of your Heroku application.
+4. Once deployed, try `heroku run rake appcanary:check` to verify your dependencies.
+5. Optionally, set up a regular monitor update using the heroku scheduler:
+  1. `heroku addons:create scheduler:standard` - creates a new scheduler service instance, attached to your application.
+  2. `heroku addons:open scheduler` - opens a browser window on the scheduler service UI.
+  3. Add a job that executes `rake appcanary:update_monitor` - the scheduler UI makes how to do this obvious (at the time of writing).
+Steps 1 and 2 are exactly as described in previous sections. This should get you
+going with a rails deployment on Heroku.
 ## Configuration
 As we've seen, you can configure the appcanary gem several different ways. All

data/lib/appcanary/http.rb CHANGED

@@ -32,7 +32,7 @@ module Appcanary
       end
       unless %w[200 201].include? resp.code.to_s
-        raise ServiceError.new("Failed to ship file to Appcanary: #{resp}")
+        raise ServiceError.new("Failed to ship file to Appcanary: #{resp.message}")
       end
       JSON.parse(resp.body)

data/lib/appcanary/tasks/appcanary/check.rake CHANGED

@@ -4,11 +4,21 @@ require "rake"
 def run_check
   response = Appcanary.check
   if response["meta"]["vulnerable"]
+    puts "This app has security vulnerabilities.\n\n"
+    puts "You should upgrade the following packages:"
+    puts response["data"].map { |p| p["attributes"]["name"] }.uniq
+    puts "\n\n"
+    puts "Due to the following vulnerabilities:"
     response["included"].map do |vuln|
-      vuln["attributes"]["reference-ids"]
+      vuln["id"]
     end.flatten.uniq.each do |ref|
-      puts ref
+      puts "https://appcanary.com/vulns/#{ref}"
     end
+    exit 1
   end
 rescue => e
   puts e

data/lib/appcanary/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Appcanary
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appcanary
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - J Irving
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-10 00:00:00.000000000 Z
+date: 2017-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multipart-post
@@ -104,7 +104,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - README.md
 - Rakefile
@@ -140,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: Check your dependencies against Appcanary's database.

data/.travis.yml DELETED

@@ -1,5 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-  - 2.3.3
-before_install: gem install bundler -v 1.13.6