bundler-organization_audit 0.1.0

data/.gitignore

@@ -0,0 +1 @@
+spec/private.yml

data/.travis.yml

@@ -0,0 +1,4 @@
+rvm:
+  - ree
+  - 1.9.2
+  - 1.9.3

data/Gemfile

@@ -0,0 +1,7 @@
+source :rubygems
+gemspec
+
+gem "bump"
+gem "rake"
+gem "rspec", "~>2"
+gem "bundler-audit"

data/Gemfile.lock

@@ -0,0 +1,33 @@
+PATH
+  remote: .
+  specs:
+    bundler-organization_audit (0.1.0)
+      json
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    bump (0.3.9)
+    bundler-audit (0.1.2)
+      bundler (~> 1.2)
+    diff-lcs (1.1.3)
+    json (1.7.7)
+    rake (10.0.3)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.12.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bump
+  bundler-audit
+  bundler-organization_audit!
+  rake
+  rspec (~> 2)

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "bump/tasks"
+
+task :default do
+  sh "rspec spec/"
+end

data/Readme.md

@@ -0,0 +1,76 @@
+Audit all Gemfiles of a user/organization on Github for unpatched versions
+
+    gem install bundler-organization_audit
+
+Usage
+=====
+
+### Public repos
+For yourself (git config github.user)
+```Bash
+bundle-organization-audit
+parallel
+No Gemfile.lock found
+
+parllel_tests
+bundle-audit
+No unpatched versions found
+
+rails_example_app
+bundle-audit
+Name: rack
+Version: 1.4.4
+CVE: 2013-0263
+Criticality: High
+URL: http://osvdb.org/show/osvdb/89939
+Title: Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
+Patched Versions: ~> 1.1.6, ~> 1.2.8, ~> 1.3.10, ~> 1.4.5, >= 1.5.2
+
+Vulnerable:
+https://github.com/grosser/rails_example_app
+```
+
+For someone elese
+```Bash
+bundle-organization-audit --user grosser
+```
+
+Ignore gems (ignores repos that have a %{repo}.gemspec)
+```Bash
+bundle-organization-audit --ignore-gems
+```
+
+For pipe -> only show vulnerable repos
+```
+bundle-organization-audit 2>/dev/null
+```
+
+Use for CI -> ignore old/unmaintained proejcts
+```
+bundle-organization-audit \
+  --ignore https://github.com/xxx/a \
+  --ignore https://github.com/xxx/b \
+  --organization xxx \
+  --token yyy
+```
+
+### Private repos
+
+```Bash
+# create a token that has access to your repositories
+curl -v -u your-user-name -X POST https://api.github.com/authorizations --data '{"scopes":["repo"]}'
+enter your password -> TOKEN
+
+bundle-organization-audit --user your-user --token TOKEN --organization your-organization
+```
+
+Dev
+===
+ - test private repo fetching via `cp spec/private{.example,}.yml` and filling it out
+
+Author
+======
+[Michael Grosser](http://grosser.it)<br/>
+michael@grosser.it<br/>
+License: MIT<br/>
+[![Build Status](https://travis-ci.org/grosser/bundler-organization_audit.png)](https://travis-ci.org/grosser/bundler-organization_audit)

data/bin/bundle-organization-audit

@@ -0,0 +1,35 @@
+#!/usr/bin/env ruby
+require "rubygems"
+require "optparse"
+
+$LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
+require "bundler/organization_audit"
+
+def git_config(thing)
+  result = `git config #{thing}`.strip
+  result.empty? ? nil : result
+end
+
+options = {
+  :ignore => [],
+  :user => git_config("github.user")
+}
+OptionParser.new do |opts|
+  opts.banner = <<BANNER
+Audit all Gemfiles of a user/organization on github for unpatched versions
+
+Usage:
+    bundle-organization-audit your-user-name
+
+Options:
+BANNER
+  opts.on("--token TOKEN", "Use token") { |token| options[:token] = token }
+  opts.on("--user USER", "Use user") { |user| options[:user] = user }
+  opts.on("--ignore REPO_URL", "Ignore given repo urls (use multiple times)") { |repo_url| options[:ignore] << repo_url }
+  opts.on("--ignore-gems", "Ignore repos that have a %{repo}.gemspec") { options[:ignore_gems] = true }
+  opts.on("--organization ORGANIZATION", "Use user") { |organization| options[:organization] = organization }
+  opts.on("-h", "--help", "Show this.") { puts opts; exit }
+  opts.on("-v", "--version", "Show Version"){ puts Bundler::OrganizationAudit::VERSION; exit}
+end.parse!
+
+exit Bundler::OrganizationAudit.run(options)

data/bundler-organization_audit.gemspec

@@ -0,0 +1,16 @@
+$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
+name = "bundler-organization_audit"
+require "#{name.gsub("-","/")}/version"
+
+Gem::Specification.new name, Bundler::OrganizationAudit::VERSION do |s|
+  s.summary = s.description = "Audit all Gemfiles of a user/organization on github for unpatched versions"
+  s.authors = ["Michael Grosser"]
+  s.email = "michael@grosser.it"
+  s.homepage = "http://github.com/grosser/#{name}"
+  s.files = `git ls-files`.split("\n")
+  s.license = "MIT"
+  s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem")
+  s.executables = ["bundle-organization-audit"]
+  s.cert_chain = ["gem-public_cert.pem"]
+  s.add_runtime_dependency "json"
+end

data/gem-public_cert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQUFADA/MRAwDgYDVQQDDAdtaWNo
+YWVsMRcwFQYKCZImiZPyLGQBGRYHZ3Jvc3NlcjESMBAGCgmSJomT8ixkARkWAml0
+MB4XDTEzMDIwMzE4MTMxMVoXDTE0MDIwMzE4MTMxMVowPzEQMA4GA1UEAwwHbWlj
+aGFlbDEXMBUGCgmSJomT8ixkARkWB2dyb3NzZXIxEjAQBgoJkiaJk/IsZAEZFgJp
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMorXo/hgbUq97+kII9H
+MsQcLdC/7wQ1ZP2OshVHPkeP0qH8MBHGg6eYisOX2ubNagF9YTCZWnhrdKrwpLOO
+cPLaZbjUjljJ3cQR3B8Yn1veV5IhG86QseTBjymzJWsLpqJ1UZGpfB9tXcsFtuxO
+6vHvcIHdzvc/OUkICttLbH+1qb6rsHUceqh+JrH4GrsJ5H4hAfIdyS2XMK7YRKbh
+h+IBu6dFWJJByzFsYmV1PDXln3UBmgAt65cmCu4qPfThioCGDzbSJrGDGLmw/pFX
+FPpVCm1zgYSb1v6Qnf3cgXa2f2wYGm17+zAVyIDpwryFru9yF/jJxE38z/DRsd9R
+/88CAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUsiNnXHtKeMYYcr4yJVmQ
+WONL+IwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQAlyN7kKo/NQCQ0
+AOzZLZ3WAePvStkCFIJ53tsv5Kyo4pMAllv+BgPzzBt7qi605mFSL6zBd9uLou+W
+Co3s48p1dy7CjjAfVQdmVNHF3MwXtfC2OEyvSQPi4xKR8iba8wa3xp9LVo1PuLpw
+/6DsrChWw74HfsJN6qJOK684hJeT8lBYAUfiC3wD0owoPSg+XtyAAddisR+KV5Y1
+NmVHuLtQcNTZy+gRht3ahJRMuC6QyLmkTsf+6MaenwAMkAgHdswGsJztOnNnBa3F
+y0kCSWmK6D+x/SbfS6r7Ke07MRqziJdB9GuE1+0cIRuFh8EQ+LN6HXCKM5pon/GU
+ycwMXfl0
+-----END CERTIFICATE-----

data/lib/bundler/organization_audit.rb

@@ -0,0 +1,68 @@
+require "bundler/organization_audit/version"
+require "tmpdir"
+require "bundler/organization_audit/repo"
+
+module Bundler
+  module OrganizationAudit
+    class << self
+      def run(options)
+        vulnerable = find_vulnerable(options).map(&:url)
+        vulnerable -= (options[:ignore] || [])
+        if vulnerable.size == 0
+          0
+        else
+          $stderr.puts "Vulnerable:"
+          puts vulnerable
+          1
+        end
+      end
+
+      private
+
+      def download_file(repo, file, options)
+        return unless content = repo.content(file, options)
+        File.open(file, "w") { |f| f.write content }
+      end
+
+      def find_vulnerable(options)
+        Repo.all(options).select do |repo|
+          audit_repo(repo, options)
+        end
+      end
+
+      def audit_repo(repo, options)
+        success = false
+        $stderr.puts repo.project
+        in_temp_dir do
+          if download_file(repo, "Gemfile.lock", options)
+            if options[:ignore_gems] && repo.gem?(options)
+              $stderr.puts "Ignored because it's a gem"
+            else
+              success = !sh("bundle-audit")
+            end
+          else
+            $stderr.puts "No Gemfile.lock found"
+          end
+        end
+        $stderr.puts ""
+        success
+      rescue Exception => e
+        $stderr.puts "Error auditing #{repo.project} (#{e})"
+      end
+
+      def in_temp_dir(&block)
+        Dir.mktmpdir { |dir| Dir.chdir(dir, &block) }
+      end
+
+      def sh(cmd)
+        $stderr.puts cmd
+        IO.popen(cmd) do |pipe|
+          while str = pipe.gets
+            $stderr.puts str
+          end
+        end
+        $?.success?
+      end
+    end
+  end
+end

data/lib/bundler/organization_audit/repo.rb

@@ -0,0 +1,101 @@
+require "open-uri"
+require "json"
+require "base64"
+
+module Bundler
+  module OrganizationAudit
+    class Repo
+      HOST = "https://api.github.com"
+
+      def initialize(data)
+        @data = data
+      end
+
+      def gem?(options={})
+        !!content("#{project}.gemspec", options)
+      end
+
+      def url
+        api_url.sub("api.", "").sub("/repos", "")
+      end
+      alias_method :to_s, :url
+
+      def project
+        api_url.split("/").last
+      end
+
+      def self.all(options)
+        user = if options[:organization]
+          "orgs/#{options[:organization]}"
+        elsif options[:user]
+          "users/#{options[:user]}"
+        else
+          "user"
+        end
+        url = File.join(HOST, user, "repos")
+
+        download_all_pages(url, headers(options[:token])).map { |data| Repo.new(data) }
+      end
+
+      def content(file, options={})
+        if private?
+          download_content_via_api(file, options)
+        else
+          download_content_via_raw(file)
+        end
+      rescue OpenURI::HTTPError => e
+        raise "Error downloading #{file} from #{url} (#{e})" unless e.message.start_with?("404")
+      end
+
+      def private?
+        @data["private"]
+      end
+
+      private
+
+      def self.download_all_pages(url, headers)
+        results = []
+        page = 1
+        loop do
+          result = JSON.parse(open("#{url}?page=#{page}", headers).read)
+          if result.size == 0
+            break
+          else
+            results.concat(result)
+            page += 1
+          end
+        end
+        results
+      end
+
+      def branch
+        @data["default_branch"] || @data["master_branch"] || "master"
+      end
+
+      def api_url
+        @data["url"]
+      end
+
+      def raw_url
+        url.sub("://", "://raw.")
+      end
+
+      # increases api rate limit
+      def download_content_via_api(file, options)
+        url = File.join(api_url, "contents", file, "?ref=#{branch}")
+        content = open(url, self.class.headers(options.fetch(:token))).read
+        content = JSON.load(content)["content"]
+        Base64.decode64(content)
+      end
+
+      # unlimited
+      def download_content_via_raw(file)
+        open(File.join(raw_url, branch, file)).read
+      end
+
+      def self.headers(token)
+        token ? {"Authorization" => "token #{token}"} : {}
+      end
+    end
+  end
+end

data/lib/bundler/organization_audit/version.rb

@@ -0,0 +1,5 @@
+module Bundler
+  module OrganizationAudit
+    VERSION = "0.1.0"
+  end
+end

data/spec/bundler/organization_audit/repo_spec.rb

@@ -0,0 +1,58 @@
+require "spec_helper"
+
+describe Bundler::OrganizationAudit::Repo do
+  let(:config){ YAML.load_file("spec/private.yml") }
+  let(:repo) do
+    Bundler::OrganizationAudit::Repo.new(
+      "url" => "https://api.github.com/repos/grosser/parallel"
+    )
+  end
+
+  describe ".all" do
+    it "returns the list of public repositories" do
+      # use a big account -> make sure pagination works
+      list = Bundler::OrganizationAudit::Repo.all(:user => "grosser")
+      list.map(&:url).should include("https://github.com/grosser/parallel")
+    end
+
+    if File.exist?("spec/private.yml")
+      it "returns the list of private repositories from a user" do
+        list = Bundler::OrganizationAudit::Repo.all(:token => config["token"])
+        list.map(&:url).should include("https://github.com/#{config["user"]}/#{config["expected_user"]}")
+      end
+
+      it "returns the list of private repositories from a organization" do
+        list = Bundler::OrganizationAudit::Repo.all(:token => config["token"], :organization => config["organization"])
+        list.map(&:url).should include("https://github.com/#{config["organization"]}/#{config["expected_organization"]}")
+      end
+    end
+  end
+
+  describe "#content" do
+    it "can download a public file" do
+      repo.content("Gemfile.lock").should include('rspec (2')
+    end
+
+    if File.exist?("spec/private.yml")
+      it "can download a private file" do
+        url = "https://api.github.com/repos/#{config["organization"]}/#{config["expected_organization"]}"
+        repo = Bundler::OrganizationAudit::Repo.new(
+          "url" => url, "private" => true
+        )
+        content = repo.content("Gemfile.lock", :token => config["token"], :user => config["user"])
+        content.should include('i18n (0.')
+      end
+    end
+  end
+
+  describe "#gem?" do
+    it "is a gem if it has a gemspec" do
+      repo.should be_gem
+    end
+
+    it "is not a gem if it has no gemspec" do
+      Bundler::OrganizationAudit::Repo.new("url" => "https://api.github.com/repos/grosser/dotfiles").should_not be_gem
+    end
+  end
+end
+

data/spec/bundler/organization_audit_spec.rb

@@ -0,0 +1,112 @@
+require "spec_helper"
+
+describe Bundler::OrganizationAudit do
+  it "has a VERSION" do
+    Bundler::OrganizationAudit::VERSION.should =~ /^[\.\da-z]+$/
+  end
+
+  describe Bundler::OrganizationAudit do
+    let(:repo) do
+      Bundler::OrganizationAudit::Repo.new(
+        "url" => "https://api.github.com/repos/grosser/parallel"
+      )
+    end
+
+    describe ".audit_repo" do
+      it "audits public repos" do
+        out = record_out do
+          Bundler::OrganizationAudit.send(:audit_repo, repo, {})
+        end
+        out.strip.should == "parallel\nbundle-audit\nNo unpatched versions found"
+      end
+
+      it "does not audit ignored repos" do
+        out = record_out do
+          Bundler::OrganizationAudit.send(:audit_repo, repo, :ignore_gems => true)
+        end
+        out.strip.should == "parallel\nIgnored because it's a gem"
+      end
+    end
+
+    describe ".run" do
+      before do
+        Bundler::OrganizationAudit.stub(:puts)
+      end
+
+      it "is successful when failed are empty" do
+        Bundler::OrganizationAudit.should_receive(:find_vulnerable).and_return([])
+        record_out do
+          Bundler::OrganizationAudit.run({}).should == 0
+        end
+      end
+
+      it "fails with failed" do
+        Bundler::OrganizationAudit.should_receive(:find_vulnerable).and_return([repo])
+        record_out do
+          Bundler::OrganizationAudit.run({}).should == 1
+        end
+      end
+    end
+  end
+
+  context "CLI" do
+    it "can audit a user" do
+      result = audit("--user anamartinez")
+      result.should include "I18N-tools\nNo Gemfile.lock found" # did not use audit when not necessary
+      result.should include "js-cldr-timezones\nbundle-audit\nNo unpatched versions found" # used audit where necessary
+    end
+
+    it "can audit a unpatched user" do
+      result = audit("--user user-with-unpatched-apps", :fail => true)
+      result.should include "unpatched\nbundle-audit\nName: json\nVersion: 1.5.3" # Individual vulnerabilities
+      result.should include "Vulnerable:\nhttps://github.com/user-with-unpatched-apps/unpatched" # Summary
+    end
+
+    it "only shows failed projects on stdout" do
+      result = audit("--user user-with-unpatched-apps 2>/dev/null", :fail => true, :keep_output => true)
+      result.should == "https://github.com/user-with-unpatched-apps/unpatched\n"
+    end
+
+    it "ignores projects in --ignore" do
+      result = audit("--user user-with-unpatched-apps --ignore https://github.com/user-with-unpatched-apps/unpatched 2>/dev/null", :keep_output => true)
+      result.should == ""
+    end
+
+    it "shows --version" do
+      audit("--version").should include(Bundler::OrganizationAudit::VERSION)
+    end
+
+    it "shows --help" do
+      audit("--help").should include("Audit all Gemfiles")
+    end
+
+    def audit(command, options={})
+      sh("bin/bundle-organization-audit #{command}", options)
+    end
+
+    def sh(command, options={})
+      result = `#{command} #{"2>&1" unless options[:keep_output]}`
+      raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
+      decolorize(result)
+    end
+  end
+
+  def decolorize(string)
+    string.gsub(/\e\[\d+m/, "")
+  end
+
+  def record_out
+    recorder = StringIO.new
+    $stdout, out = recorder, $stdout
+    $stderr, err = recorder, $stderr
+    yield
+    decolorize(recorder.string)
+  ensure
+    $stdout = out
+    $stderr = err
+  end
+
+  def in_temp_dir(&block)
+    Dir.mktmpdir { |dir| Dir.chdir(dir, &block) }
+  end
+end

data/spec/private.example.yml

@@ -0,0 +1,7 @@
+token: your-token-see-readme
+
+user: your-user
+expected_user: your-private-repo
+
+organization: org
+expected_organization: org-private-repo

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require "bundler/organization_audit"

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: bundler-organization_audit
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Michael Grosser
+autorequire: 
+bindir: bin
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNakNDQWhxZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREEvTVJBd0RnWURWUVFEREFkdGFX
+  Tm8KWVdWc01SY3dGUVlLQ1pJbWlaUHlMR1FCR1JZSFozSnZjM05sY2pFU01C
+  QUdDZ21TSm9tVDhpeGtBUmtXQW1sMApNQjRYRFRFek1ESXdNekU0TVRNeE1W
+  b1hEVEUwTURJd016RTRNVE14TVZvd1B6RVFNQTRHQTFVRUF3d0hiV2xqCmFH
+  RmxiREVYTUJVR0NnbVNKb21UOGl4a0FSa1dCMmR5YjNOelpYSXhFakFRQmdv
+  SmtpYUprL0lzWkFFWkZnSnAKZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFB
+  RGdnRVBBRENDQVFvQ2dnRUJBTW9yWG8vaGdiVXE5NytrSUk5SApNc1FjTGRD
+  Lzd3UTFaUDJPc2hWSFBrZVAwcUg4TUJIR2c2ZVlpc09YMnViTmFnRjlZVENa
+  V25ocmRLcndwTE9PCmNQTGFaYmpVamxqSjNjUVIzQjhZbjF2ZVY1SWhHODZR
+  c2VUQmp5bXpKV3NMcHFKMVVaR3BmQjl0WGNzRnR1eE8KNnZIdmNJSGR6dmMv
+  T1VrSUN0dExiSCsxcWI2cnNIVWNlcWgrSnJINEdyc0o1SDRoQWZJZHlTMlhN
+  SzdZUktiaApoK0lCdTZkRldKSkJ5ekZzWW1WMVBEWGxuM1VCbWdBdDY1Y21D
+  dTRxUGZUaGlvQ0dEemJTSnJHREdMbXcvcEZYCkZQcFZDbTF6Z1lTYjF2NlFu
+  ZjNjZ1hhMmYyd1lHbTE3K3pBVnlJRHB3cnlGcnU5eUYvakp4RTM4ei9EUnNk
+  OVIKLzg4Q0F3RUFBYU01TURjd0NRWURWUjBUQkFJd0FEQWRCZ05WSFE0RUZn
+  UVVzaU5uWEh0S2VNWVljcjR5SlZtUQpXT05MK0l3d0N3WURWUjBQQkFRREFn
+  U3dNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUFseU43a0tvL05RQ1EwCkFP
+  elpMWjNXQWVQdlN0a0NGSUo1M3RzdjVLeW80cE1BbGx2K0JnUHp6QnQ3cWk2
+  MDVtRlNMNnpCZDl1TG91K1cKQ28zczQ4cDFkeTdDampBZlZRZG1WTkhGM013
+  WHRmQzJPRXl2U1FQaTR4S1I4aWJhOHdhM3hwOUxWbzFQdUxwdwovNkRzckNo
+  V3c3NEhmc0pONnFKT0s2ODRoSmVUOGxCWUFVZmlDM3dEMG93b1BTZytYdHlB
+  QWRkaXNSK0tWNVkxCk5tVkh1THRRY05UWnkrZ1JodDNhaEpSTXVDNlF5TG1r
+  VHNmKzZNYWVud0FNa0FnSGRzd0dzSnp0T25ObkJhM0YKeTBrQ1NXbUs2RCt4
+  L1NiZlM2cjdLZTA3TVJxemlKZEI5R3VFMSswY0lSdUZoOEVRK0xONkhYQ0tN
+  NXBvbi9HVQp5Y3dNWGZsMAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+date: 2013-02-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Audit all Gemfiles of a user/organization on github for unpatched versions
+email: michael@grosser.it
+executables:
+- bundle-organization-audit
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- Rakefile
+- Readme.md
+- bin/bundle-organization-audit
+- bundler-organization_audit.gemspec
+- gem-public_cert.pem
+- lib/bundler/organization_audit.rb
+- lib/bundler/organization_audit/repo.rb
+- lib/bundler/organization_audit/version.rb
+- spec/bundler/organization_audit/repo_spec.rb
+- spec/bundler/organization_audit_spec.rb
+- spec/private.example.yml
+- spec/spec_helper.rb
+homepage: http://github.com/grosser/bundler-organization_audit
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 75415256473976345
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 75415256473976345
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Audit all Gemfiles of a user/organization on github for unpatched versions
+test_files: []