logstash-filter-search-engine 2.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e9649351501dc1b39f656104814c11835050bb9e
+  data.tar.gz: c6144f7652f2281ca6d695fb8849bb765a7077c6
+SHA512:
+  metadata.gz: eba35c45ad5d07452a408a9c938d4659588a3479220f8b73425073ed27c2e1e0f95b0b5992ce4f350d80344eec127756dbfcba35f2e90e44bfa821b9b63ae4ee
+  data.tar.gz: bc3efad8fe59c16005f034665c49f6b2cfc8f008fd97b692d363967409ae5635273b015d52f55647444fdaf812c8e9b38defb29c8b4c28e679598c269fdc568a

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## 2.0.0
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 
+   instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
+ - Dependency on logstash-core update to 2.0
+

data/CONTRIBUTORS

@@ -0,0 +1,11 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+* Aaron Mildenstein (untergeek)
+* Pier-Hugues Pellerin (ph)
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/DEVELOPER.md

@@ -0,0 +1,2 @@
+# logstash-filter-example
+Example filter plugin. This should help bootstrap your effort to write your own filter plugin!

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,14 @@
+Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
+Copyright (c) 2018 Stormshield <https://www.stormshield.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/NOTICE.TXT

@@ -0,0 +1,5 @@
+Elasticsearch
+Copyright 2012-2015 Elasticsearch
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

data/README.md

@@ -0,0 +1,123 @@
+# Stormshield's search engine filter plugin
+
+This plugin aims to extract query from an HTTP request for main search engines (Google, Bing and Yahoo).
+
+## Usage
+
+The plugin can be used with the following config.
+
+```
+search_engine {
+   engines => ["Google", "Bing", "Yahoo"]
+   site_name_field => "dstname"
+   query_field => "arg"
+   output_field => "search_engine_query"
+}
+```
+
+| Field | Usage | Default |
+|----|----|----|
+| engines | Search engines to intercept. Only Google, Bing and Yahoo are available. | `["Google", "Bing", "Yahoo"]` |
+| site_name_field | Field of the log event from which to extract the URL (e.g. www.google.com) | `dstname` |
+| query_field | Field of the log event from which to extract the HTTP request (e.g. /search.q=Kibana) | `arg` |
+| output_field | Name of the field that will contains the extracted query (keywords separated by whitespace) | `search_engine_query` |
+
+
+# Logstash Plugin
+
+[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-example.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-example)
+
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-search-engine", :path => "/your/local/logstash-filter-search-engine"
+```
+- Install plugin
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {search_engine {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-search-engine.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/parsers/bing.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+require "logstash/filters/utils"
+
+class BingQueryParser
+
+  public
+  def initialize
+    @re_url = /(?:www\.)?bing\..*/
+    @re_query = /^\/search\?(?:[^&]*&)?q=(?<query>[^&#]*)/i
+  end
+
+  public
+  def match(siteName)
+    return @re_url.match(siteName)
+  end
+
+  def parse(query)
+    query = Utils.removeInvalidChars(query)
+    m = @re_query.match(query)
+    if m then
+      return m["query"].tr("+", " ").split.join(" ")
+    end
+  end
+
+end

data/lib/logstash/filters/parsers/google.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+require "logstash/filters/utils"
+
+class GoogleQueryParser
+
+  public
+  def initialize
+    @re_url = /(?:www\.)?google\..*/
+    @re_query = /^\/search\?(?:[^&]*&)?q=(?<query>[^&#]*)/i
+  end
+
+  public
+  def match(siteName)
+    return @re_url.match(siteName)
+  end
+
+  def parse(query)
+    query = Utils.removeInvalidChars(query)
+    m = @re_query.match(query)
+    if m then
+      return m["query"].tr("+", " ").split.join(" ")
+    end
+  end
+
+end

data/lib/logstash/filters/parsers/yahoo.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+require "logstash/filters/utils"
+
+class YahooQueryParser
+
+  public
+  def initialize
+    @re_url = /(?:[^\.]*\.)?search.yahoo\..*/
+    @re_query = /^\/search\?(?:[^&]*&)?p=(?<query>[^&#]*)/i
+  end
+
+  public
+  def match(siteName)
+    return @re_url.match(siteName)
+  end
+
+  def parse(query)
+    query = Utils.removeInvalidChars(query)
+    m = @re_query.match(query)
+    if m then
+      return m["query"].tr("+", " ").split.join(" ")
+    end
+  end
+
+end

data/lib/logstash/filters/search_engine.rb

@@ -0,0 +1,55 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/filters/parsers/bing"
+require "logstash/filters/parsers/google"
+require "logstash/filters/parsers/yahoo"
+require "logstash/filters/utils"
+require "logstash/namespace"
+require "uri"
+
+# Filter to extract search engine query from HTTP query
+class LogStash::Filters::SearchEngine < LogStash::Filters::Base
+
+  #
+  # filter {
+  #  search_engine {
+  #    engines => ["Google", "Bing", "Yahoo"]
+  #    site_name_field => "dstname"
+  #    query_field => "arg"
+  #    output_field => "search_engine_query"
+  #  }
+  # }
+  #
+  config_name "search_engine"
+
+  config :engines, :validate => :array, :default => ["Google", "Bing", "Yahoo"]
+  config :site_name_field, :validate => :string, :default => "dstname"
+  config :query_field, :validate => :string, :default => "arg"
+  config :output_field, :validate => :string, :default => "search_engine_query"
+
+  public
+  def register
+    @queryParsers = {
+       "Google" => GoogleQueryParser.new,
+       "Bing"   => BingQueryParser.new,
+       "Yahoo"  => YahooQueryParser.new
+    }
+  end
+
+  public
+  def filter(event)
+
+    @queryParsers.each do |name, parser|
+      if @engines.include?(name) && parser.match(event.get(@site_name_field))
+        valid_query_field = Utils.removeInvalidChars(event.get(@query_field))
+        if (valid_query_field)
+          event.set(@output_field, parser.parse(URI.decode(valid_query_field)))
+        else
+          @logger.warn? && @logger.warn("Search engine failed to parse query field")
+        end
+      end
+    end
+
+    filter_matched(event)
+  end
+end

data/lib/logstash/filters/utils.rb

@@ -0,0 +1,14 @@
+# encoding: utf-8
+
+# Utility class
+class Utils
+
+  # Sanitize a UTF 8 string : remove invalid characters
+  def self.removeInvalidChars(str)
+    if(str && !str.valid_encoding?)
+      return str.encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: "")
+    end
+    return str
+  end
+
+end

data/logstash-filter-search-engine.gemspec

@@ -0,0 +1,23 @@
+Gem::Specification.new do |s|
+  s.name = 'logstash-filter-search-engine'
+  s.version = '2.0.0'
+  s.licenses = ['Apache License (2.0)']
+  s.summary = "Extract search engine queries from HTTP queries"
+  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
+  s.authors = ["Elastic", "Stormshield"]
+  s.email = 'svc@stormshield.eu'
+  s.homepage = "https://www.stormshield.eu"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+   # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
+  s.add_development_dependency "logstash-devutils", "= 1.3.4"
+end

data/spec/filters/parsers/bing_spec.rb

@@ -0,0 +1,57 @@
+# encoding: utf-8
+require "logstash/filters/parsers/bing"
+
+describe BingQueryParser do
+  parser = BingQueryParser.new
+
+  describe "match site name" do
+    it "should match whatever the file extension" do
+      country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
+      country_extensions.each do |extension|
+        expect(parser.match("www.bing.#{extension}")).to be_truthy
+      end
+    end
+
+    it "should match without www" do
+      expect(parser.match("bing.com")).to be_truthy
+    end
+
+    it "should not match if not bing" do
+      expect(parser.match("ding.com")).to be_falsy
+    end
+  end
+
+  describe "extract query" do
+    it "should not return query when no query" do
+      expect(parser.parse("/search?hl=fr")).to be_nil
+    end
+
+    it "should not return query when other api" do
+        expect(parser.parse("/complete/search?q=kibana")).to be_nil
+    end
+
+    it "should return query when no other parameter" do
+      expect(parser.parse("/search?q=kibana")).to eq("kibana")
+    end
+
+    it "should return query when other parameters afterwards" do
+      expect(parser.parse("/search?q=kibana&hl=fr")).to eq("kibana")
+    end
+
+    it "should return query when other parameters before" do
+      expect(parser.parse("/search?hl=fr&q=kibana")).to eq("kibana")
+    end
+
+    it "should return query when anchor" do
+      expect(parser.parse("/search?hl=fr&q=kibana#q=toto")).to eq("kibana")
+    end
+
+    it "should return query without plus sign when multiple words" do
+      expect(parser.parse("/search?hl=fr&q=kibana+4#q=toto")).to eq("kibana 4")
+    end
+
+    it "should handle utf 8 invalid characters" do
+      expect(parser.parse("/search?hl&q=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
+    end
+  end
+end

data/spec/filters/parsers/google_spec.rb

@@ -0,0 +1,57 @@
+# encoding: utf-8
+require "logstash/filters/parsers/google"
+
+describe GoogleQueryParser do
+  parser = GoogleQueryParser.new
+
+  describe "match site name" do
+    it "should match whatever the file extension" do
+      country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
+      country_extensions.each do |extension|
+        expect(parser.match("www.google.#{extension}")).to be_truthy
+      end
+    end
+
+    it "should match without www" do
+      expect(parser.match("google.com")).to be_truthy
+    end
+
+    it "should not match if not google" do
+      expect(parser.match("booble.com")).to be_falsy
+    end
+  end
+
+  describe "extract query" do
+    it "should not return query when no query" do
+      expect(parser.parse("/search?hl=fr")).to be_nil
+    end
+
+    it "should not return query when other api" do
+        expect(parser.parse("/complete/search?q=kibana")).to be_nil
+    end
+
+    it "should return query when no other parameter" do
+      expect(parser.parse("/search?q=kibana")).to eq("kibana")
+    end
+
+    it "should return query when other parameters afterwards" do
+      expect(parser.parse("/search?q=kibana&hl=fr")).to eq("kibana")
+    end
+
+    it "should return query when other parameters before" do
+      expect(parser.parse("/search?hl=fr&q=kibana")).to eq("kibana")
+    end
+
+    it "should return query when anchor" do
+      expect(parser.parse("/search?hl=fr&q=kibana#q=toto")).to eq("kibana")
+    end
+
+    it "should return query without plus sign when multiple words" do
+      expect(parser.parse("/search?hl=fr&q=kibana+4#q=toto")).to eq("kibana 4")
+    end
+
+    it "should handle utf 8 invalid characters" do
+      expect(parser.parse("/search?hl&q=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
+    end
+  end
+end

data/spec/filters/parsers/yahoo_spec.rb

@@ -0,0 +1,57 @@
+# encoding: utf-8
+require "logstash/filters/parsers/yahoo"
+
+describe YahooQueryParser do
+  parser = YahooQueryParser.new
+
+  describe "match site name" do
+    it "should match whatever the file extension" do
+      country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
+      country_extensions.each do |extension|
+        expect(parser.match("#{extension}.search.yahoo.#{extension}")).to be_truthy
+      end
+    end
+
+    it "should match without country prefix" do
+      expect(parser.match("search.yahoo.com")).to be_truthy
+    end
+
+    it "should not match if not yahoo" do
+      expect(parser.match("search.yaboo.com")).to be_falsy
+    end
+  end
+
+  describe "extract query" do
+    it "should not return query when no query" do
+      expect(parser.parse("/search?hl=fr")).to be_nil
+    end
+
+    it "should not return query when other api" do
+        expect(parser.parse("/complete/search?p=kibana")).to be_nil
+    end
+
+    it "should return query when no other parameter" do
+      expect(parser.parse("/search?p=kibana")).to eq("kibana")
+    end
+
+    it "should return query when other parameters afterwards" do
+      expect(parser.parse("/search?p=kibana&hl=fr")).to eq("kibana")
+    end
+
+    it "should return query when other parameters before" do
+      expect(parser.parse("/search?hl=fr&p=kibana")).to eq("kibana")
+    end
+
+    it "should return query when anchor" do
+      expect(parser.parse("/search?hl=fr&p=kibana#p=toto")).to eq("kibana")
+    end
+
+    it "should return query without plus sign when multiple words" do
+      expect(parser.parse("/search?hl=fr&p=kibana+4#p=toto")).to eq("kibana 4")
+    end
+
+    it "should handle utf 8 invalid characters" do
+      expect(parser.parse("/search?p=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
+    end
+  end
+end

data/spec/filters/search_engine_spec.rb

@@ -0,0 +1,125 @@
+# encoding: utf-8
+require 'logstash/devutils/rspec/spec_helper'
+require "logstash/filters/search_engine"
+
+describe LogStash::Filters::SearchEngine do
+  describe "should do nothing if no engine specified" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => []
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
+      expect(subject.get("search_engine_query")).to be_nil
+    end
+  end
+
+  describe "should do nothing if unknown engine specified" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["FakeEngine"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
+      expect(subject.get("search_engine_query")).to be_nil
+    end
+  end
+
+  describe "should extract query from Google search" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Google"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
+      expect(subject.get("search_engine_query")).to eq('Kibana')
+    end
+  end
+
+  describe "should extract query from Bing search" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Bing"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "www.bing.fr", "arg" => "/search?q=Kibana") do
+      expect(subject.get("search_engine_query")).to eq('Kibana')
+    end
+  end
+
+  describe "should extract query from Yahoo search" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Yahoo"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "fr.search.yahoo.com", "arg" => "/search?p=Kibana") do
+      expect(subject.get("search_engine_query")).to eq('Kibana')
+    end
+  end
+
+  describe "should extract query with encoded parameters" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Google", "Bing", "Yahoo"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "fr.search.yahoo.com", "arg" => "/search%3Fp%3DKibana%26ie%3Dutf-8%26oe%3Dutf-8%26safe%3Dstrict") do
+      expect(subject.get("search_engine_query")).to eq('Kibana')
+    end
+  end
+
+  describe "should remove utf 8 invalid characters in URL" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Bing"]
+       }
+      }
+    CONFIG
+    end
+    sample("dstname" => "www.bing.com", "arg" => "/search?q=%FF+one%FF+test+%FF") do
+      expect(subject.get("search_engine_query")).to eq('one test')
+    end
+  end
+
+  describe "should do nothing if arg is not specified" do
+    let(:config) do <<-CONFIG
+      filter {
+       search_engine {
+         engines => ["Google"]
+       }
+      }
+    CONFIG
+    end
+
+    sample("dstname" => "www.google.fr") do
+      expect(subject.get("search_engine_query")).to be_nil
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-search-engine
+version: !ruby/object:Gem::Version
+  version: 2.0.0
+platform: ruby
+authors:
+- Elastic
+- Stormshield
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-12-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+email: svc@stormshield.eu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- DEVELOPER.md
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- README.md
+- lib/logstash/filters/parsers/bing.rb
+- lib/logstash/filters/parsers/google.rb
+- lib/logstash/filters/parsers/yahoo.rb
+- lib/logstash/filters/search_engine.rb
+- lib/logstash/filters/utils.rb
+- logstash-filter-search-engine.gemspec
+- spec/filters/parsers/bing_spec.rb
+- spec/filters/parsers/google_spec.rb
+- spec/filters/parsers/yahoo_spec.rb
+- spec/filters/search_engine_spec.rb
+- spec/spec_helper.rb
+homepage: https://www.stormshield.eu
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.8
+signing_key:
+specification_version: 4
+summary: Extract search engine queries from HTTP queries
+test_files:
+- spec/filters/parsers/bing_spec.rb
+- spec/filters/parsers/google_spec.rb
+- spec/filters/parsers/yahoo_spec.rb
+- spec/filters/search_engine_spec.rb
+- spec/spec_helper.rb