logstash-filter-forwarded 1.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9836c06be1410c903946dd50caa1db25579a8b9b
+  data.tar.gz: 8d1113c740982044469e4b3ca019d4ef5de091fc
+SHA512:
+  metadata.gz: b3564a029f707a9e3985572c9dadc97c3cbce86db446d6e552217119fad0262ae7993bd22f2f746d264f70cdb471d6538321cc665b366080bbd2ebce318dfdd4
+  data.tar.gz: 12f5ccc4062b569e666bf57f7dd8553c73eac3aaa6d4b7d9f705f0ab5506140433296b4a4fab3d9555c40c4c4aa5e5a1a1024a70cc6465e16247ac6cf318075f

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+### v1.0.4
+
+Remove port numbers from ip addresses
+
+
+### v1.0.1
+
+Improve error handling: filter for ips like "unknown" and "-"
+
+### v1.0.0
+
+Basic functionality

data/CONTRIBUTORS

@@ -0,0 +1 @@
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in logstash-mass_effect.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/NOTICE.TXT

@@ -0,0 +1,4 @@
+
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

data/README.md

@@ -0,0 +1,107 @@
+# Logstash Plugin
+
+[![Travis Build Status](https://travis-ci.org/IngaFeick/logstash-filter-forwarded.svg)](https://travis-ci.org/IngaFeick/logstash-filter-forwarded)
+
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+The forwarded plugin allows you to dissect a list of ip addresses from the x-forwarded-for header and to identify the client ip in that list, regardless of whether or not the header complies to the x-forwarded-for format. Unless specified otherwise, it will add a field "forwarded_client_ip" to your event, along with a "forwarded_proxy_list" containing all the other ips in the x-forwarded-for string.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Pull down GeoIP database files
+
+```sh
+bundle exec rake vendor
+```
+
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/forwarded.rb

@@ -0,0 +1,124 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "ipaddr" # needed for network range check
+require "ipaddress" # needed for validity check
+
+# The forwarded filter extracts the client ip from a list of ip adresses. The client ip might be at any position in the list, since not every x-forwarded-for header comes in the correct ordering.
+# It adds two new fields to the event:
+#  - forwarded_client_ip : string
+#  - forwarded_proxy_list : string[]
+
+class LogStash::Filters::Forwarded < LogStash::Filters::Base
+  config_name "forwarded"
+  
+  # The field containing the x-forwarded-for string
+  config :source, :validate => :string, :required => true
+
+  # list of ip patterns that private ips start with. 
+  config :private_ipv4_prefixes, :validate => :array, :required => false, :default => ["10.0.0.0/8", "192.168.0.0/16" ,"172.16.0.0/12"]
+
+  # Private IP Addresses have the following ranges:
+  # 10.0.0.0    - 10.255.255.255
+  # 172.16.0.0  - 172.31.255.255
+  # 192.168.0.0 - 192.168.255.255 
+
+  # The name of the new field containing client ip (optional)
+  config :target_client_ip, :validate => :string, :required => false, :default => "forwarded_client_ip"
+
+  # The name of the new field containing proxy list (optional)
+  config :target_proxy_list, :validate => :string, :required => false, :default => "forwarded_proxy_list"
+  
+  public
+  def register    
+    @private_ipv4_ranges = @private_ipv4_prefixes.collect do | adress |
+      begin
+        IPAddr.new(adress)
+      rescue ArgumentError => e
+        @logger.error("Register: invalid IP network, skipping", :adress => adress, :exception => e)
+        raise e
+       end
+    end
+    @private_ipv4_ranges.compact!
+  end # def register
+
+  public
+  def filter(event)
+    return unless filter?(event)
+
+    begin
+      forwarded = event.get(@source)
+
+      return unless forwarded and !forwarded.empty?
+
+      client_ip, proxies = analyse(forwarded)
+      
+      event.set(@target_client_ip, client_ip) if client_ip
+      event.set(@target_proxy_list, proxies) if proxies
+      filter_matched(event)     
+      
+    rescue Exception => e
+      @logger.debug("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
+      # raise e
+    end # begin
+  end # def filter
+
+  def analyse(ip)
+    return nil, nil if ip.nil?
+      # convert the x-forwarded-for string into an array of its comma separated value, if it isn't already.
+      ip_list = ip.is_a?(Array) ? ip : ip.downcase.split(",")  
+
+      # remove some well-known invalid values
+      ip_list = ip_list.map { |x| x.strip }.reject { |x| ["-", "unknown"].include? x}
+
+      # the IpAddr library cannot handle ips with port numbers
+      ip_list = ip_list.map { |x| remove_port_number(x) }
+
+      # get the first public ip in the list
+      client_ip = get_client_ip(ip_list)
+      
+      # remove the public / client ip from the list and use the remainder as the list of proxies involved.
+      proxies = ip_list.nil? ? [] : ip_list - [client_ip]
+      
+      return client_ip, proxies
+  end # def analyse
+
+  def get_client_ip(ip_array)
+      ip_array.each do | ip |
+        begin          
+          next if !IPAddress.valid? ip
+
+          ipo = IPAddr.new(ip)            
+          is_private = ipo.ipv6? ? is_private_ipv6(ip) : is_private_ipv4(ipo)         
+          return ip if !is_private
+        rescue => e
+          # not a valid ip, moving on.
+          # @logger.debug("get_client_ip() failed", :exception => e, :field => @source, :ip_array => ip_array)
+          next
+        end
+      end # each
+      nil
+  end # get_client_ip
+
+  def remove_port_number(ip)
+    tokens = ip.split(":")
+    if tokens.size <=2 then tokens[0] else ip end
+  end
+  
+  def is_private_ipv6(ip)
+    ip.start_with?("fd") || ip.start_with?("fc")
+  end # is_private_ipv6
+
+
+  def is_private_ipv4(ipo)
+    begin
+      @private_ipv4_ranges.each do | ip_range |
+        return true if ip_range.include?(ipo)
+      end # each
+      false
+    rescue => e
+      @logger.debug("Couldn't check if ip is private.", :input_data => ip, :exception => e)
+    end # begin
+  end # is_private
+
+end # class LogStash::Filters::Forwarded

data/logstash-filter-forwarded.gemspec

@@ -0,0 +1,25 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-filter-forwarded'
+  s.version         = '1.0.4'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "$summary"
+  s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
+  s.authors         = ["Inga Feick"]
+  s.email           = 'inga.feick@trivago.com'
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
+
+  # Gem dependencies
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'ipaddress'
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/filters/forwarded_spec.rb

@@ -0,0 +1,215 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/filters/forwarded"
+require "logstash/timestamp"
+
+describe LogStash::Filters::Forwarded do
+
+  let(:plugin) { LogStash::Filters::Forwarded.new("source" => "message") }
+  
+  before do
+    plugin.register
+    plugin.filter(event)
+  end
+  
+  # Private IP Addresses have the following ranges:
+  #10.0.0.0    - 10.255.255.255
+  #172.16.0.0  - 172.31.255.255
+  #192.168.0.0 - 192.168.255.255 
+
+
+  context "1) multiple client ips" do
+    let(:event) { LogStash::Event.new(:message => "123.45.67.89,61.160.232.222") }
+    it "should take the first client ip" do
+      expect(event.get("forwarded_client_ip")).to eq("123.45.67.89")
+      expect(event.get("forwarded_proxy_list")).to eq(["61.160.232.222"])
+
+    end # it
+  end # context
+
+  context "2) proper x-forwarded-for" do
+    let(:event) { LogStash::Event.new(:message => "84.30.67.207, 10.1.2.162") }
+    it "should take the first public ip" do
+      expect(event.get("forwarded_client_ip")).to eq("84.30.67.207")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.162"])
+    end # it
+  end # context
+
+  context "3) proper x-forwarded-for with multiple proxies" do
+    let(:event) { LogStash::Event.new(:message => "94.254.183.48, 10.1.2.161, 10.1.2.162") }
+    it "should take the first ip" do
+      expect(event.get("forwarded_client_ip")).to eq("94.254.183.48")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.161","10.1.2.162"])
+    end # it
+  end # context
+
+  context "4) proper x-forwarded-for with multiple proxies, no whitespace" do
+    let(:event) { LogStash::Event.new(:message => "51.174.213.194,10.1.2.100,10.1.2.83") }
+    it "should take the first client ip" do
+      expect(event.get("forwarded_client_ip")).to eq("51.174.213.194")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.100","10.1.2.83"])
+    end # it
+  end # context
+
+  context "5) single client ip" do
+    let(:event) { LogStash::Event.new(:message => "185.22.141.112") }
+    it "should set the client ip and leave the proxy list empty" do
+      expect(event.get("forwarded_client_ip")).to eq("185.22.141.112")
+      expect(event.get("forwarded_proxy_list")).to eq([])
+    end # it
+  end # context
+
+  context "6) single proxy ip" do
+    let(:event) { LogStash::Event.new(:message => "10.1.2.162") }
+    it "should set the proxy list and leave the client ip empty" do
+      expect(event.get("forwarded_client_ip")).to eq(nil)
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.162"])
+    end # it
+  end # context
+
+  context "7) multiple proxy ips" do
+    let(:event) { LogStash::Event.new(:message => "10.1.2.162, 10.1.3.255") }
+    it "should set the proxy list and leave the client ip empty" do
+      expect(event.get("forwarded_client_ip")).to eq(nil)
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.162","10.1.3.255"])
+    end # it
+  end # context
+
+  context "8) empty message" do
+    let(:event) { LogStash::Event.new(:message => "") }
+    it "should return empty or nil values" do
+      expect(event.get("forwarded_client_ip")).to eq(nil)
+      expect(event.get("forwarded_proxy_list")).to eq(nil)
+    end # it
+  end # context
+
+  context "9) multiple ips in wrong order" do
+    let(:event) { LogStash::Event.new(:message => "10.144.80.56, 82.132.186.219") }
+    it "should take the client ip from the right end of the list" do
+      expect(event.get("forwarded_client_ip")).to eq("82.132.186.219")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.144.80.56"])
+    end # it
+  end # context
+
+  context "10) edge case test for 192.x range" do
+    let(:event) { LogStash::Event.new(:message => "192.168.255.255, 192.169.0.13") }
+    it "should take the client ip from the right end of the list" do
+      expect(event.get("forwarded_client_ip")).to eq("192.169.0.13")
+      expect(event.get("forwarded_proxy_list")).to eq(["192.168.255.255"])
+    end # it
+
+  end # context
+
+  context "11) edge case test for 172.x range" do
+    let(:event) { LogStash::Event.new(:message => "172.10.0.0,172.16.0.0") }
+    it "should take the client ip from the right end of the list" do
+      expect(event.get("forwarded_client_ip")).to eq("172.10.0.0")
+      expect(event.get("forwarded_proxy_list")).to eq(["172.16.0.0"])
+    end # it
+
+  end # context
+
+  context "12) invalid ips in string" do
+    let(:event) { LogStash::Event.new(:message => "unknown, 207.248.75.2") }
+    it "should ignore the 'unknown' ip" do
+      expect(event.get("forwarded_client_ip")).to eq("207.248.75.2")
+      expect(event.get("forwarded_proxy_list")).to eq([])
+    end # it
+  end # context
+
+  context "13) invalid ips in string pt. 2" do
+    let(:event) { LogStash::Event.new(:message => "10.122.18.79, unknown, 200.152.43.203") }
+    it "should ignore the 'unknown' ip" do
+      expect(event.get("forwarded_client_ip")).to eq("200.152.43.203")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.122.18.79"])
+    end # it
+  end # context
+
+  context "14) ipv4 and v6 mixed ips" do
+    let(:event) { LogStash::Event.new(:message => "2405:204:828e:fa5a::e64:38a5, 64.233.173.148") }
+    it "should take the client ip from the right end of the list" do
+      expect(event.get("forwarded_client_ip")).to eq("2405:204:828e:fa5a::e64:38a5")
+      expect(event.get("forwarded_proxy_list")).to eq(["64.233.173.148"])
+    end # it
+  end # context
+
+  context "15) ipv6 private ip only" do
+    let(:event) { LogStash::Event.new(:message => "fd8e:3ea6:dd4b:e20b:xxxx:xxxx:xxxx:xxxx") }
+    it "should have an empty client ip" do
+      expect(event.get("forwarded_client_ip")).to eq(nil)
+      expect(event.get("forwarded_proxy_list")).to eq(["fd8e:3ea6:dd4b:e20b:xxxx:xxxx:xxxx:xxxx"])
+    end # it
+  end # context
+
+  context "16) ipv6" do
+    let(:event) { LogStash::Event.new(:message => "fc8e:3ea6:dd4b:e20b:xxxx:xxxx:xxxx:xxxx,2405:204:828e:fa5a::e64:38a5") }
+    it "should be able to handle ipv6 addresses" do
+      expect(event.get("forwarded_client_ip")).to eq("2405:204:828e:fa5a::e64:38a5")
+      expect(event.get("forwarded_proxy_list")).to eq(["fc8e:3ea6:dd4b:e20b:xxxx:xxxx:xxxx:xxxx"])
+    end # it
+  end # context
+
+  context "17) override existing fields in event" do
+    let(:event) { LogStash::Event.new(:message => "2405:204:828e:fa5a::e64:38a5, 127.0.0.2", :forwarded_client_ip => "127.0.0.1") }
+    it "should ignore the old value for the forwarded_client_ip" do
+      expect(event.get("forwarded_client_ip")).to eq("2405:204:828e:fa5a::e64:38a5")
+      expect(event.get("forwarded_proxy_list")).to eq(["127.0.0.2"])
+    end # it
+  end # context
+
+  context "18) input field doesn't exist" do
+    let(:event) { LogStash::Event.new() }
+    it "should not raise an exception" do
+      expect {plugin.filter(event)}.not_to raise_error
+    end # it
+  end # context
+
+  context "19) unresolved host names" do
+    let(:event) { LogStash::Event.new(:message => "192.168.4.61,wmt00091.kan,wmt00091.kan, 64.134.227.116") }
+    it "should drop the unresolved hosts" do
+      expect(event.get("forwarded_client_ip")).to eq("64.134.227.116")
+      expect(event.get("forwarded_proxy_list")).to eq(["192.168.4.61","wmt00091.kan","wmt00091.kan"])
+    end # it
+  end # context
+
+  context "20) ip field is an array" do
+    let(:event) { LogStash::Event.new(:message => ["51.174.213.194","10.1.2.100","10.1.2.83"]) }
+    it "should take the first client ip" do
+      expect(event.get("forwarded_client_ip")).to eq("51.174.213.194")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.100","10.1.2.83"])
+    end # it
+  end # context
+
+  context "21) ip array with port numbers" do
+    let(:event) { LogStash::Event.new(:message => ["51.174.213.198:8080","10.1.2.104","10.1.2.83:80"]) }
+    it "should remove the port numbers" do
+      expect(event.get("forwarded_client_ip")).to eq("51.174.213.198")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.104","10.1.2.83"])
+    end # it
+  end # context
+
+  context "22) multiple client ips with port numbers" do
+    let(:event) { LogStash::Event.new(:message => "123.45.67.99:8080,61.160.232.227:123") }
+    it "should remove the port numbers" do
+      expect(event.get("forwarded_client_ip")).to eq("123.45.67.99")
+      expect(event.get("forwarded_proxy_list")).to eq(["61.160.232.227"])
+    end # it
+  end # context
+
+  context "23) proper x-forwarded-for with port numbers" do
+    let(:event) { LogStash::Event.new(:message => "84.30.67.208:123, 10.1.2.163") }
+    it "should remove the port number" do
+      expect(event.get("forwarded_client_ip")).to eq("84.30.67.208")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.163"])
+    end # it
+  end # context
+
+  context "24) proper x-forwarded-for with port numbers" do
+    let(:event) { LogStash::Event.new(:message => "84.30.67.209, 10.1.2.164:8080") }
+    it "should remove the port number" do
+      expect(event.get("forwarded_client_ip")).to eq("84.30.67.209")
+      expect(event.get("forwarded_proxy_list")).to eq(["10.1.2.164"])
+    end # it
+  end # context
+
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-forwarded
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+platform: ruby
+authors:
+- Inga Feick
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2017-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - <=
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - <=
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: ipaddress
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+email: inga.feick@trivago.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- README.md
+- lib/logstash/filters/forwarded.rb
+- logstash-filter-forwarded.gemspec
+- spec/filters/forwarded_spec.rb
+homepage:
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5
+signing_key:
+specification_version: 4
+summary: $summary
+test_files:
+- spec/filters/forwarded_spec.rb