danger-brakeman 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7ecf2ff594da3c63f871c3032121ecc643952fbc
+  data.tar.gz: 5d6fe8523469979709c27660171b124825fefb32
+SHA512:
+  metadata.gz: 10f1f27907799e5f8b830403f41d446ab4b3d0c2a4e6edc4e6ab73e85847bfb491d6ab3ffb9e12973193c602e4fef4352b9a2d3988af90b4a9a943810b70e02b
+  data.tar.gz: c724be7d60a1b4c0ad8649f02abcf7e46e59b05920f3bd7c3653b51bccca9082e27e6f6b5aeee16253b32688f554fe9007aa0d841860f643070bf160bbc16a30

data/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_PATH: "vendor/bundle"

data/.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+pkg
+.idea/
+.yardoc
+/vendor/bundle

data/.rubocop.yml

@@ -0,0 +1,152 @@
+# Defaults can be found here: https://github.com/bbatsov/rubocop/blob/master/config/default.yml
+
+# If you don't like these settings, just delete this file :)
+
+AllCops:
+  TargetRubyVersion: 2.0
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+  Enabled: true
+
+# kind_of? is a good way to check a type
+Style/ClassCheck:
+  EnforcedStyle: kind_of?
+
+# It's better to be more explicit about the type
+Style/BracesAroundHashParameters:
+  Enabled: false
+
+# specs sometimes have useless assignments, which is fine
+Lint/UselessAssignment:
+  Exclude:
+    - '**/spec/**/*'
+
+# We could potentially enable the 2 below:
+Layout/IndentHash:
+  Enabled: false
+
+Layout/AlignHash:
+  Enabled: false
+
+# HoundCI doesn't like this rule
+Layout/DotPosition:
+  Enabled: false
+
+# We allow !! as it's an easy way to convert ot boolean
+Style/DoubleNegation:
+  Enabled: false
+
+# Cop supports --auto-correct.
+Lint/UnusedBlockArgument:
+  Enabled: false
+
+# We want to allow class Fastlane::Class
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 60
+
+# The %w might be confusing for new users
+Style/WordArray:
+  MinSize: 19
+
+# raise and fail are both okay
+Style/SignalException:
+  Enabled: false
+
+# Better too much 'return' than one missing
+Style/RedundantReturn:
+  Enabled: false
+
+# Having if in the same line might not always be good
+Style/IfUnlessModifier:
+  Enabled: false
+
+# and and or is okay
+Style/AndOr:
+  Enabled: false
+
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 350
+
+Metrics/CyclomaticComplexity:
+  Max: 17
+
+# Configuration parameters: AllowURI, URISchemes.
+Metrics/LineLength:
+  Max: 370
+
+# Configuration parameters: CountKeywordArgs.
+Metrics/ParameterLists:
+  Max: 10
+
+Metrics/PerceivedComplexity:
+  Max: 18
+
+# Sometimes it's easier to read without guards
+Style/GuardClause:
+  Enabled: false
+
+# something = if something_else
+# that's confusing
+Style/ConditionalAssignment:
+  Enabled: false
+
+# Better to have too much self than missing a self
+Style/RedundantSelf:
+  Enabled: false
+
+Metrics/MethodLength:
+  Max: 60
+
+# We're not there yet
+Style/Documentation:
+  Enabled: false
+
+# Adds complexity
+Style/IfInsideElse:
+  Enabled: false
+
+# danger specific
+
+Style/BlockComments:
+  Enabled: false
+
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
+# FIXME: 25
+Metrics/BlockLength:
+  Max: 345
+  Exclude:
+    - "**/*_spec.rb"
+
+Style/MixinGrouping:
+  Enabled: false
+
+Style/FileName:
+  Enabled: false
+
+Layout/IndentHeredoc:
+  Enabled: false
+
+Style/SpecialGlobalVars:
+  Enabled: false
+
+PercentLiteralDelimiters:
+  PreferredDelimiters:
+    "%":  ()
+    "%i": ()
+    "%q": ()
+    "%Q": ()
+    "%r": "{}"
+    "%s": ()
+    "%w": ()
+    "%W": ()
+    "%x": ()
+
+Security/YAMLLoad:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+cache:
+  directories:
+    - bundle
+
+rvm:
+  - 2.0
+  - 2.1.3
+  - 2.3.1
+
+script:
+    - bundle exec rake spec

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in danger-brakeman.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,141 @@
+PATH
+  remote: .
+  specs:
+    danger-brakeman (0.0.1)
+      brakeman
+      danger-plugin-api (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ast (2.4.0)
+    brakeman (4.3.1)
+    claide (1.0.2)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    coderay (1.1.2)
+    colored2 (3.1.2)
+    cork (0.3.0)
+      colored2 (~> 3.1)
+    danger (6.0.2)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored2 (~> 3.1)
+      cork (~> 0.1)
+      faraday (~> 0.9)
+      faraday-http-cache (~> 1.0)
+      git (~> 1.5)
+      kramdown (~> 2.0)
+      kramdown-parser-gfm (~> 1.0)
+      no_proxy_fix
+      octokit (~> 4.7)
+      terminal-table (~> 1)
+    danger-plugin-api (1.0.0)
+      danger (> 2.0)
+    diff-lcs (1.3)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
+    faraday-http-cache (1.3.1)
+      faraday (~> 0.8)
+    ffi (1.10.0)
+    formatador (0.2.5)
+    git (1.5.0)
+    guard (2.15.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    jaro_winkler (1.5.2)
+    kramdown (2.1.0)
+    kramdown-parser-gfm (1.0.1)
+      kramdown (~> 2.0)
+    listen (3.0.7)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9.7)
+    lumberjack (1.0.13)
+    method_source (0.9.2)
+    multipart-post (2.0.0)
+    nap (1.1.0)
+    nenv (0.3.0)
+    no_proxy_fix (0.1.2)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    octokit (4.14.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    open4 (1.3.4)
+    parallel (1.17.0)
+    parser (2.6.2.0)
+      ast (~> 2.4.0)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    psych (3.1.0)
+    public_suffix (3.0.3)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.67.2)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      psych (>= 3.1.0)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.6)
+    ruby-progressbar (1.10.0)
+    sawyer (0.8.1)
+      addressable (>= 2.3.5, < 2.6)
+      faraday (~> 0.8, < 1.0)
+    shellany (0.0.1)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (0.20.3)
+    unicode-display_width (1.5.0)
+    yard (0.9.19)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  danger-brakeman!
+  guard (~> 2.14)
+  guard-rspec (~> 4.7)
+  listen (= 3.0.7)
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.4)
+  rubocop
+  yard
+
+BUNDLED WITH
+   2.0.1

data/Guardfile

@@ -0,0 +1,19 @@
+# A guardfile for making Danger Plugins
+# For more info see https://github.com/guard/guard#readme
+
+# To run, use `bundle exec guard`.
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2019 Yuichi Nakamura <fyuichi@gmail.com>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+# Danger Brakeman
+
+A Danger plugin for Brakeman.
+
+## Installation
+
+Add this line to your Gemfil.
+
+    gem 'danger-brakeman'
+
+## Usage
+
+Run Ruby files through Brakeman. Results are passed out as a inline comment.
+
+    brakeman.lint
+
+## License
+
+MIT

data/Rakefile

@@ -0,0 +1,23 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:specs)
+
+task default: :specs
+
+task :spec do
+  Rake::Task['specs'].invoke
+  Rake::Task['rubocop'].invoke
+  Rake::Task['spec_docs'].invoke
+end
+
+desc 'Run RuboCop on the lib/specs directory'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.patterns = ['lib/**/*.rb', 'spec/**/*.rb']
+end
+
+desc 'Ensure that the plugin passes `danger plugins lint`'
+task :spec_docs do
+  sh 'bundle exec danger plugins lint'
+end

data/danger-brakeman.gemspec

@@ -0,0 +1,50 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'brakeman/gem_version.rb'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'danger-brakeman'
+  spec.version       = Brakeman::VERSION
+  spec.authors       = ['Yuichi Nakamura']
+  spec.email         = ['fyuichi@gmail.com']
+  spec.description   = %q{A danger plugin for running Ruby files through Brakeman.}
+  spec.summary       = %q{A danger plugin for running Ruby files through Brakeman.}
+  spec.homepage      = 'https://github.com/nakamurau1/danger-brakeman'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency         'brakeman'
+  spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
+
+  # General ruby development
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake', '~> 10.0'
+
+  # Testing support
+  spec.add_development_dependency 'rspec', '~> 3.4'
+
+  # Linting code and docs
+  spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "yard"
+
+  # Makes testing easy via `bundle exec guard`
+  spec.add_development_dependency 'guard', '~> 2.14'
+  spec.add_development_dependency 'guard-rspec', '~> 4.7'
+
+  # If you want to work on older builds of ruby
+  spec.add_development_dependency 'listen', '3.0.7'
+
+  # This gives you the chance to run a REPL inside your tests
+  # via:
+  #
+  #    require 'pry'
+  #    binding.pry
+  #
+  # This will stop test execution and let you inspect the results
+  spec.add_development_dependency 'pry'
+end

data/lib/brakeman/gem_version.rb

@@ -0,0 +1,3 @@
+module Brakeman
+  VERSION = "0.0.1".freeze
+end

data/lib/brakeman/plugin.rb

@@ -0,0 +1,52 @@
+require 'shellwords'
+
+module Danger
+  # Run Ruby files through Brakeman.
+  # Results are passed out as a table in markdown.
+  #
+  # @example Lint changed files
+  #
+  #          brakeman.lint
+  #
+  class DangerBrakeman < Plugin
+    # Runs Ruby files through Brakeman. Generates a `markdown` list of warnings.
+    def lint(config = nil)
+      files_to_lint = _fetch_files_to_lint
+      brakeman_result = _brakeman(files_to_lint)
+
+      return if brakeman_result.nil?
+
+      _add_warning_for_each_line(brakeman_result)
+    end
+
+    private
+
+    def _brakeman(files_to_lint)
+      base_command = 'brakeman -q -f json --only-files'
+
+      brakeman_output = `#{'bundle exec ' if File.exist?('Gemfile')}#{base_command} #{files_to_lint}`
+
+      return [] if brakeman_output.empty?
+
+      JSON.parse(brakeman_output)['warnings']
+    end
+
+    def _add_warning_for_each_line(brakeman_result)
+      brakeman_result.each do |warning|
+        arguments = [
+          "[brakeman] #{warning['message']}",
+          {
+            file: warning['file'],
+            line: warning['line']
+          }
+        ]
+        warn(*arguments)
+      end
+    end
+
+    def _fetch_files_to_lint
+      to_lint = git.modified_files + git.added_files
+      Shellwords.join(to_lint).gsub(" ", ",")
+    end
+  end
+end

data/lib/danger_brakeman.rb

@@ -0,0 +1,2 @@
+require 'brakeman/gem_version'
+

data/lib/danger_plugin.rb

@@ -0,0 +1 @@
+require "brakeman/plugin"

data/spec/brakeman_spec.rb

@@ -0,0 +1,78 @@
+require File.expand_path("../spec_helper", __FILE__)
+
+module Danger
+  describe Danger::DangerBrakeman do
+    it "should be a plugin" do
+      expect(Danger::DangerBrakeman.new(nil)).to be_a Danger::Plugin
+    end
+
+    describe "with Dangerfile" do
+      before do
+        @brakeman = testing_dangerfile.brakeman
+      end
+
+      describe :lint_files do
+        let(:response_lint) do
+          {
+            'warnings': [
+              {
+                'warning_type': "Remote Code Execution",
+                'warning_code': 24,
+                'fingerprint': "xxxx",
+                'check_name': "UnsafeReflection",
+                'message': "Unsafe reflection method `constantize` called with parameter value",
+                'file': "app/controllers/vuls_controller.rb",
+                'line': 45,
+                'link': "https://brakemanscanner.org/docs/warning_types/remote_code_execution/",
+                'code': "xxxx",
+                'render_path': nil,
+                'location': {
+                  'type': "method",
+                  'class': "VulsController",
+                  'method': "create"
+                },
+                'user_input': "params[:to]",
+                'confidence': "Medium"
+              },
+              {
+                'warning_type': "Cross-Site Request Forgery",
+                'warning_code': 7,
+                'fingerprint': "yyyy",
+                'check_name': "ForgerySetting",
+                'message': "`protect_from_forgery` should be called in `VulsController`",
+                'file': "app/vuls_controller.rb",
+                'line': 1,
+                'link': "https://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
+                'code': nil,
+                'render_path': nil,
+                'location': {
+                  'type': "controller",
+                  'controller': "VulsController"
+                },
+                'user_input': nil,
+                'confidence': "High"
+              }
+            ]
+          }.to_json
+        end
+
+        it 'handles a brakeman report for files changed in the PR' do
+          allow(@brakeman.git).to receive(:added_files).and_return([])
+          allow(@brakeman.git).to receive(:modified_files)
+                                   .and_return(["spec/fixtures/check_target_file.rb"])
+
+          allow(@brakeman).to receive(:`)
+                               .with('bundle exec brakeman -q -f json --only-files spec/fixtures/check_target_file.rb')
+                               .and_return(response_lint)
+
+          @brakeman.lint
+
+          outputs = @brakeman.violation_report[:warnings].map(&:to_s)
+
+          expect(outputs.first).to include('Violation [brakeman] Unsafe reflection method `constantize` called with parameter value { sticky: false, file: app/controllers/vuls_controller.rb, line: 45 }')
+          expect(outputs.last).to  include('Violation [brakeman] `protect_from_forgery` should be called in `VulsController` { sticky: false, file: app/vuls_controller.rb, line: 1 }')
+        end
+      end
+    end
+  end
+end

data/spec/fixtures/check_target_file.rb

@@ -0,0 +1,2 @@
+class Vuls
+end

data/spec/spec_helper.rb

@@ -0,0 +1,65 @@
+require "pathname"
+ROOT = Pathname.new(File.expand_path("../../", __FILE__))
+$:.unshift((ROOT + "lib").to_s)
+$:.unshift((ROOT + "spec").to_s)
+
+require "bundler/setup"
+require "pry"
+
+require "rspec"
+require "danger"
+
+if `git remote -v` == ''
+  puts "You cannot run tests without setting a local git remote on this repo"
+  puts "It's a weird side-effect of Danger's internals."
+  exit(0)
+end
+
+# Use coloured output, it's the best.
+RSpec.configure do |config|
+  config.filter_gems_from_backtrace "bundler"
+  config.color = true
+  config.tty = true
+end
+
+require "danger_plugin"
+
+# These functions are a subset of https://github.com/danger/danger/blob/master/spec/spec_helper.rb
+# If you are expanding these files, see if it's already been done ^.
+
+# A silent version of the user interface,
+# it comes with an extra function `.string` which will
+# strip all ANSI colours from the string.
+
+# rubocop:disable Lint/NestedMethodDefinition
+def testing_ui
+  @output = StringIO.new
+  def @output.winsize
+    [20, 9999]
+  end
+
+  cork = Cork::Board.new(out: @output)
+  def cork.string
+    out.string.gsub(/\e\[([;\d]+)?m/, "")
+  end
+  cork
+end
+# rubocop:enable Lint/NestedMethodDefinition
+
+# Example environment (ENV) that would come from
+# running a PR on TravisCI
+def testing_env
+  {
+    "HAS_JOSH_K_SEAL_OF_APPROVAL" => "true",
+    "TRAVIS_PULL_REQUEST" => "800",
+    "TRAVIS_REPO_SLUG" => "artsy/eigen",
+    "TRAVIS_COMMIT_RANGE" => "759adcbd0d8f...13c4dc8bb61d",
+    "DANGER_GITHUB_API_TOKEN" => "123sbdq54erfsd3422gdfio"
+  }
+end
+
+# A stubbed out Dangerfile for use in tests
+def testing_dangerfile
+  env = Danger::EnvironmentManager.new(testing_env)
+  Danger::Dangerfile.new(env, testing_ui)
+end

metadata

@@ -0,0 +1,220 @@
+--- !ruby/object:Gem::Specification
+name: danger-brakeman
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Yuichi Nakamura
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-06-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: danger-plugin-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+- !ruby/object:Gem::Dependency
+  name: listen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.7
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A danger plugin for running Ruby files through Brakeman.
+email:
+- fyuichi@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".bundle/config"
+- ".git_commit_template"
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- danger-brakeman.gemspec
+- lib/brakeman/gem_version.rb
+- lib/brakeman/plugin.rb
+- lib/danger_brakeman.rb
+- lib/danger_plugin.rb
+- spec/brakeman_spec.rb
+- spec/fixtures/check_target_file.rb
+- spec/spec_helper.rb
+homepage: https://github.com/nakamurau1/danger-brakeman
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14.1
+signing_key: 
+specification_version: 4
+summary: A danger plugin for running Ruby files through Brakeman.
+test_files:
+- spec/brakeman_spec.rb
+- spec/fixtures/check_target_file.rb
+- spec/spec_helper.rb