appcanary 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d4e52c8e7c0d2fea19bcfa7967090d91db713bf8
+  data.tar.gz: 79207694fe161235240740d2ffa695a5f6955409
+SHA512:
+  metadata.gz: e884ca5e62d5b68bea65ee3a9b8035828fef0b2e6258aa456023f059cdb5077e75b1842722711e6e63cc8d769aabc5c804d972c3c98f1a7f09e995bf5f9a2e8d
+  data.tar.gz: 8cca868bda7871c9c7253e030572addf4d502a45c9183d031c17de79b5a6a020ee957bd98e344ef3e32820da8d0ad23859a5d4bf505f9318dbd09ef13905f243

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.3
+before_install: gem install bundler -v 1.13.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in appcanary.gemspec
+gemspec

data/README.md

@@ -0,0 +1,155 @@
+# Appcanary
+
+[![CircleCI](https://circleci.com/gh/appcanary/appcanary.rb.svg?style=svg)](https://circleci.com/gh/appcanary/appcanary.rb)
+
+[Appcanary](https://appcanary.co) is a service which keeps track of which
+versions of what packages are vulnerable to which security vulnerabilities, so
+you don't have to.
+
+The Appcanary ruby gem offers a way to automate your vulnerability checks either
+as part of your Continuous Integration builds, or just programmatically
+elsewhere. It also provides rake tasks for convenience.
+
+## Quickstart
+
+These instructions will get you going on CircleCI with a rails project.
+
+First, add the appcanary gem to your Gemfile:
+
+```ruby
+gem "appcanary", :git => "https://github.com/appcanary/appcanary.rb"
+```
+
+`bundle install` it to update your `Gemfile.lock`.
+
+Add some configuration to your `config/initializers/appcanary.rb` file:
+
+```ruby
+Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
+```
+
+Now, add the following lines to your `circle.yml` file:
+
+```yaml
+dependencies:
+  # [ ... other dependency bits elided ... ]
+  post:
+    # outputs CVEs and references
+    - bundle exec rake appcanary:check
+    # update the appcanary monitor for this app
+    - bundle exec rake appcanary:update_monitor
+```
+
+Don't forget to add the `APPCANARY_API_KEY` environment variable in your
+project settings in the CircleCI web app. You can find your API key in
+your [Appcanary settings](https://appcanary.com/settings).
+
+Commit and push your changes, and CircleCI should do the right thing.
+
+## Alternative setups
+
+There are several ways to use the Appcanary gem. The simplest of all is to write
+a small program, in the context of a Bundler managed project, like this:
+
+```ruby
+require "appcanary"
+
+config = {
+  base_uri: "https://appcanary.com/api/v3",
+  api_key: "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
+  monitor_name: "my_monitor"
+}
+
+canary = Appcanary::Client.new(config)
+
+if canary.is_this_app_vulnerable?
+  puts "you appear to have your ass in the air"
+end
+```
+
+Instead, you can use a global configuration block, in the traditional rails
+idiom:
+
+```ruby
+Appcanary.configure do |canary|
+  canary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
+  canary.base_uri = "https://appcanary.com/api/v3"
+  canary.monitor_name = "my_monitor"
+end
+```
+
+This config style is perhaps best suited to use an initializer file in rails
+projects.
+
+Here's a static configuration which is a bit less railsish:
+
+```ruby
+Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
+Appcanary.gemfile_lock_path = "/path/to/gemfile"
+```
+
+The gem may then be used without instantiating a client, like this:
+
+```ruby
+if Appcanary.is_this_app_vulnerable? :critical
+  puts "I see your shiny attack surface! It BIG!"
+end
+```
+
+Finally, we provide two rake tasks, which are installed automatically in rails
+projects. They are as follows:
+
+```
+$ rake -T
+...
+rake appcanary:check                    # Check vulnerability status
+rake appcanary:update_monitor           # Update the appcanary monitor for this project
+...
+
+$ rake appcanary:check
+CVE-2016-6316
+CVE-2016-6317
+$ rake appcanary:update_monitor
+$
+```
+
+If you're using the rake tasks in a non-Rails environment, you'll need to
+configure the appcanary gem using the third and final method; a YAML file called
+`appcanary.yml`, in your project root. The contents, unsurprisingly, look like
+this:
+
+```yaml
+api_token: "xxxxxxxxxxxxxxxxxxxxxxxxxx"
+base_uri: "https://appcanary.com/api/v3"
+monitor_name: "my_monitor"
+```
+
+## Configuration
+
+As we've seen, you can configure the appcanary gem several different ways. All
+configurations include the following items however.
+
+| Key                 | Required? | Description | Notes |
+| ------------------- | --------- | ----------- | ----- |
+| `api_key`           | Y         | Your Appcanary API key, found in your [Appcanary settings](https://appcanary.com/settings). | |
+| `gemfile_lock_path` | N         | Path to your `Gemfile.lock`, which gets shipped to Appcanary for analysis. | Most of the time you can leave this undefined. |
+| `monitor_name`      | Y*        | The base name for the monitor to be updated. *This is required if and only if you plan to use the `update_monitor` functionality. | If you're running in CI, the gem will attempt to acquire the name of the current branch and append that to your monitor name before sending the update. If a monitor does not already exist, it will be created. If this attribute is unset and the gem is loaded in the context of a Rails application, it will use the rails application name as the monitor name. |
+| `base_uri`          | N         | The url for the Appcanary service endpoint. | You should leave this unset unless you have a very good reason not to. |
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake test` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file
+to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/appcanary/appcanary.rb.
+

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+load "lib/appcanary/tasks/appcanary/check.rake"
+load "lib/appcanary/tasks/appcanary/monitor.rake"
+
+task :default => :test

data/appcanary.gemspec

@@ -0,0 +1,39 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'appcanary/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "appcanary"
+  spec.version       = Appcanary::VERSION
+  spec.authors       = ["J Irving", "Phill MV"]
+  spec.email         = ["hello@appcanary.com"]
+
+  spec.summary       = %q{Check your dependencies against Appcanary's database.}
+  spec.description   = %q{}
+  spec.homepage      = "https://appcanary.co"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "multipart-post", "~> 2.0"
+  spec.add_runtime_dependency "json", ">= 1.8.3"
+
+  spec.add_development_dependency "bundler", "~> 1.13"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "pry", "~> 0.10"
+end

data/bin/appcanary

@@ -0,0 +1,104 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "appcanary"
+require "optparse"
+
+class AppcanaryCLI
+  class << self
+    def api_key_opt(opts)
+      opts.on("-a", "--api-key API_KEY", :REQUIRED,
+              "Your Appcanary API key. Find it at https://appcanary.com/settings") do |ak|
+        Appcanary.api_key = ak
+      end
+    end
+
+    def gemfile_lock_opt(opts)
+      opts.on("-g", "--gemfile-lock GEMFILE_LOCK", :OPTIONAL,
+              "Path to the Gemfile.lock to ship to Appcanary") do |gl|
+        Appcanary.gemfile_lock_path = gl
+      end
+    end
+
+    def base_uri_opt(opts)
+      opts.on("-b", "--base-uri BASE_URI", :OPTIONAL,
+              "The URL for the Appcanary endpoint to use.") do |bu|
+        Appcanary.base_uri = bu
+      end
+    end
+
+    def monitor_name_opt(opts)
+      opts.on("-m", "--monitor-name MONITOR_NAME", :REQUIRED,
+              "The name of the Appcanary monitor to update.") do |mn|
+        Appcanary.monitor_name = mn
+      end
+    end
+
+    def parse
+      top_level_help = <<-HELP
+Subcommands are:
+  check  -  Check your gem bundle for vulnerabilities
+  update -  Update an Appcanary monitor
+
+See "appcanary COMMAND --help" for more information about a specific command.
+      HELP
+
+      common = OptionParser.new do |opts|
+        opts.banner = "Usage: appcanary check|update [options]"
+        opts.separator ""
+        opts.separator top_level_help
+      end
+
+      subcommands = {
+        "update" => OptionParser.new do |opts|
+          opts.banner = "Usage: update [options]"
+          api_key_opt(opts)
+          base_uri_opt(opts)
+          gemfile_lock_opt(opts)
+          monitor_name_opt(opts)
+        end,
+        "check" => OptionParser.new do |opts|
+          opts.banner = "Usage: check [options]"
+          api_key_opt(opts)
+          base_uri_opt(opts)
+          gemfile_lock_opt(opts)
+        end
+      }
+
+      common.order!
+
+      command = ARGV.shift
+      if command.nil?
+        puts "No subcommand found -- try appcanary --help"
+      else
+        subcommands[command].order!
+      end
+
+      command
+    end
+  end
+end
+
+def run_check
+  response = Appcanary.check
+  if response["meta"]["vulnerable"]
+    response["included"].map do |vuln|
+      vuln["attributes"]["reference-ids"]
+    end.flatten.uniq.each do |ref|
+      puts ref
+    end
+  end
+end
+
+def run_appcanary_command
+  case AppcanaryCLI.parse
+  when "update"
+    Appcanary.update_monitor!
+  when "check"
+    run_check
+  end
+rescue => e
+  puts e
+end
+
+run_appcanary_command

data/bin/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "appcanary"
+
+require "pry"
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/appcanary.rb

@@ -0,0 +1,5 @@
+require "appcanary/version"
+require "appcanary/configuration"
+require "appcanary/http"
+require "appcanary/assert"
+require "appcanary/railtie" if defined?(Rails)

data/lib/appcanary/assert.rb

@@ -0,0 +1,59 @@
+require "json"
+
+module Appcanary
+  class Client
+    include HTTP
+
+    attr_reader :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def is_this_app_vulnerable?(criticality = nil)
+      check do |response|
+        vulnerable = response["meta"]["vulnerable"]
+        if vulnerable == true || vulnerable == "true"
+          return true if criticality.nil?
+
+          cnt = count_criticalities(response)[criticality.to_s]
+          cnt && cnt > 0
+        else
+          false
+        end
+      end
+    end
+
+    def check(&block)
+      response = ship_gemfile(:check, config)
+
+      if block
+        block.call(response)
+      else
+        response
+      end
+    end
+
+    def update_monitor!
+      if config.sufficient_for_monitor?
+        ship_gemfile(:monitors, config)
+      else
+        raise Appcanary::ConfigurationError.new("Appcanary.monitor_name = ???")
+      end
+    end
+
+    private
+    def count_frequencies(arr)
+      arr.inject({}) do |freqs, i|
+        freqs[i] ||= 0
+        freqs[i] += 1
+        freqs
+      end
+    end
+
+    def count_criticalities(response)
+      count_frequencies(
+        response["included"].map { |vuln| vuln["attributes"]["criticality"] })
+    end
+  end
+end

data/lib/appcanary/configuration.rb

@@ -0,0 +1,154 @@
+require "yaml"
+
+module Appcanary
+  APPCANARY_DEFAULT_BASE_URI = "https://appcanary.com/api/v3"
+
+  APPCANARY_YAML = "appcanary.yml"
+  GEMFILE_LOCK = "Gemfile.lock"
+
+  class Configuration
+    attr_accessor :base_uri, :api_key, :monitor_name, :gemfile_lock_path
+
+    def [](k)
+      self.send(k.to_s)
+    end
+
+    def initialize
+      self.base_uri = APPCANARY_DEFAULT_BASE_URI
+      self.monitor_name = maybe_guess_monitor_name
+      self.gemfile_lock_path = locate_gemfile_lockpath
+    end
+
+    def maybe_guess_monitor_name
+      Rails.application.class.parent_name if defined?(Rails)
+    end
+
+    def locate_gemfile_lockpath
+      # make an educated guess
+      gemfile_lock_path = "#{Dir.pwd}/#{GEMFILE_LOCK}"
+      return gemfile_lock_path if File.exist?(gemfile_lock_path)
+
+      # otherwise try out bundler
+      begin
+        require "bundler"
+        if defined?(Bundler)
+          Bundler.default_lockfile.to_s
+        end
+      rescue LoadError
+        # ignore, handle at resolution time
+      end
+    end
+
+    def sufficient_for_check?
+      ! (base_uri.nil? || api_key.nil? || gemfile_lock_path.nil?)
+    end
+
+    def sufficient_for_monitor?
+      sufficient_for_check? && !monitor_name.nil?
+    end
+
+    def resolve!
+      # 1. static configuration takes precedence over yaml, and only one may be
+      #    used. If the configuration block is present and valid, use it
+      #    exclusively, otherwise looks for yaml.
+      #
+      # 2. within that context, use the following rules
+      #    - api_key: required, no attempt to guess/derive
+      #
+      #    - gemfile_lock_path: path to Gemfile.lock; if missing, attempt to
+      #      guess based on Bundler (if defined -- if not, attempt to require
+      #      it, and fail angrily if that doesn't work).
+      #
+      #    - monitor_name: name to use as the base for the monitor update. If
+      #      this is missing, attempt to derive it by finding the rails app name
+      #      (if Rails is defined). Otherwise fail, but only when updating
+      #      monitors, not when running checks.
+      #
+      #    - base_uri: if this is missing (as it probably should be in all cases
+      #      except working on this gem), default to prod appcanary.com.
+      unless self.sufficient_for_check?
+        yaml_file = "#{Dir.pwd}/#{APPCANARY_YAML}"
+        begin
+          load_yaml_config!(yaml_file)
+        rescue
+          load_yaml_config!("#{Bundler.root}/#{APPCANARY_YAML}") if defined?(Bundler)
+        end
+      end
+
+      # UX for validation
+      errors = []
+      errors << "\tAppcanary.api_key = ???" if api_key.nil?
+      errors << "\tAppcanary.gemfile_lock_path = ???" if gemfile_lock_path.nil?
+      unless errors.empty?
+        raise ConfigurationError.new("Missing configuration:\n#{errors.join("\n")}")
+      end
+
+      self
+    end
+
+    def load_yaml_config!(path)
+      begin
+        yaml_config            = YAML.load_file(path)
+        self.api_key           = yaml_config["api_key"]
+        self.gemfile_lock_path = yaml_config["gemfile_lock_path"]
+        self.monitor_name      = yaml_config["monitor_name"]
+        self.base_uri          = yaml_config["base_uri"] || APPCANARY_DEFAULT_BASE_URI
+      rescue Errno::ENOENT
+        # ignore, fall through
+      rescue => e
+        # there was a file, but something was wrong with it
+        raise ConfigurationError.new(e)
+      end
+    end
+  end
+
+  class ConfigurationError < RuntimeError
+    SUFFIX = <<-EOS
+Consult the following docs for more information:
+- https://github.com/appcanary/appcanary.rb
+- https://appcanary.com/settings
+    EOS
+
+    def initialize(msg)
+      super("#{msg}\n\n#{SUFFIX}")
+    end
+  end
+
+  class << self
+    def configuration
+      @@configuration ||= Configuration.new
+    end
+
+    def reset
+      @@configuration = Configuration.new
+    end
+
+    def configure(&block)
+      block.call(configuration) if block
+    end
+
+    # another way to do static configuration
+    def api_key=(val);           configuration.api_key = val;           end
+    def gemfile_lock_path=(val); configuration.gemfile_lock_path = val; end
+    def monitor_name=(val);      configuration.monitor_name = val;      end
+    def base_uri=(val);          configuration.base_uri = val;          end
+
+    # static API
+    def is_this_app_vulnerable?(criticality = nil)
+      canary.is_this_app_vulnerable?(criticality)
+    end
+
+    def update_monitor!
+      canary.update_monitor!
+    end
+
+    def check
+      canary.check
+    end
+
+    private
+    def canary
+      @@canary ||= Appcanary::Client.new(Appcanary.configuration.resolve!)
+    end
+  end
+end

data/lib/appcanary/http.rb

@@ -0,0 +1,96 @@
+require "net/http"
+require "net/http/post/multipart"
+require "json"
+
+module Appcanary
+  class ServiceError < RuntimeError
+  end
+
+  # In this module, `config` should always be a hash, or an object that responds
+  # to `[](k)`, typically obtained by calling `Appcanary::Configuration#resolve!`.
+  module HTTP
+    def ship_gemfile(endpoint, config, &block)
+      payload = {
+        file: config[:gemfile_lock_path],
+        platform: "ruby"
+      }
+
+      parsed_response = ship_file(endpoint, payload, config)
+
+      if block
+        block.call(parsed_response)
+      else
+        parsed_response
+      end
+    end
+
+    def ship_file(endpoint, payload, config)
+      resp = try_request_with(:put, endpoint, payload, config)
+
+      unless resp.code.to_s == "200"
+        resp = try_request_with(:post, endpoint, payload, config)
+      end
+
+      unless %w[200 201].include? resp.code.to_s
+        raise ServiceError.new("Failed to ship file to Appcanary: #{resp}")
+      end
+
+      JSON.parse(resp.body)
+    end
+
+    private
+    def url_for(endpoint, config)
+      case endpoint
+      when :monitors
+        monitor = "#{config[:monitor_name]}"
+
+        if ENV["CIRCLECI"] && ENV["CIRCLECI"] == "true"
+          monitor = "#{monitor}_#{ENV['CIRCLE_BRANCH']}"
+        end
+
+        # these are rails routing delimiters
+        monitor.gsub!("/", "_")
+        monitor.gsub!(".", "_")
+
+        URI.parse("#{config[:base_uri]}/monitors/#{monitor}")
+      when :check
+        URI.parse("#{config[:base_uri]}/check")
+      else
+        # internal brokenness
+        raise RuntimeError.new("Unknown Appcanary endpoint: #{endpoint.to_s}!")
+      end
+    end
+
+    REQUEST_TYPES = {
+      post: Net::HTTP::Post::Multipart,
+      put: Net::HTTP::Put::Multipart
+    }
+
+    def try_request_with(method, endpoint, payload, config)
+      request_type = REQUEST_TYPES[method]
+      url = url_for(endpoint, config)
+      filename = File.basename(payload[:file])
+      url.query = URI.encode_www_form("platform" => payload[:platform])
+
+      File.open(payload[:file]) do |file|
+        params = {}.tap do |p|
+          p["file"] = UploadIO.new(file, "text/plain", filename)
+          p["platform"] = payload[:platform]
+
+          if payload[:version]
+            p["version"] = payload[:version]
+            url.query = url.query.merge("version", payload[:version])
+          end
+        end
+
+        headers = {"Authorization" => "Token #{config[:api_key]}"}
+        req = request_type.new(url.path, params, headers, SecureRandom.base64)
+        options = { use_ssl: url.scheme == "https" }
+
+        Net::HTTP.start(url.host, url.port, options) do |http|
+          http.request(req)
+        end
+      end
+    end
+  end
+end

data/lib/appcanary/railtie.rb

@@ -0,0 +1,12 @@
+require "rails/railtie"
+
+module Appcanary
+  class Railtie < Rails::Railtie
+    rake_tasks do
+      spec = Gem::Specification.find_by_name("appcanary")
+      gem_root = spec.gem_dir
+      load "#{gem_root}/lib/appcanary/tasks/appcanary/check.rake"
+      load "#{gem_root}/lib/appcanary/tasks/appcanary/monitor.rake"
+    end
+  end
+end

data/lib/appcanary/tasks/appcanary/check.rake

@@ -0,0 +1,28 @@
+require "appcanary"
+require "rake"
+
+def run_check
+  response = Appcanary.check
+  if response["meta"]["vulnerable"]
+    response["included"].map do |vuln|
+      vuln["attributes"]["reference-ids"]
+    end.flatten.uniq.each do |ref|
+      puts ref
+    end
+  end
+rescue => e
+  puts e
+end
+
+namespace :appcanary do
+  desc "Check vulnerability status"
+  if defined?(Rails)
+    task :check => :environment do
+      run_check
+    end
+  else
+    task :check do
+      run_check
+    end
+  end
+end

data/lib/appcanary/tasks/appcanary/monitor.rake

@@ -0,0 +1,21 @@
+require "appcanary"
+require "rake"
+
+def run_update_monitor
+  Appcanary.update_monitor!
+rescue => e
+  puts e
+end
+
+namespace :appcanary do
+  desc "Update the appcanary monitor for this project"
+  if defined?(Rails)
+    task :update_monitor => :environment do
+      run_update_monitor
+    end
+  else
+    task :update_monitor do
+      run_update_monitor
+    end
+  end
+end

data/lib/appcanary/version.rb

@@ -0,0 +1,3 @@
+module Appcanary
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,146 @@
+--- !ruby/object:Gem::Specification
+name: appcanary
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- J Irving
+- Phill MV
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-01-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: multipart-post
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+description: ''
+email:
+- hello@appcanary.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- appcanary.gemspec
+- bin/appcanary
+- bin/console
+- bin/setup
+- lib/appcanary.rb
+- lib/appcanary/assert.rb
+- lib/appcanary/configuration.rb
+- lib/appcanary/http.rb
+- lib/appcanary/railtie.rb
+- lib/appcanary/tasks/appcanary/check.rake
+- lib/appcanary/tasks/appcanary/monitor.rake
+- lib/appcanary/version.rb
+homepage: https://appcanary.co
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Check your dependencies against Appcanary's database.
+test_files: []