/**
* Tests if the provided string is a valid extension value string
*
* <p>Essentially everything is valid except for nulls
*
* @param extensionValueStr the extension value to test
* @return if the extension value string is null or not
*/
public static Boolean isValidExtensionValue(final String extensionValueStr) {
if (extensionValueStr == null) {
StringUtils.LOG.warn("Tried to detect if a null string was a valid extension value string");
return false;
}
StringUtils.LOG.debug("The extension value \"{}\" is valid", extensionValueStr);
return true;
}
/**
* Tests if the provided string is a valid field string.
*
* <p>A field is not valid if it contains a vertical newline character
*
* @param fieldStr the field string to test
* @return if the field string contains a vertical newline character
*/
public static Boolean isValidField(final String fieldStr) {
final Boolean isValid;
if (fieldStr == null) {
StringUtils.LOG.warn("Tried to detect if a null string was a valid field string");
isValid = false;
} else if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) {
isValid = false;
} else {
isValid = true;
}
StringUtils.LOG.debug("The field \"{}\" is {}valid", fieldStr, isValid ? "" : "not ");
return isValid;
}
/**
* Tests if the provided string is a valid extension key string.
*
* <p>A field is not valid if it contains a whitespace character
*
* @param extensionKeyStr the extension key string to test
* @return if the extension key string contains a whitespace character
*/
public static Boolean isValidExtensionKey(final String extensionKeyStr) {
final Boolean isValid;
if (extensionKeyStr == null) {
StringUtils.LOG.warn("Tried to detect if a null string was a valid extension key string");
isValid = false;
} else if (StringUtils.INVALID_EXTENSION_KEY_PATTERN.matcher(extensionKeyStr).find()) {
isValid = false;
} else {
isValid = true;
}
StringUtils.LOG.debug(
"The extension key \"{}\" is {}valid", extensionKeyStr, isValid ? "" : "not ");
return isValid;
}
/**
* Every value in a CEF extension map must escape the = character and all newline characters (\r
* and \n) should be turned into their string equivalent.
*
* <p>Null strings return null for now.
*
* @param valueStr the text of the extension value that requires escaping
* @return the escaped version of the extension value string
*/
public static String escapeExtensionValue(final String valueStr) {
if (valueStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF extension value");
return null;
}
final Matcher matcher = StringUtils.ESCAPE_EXTENSION_VALUE_PATTERN.matcher(valueStr);
final StringBuffer escapedStrBuf = new StringBuffer(valueStr.length());
while (matcher.find()) {
final char letter = matcher.group(0).charAt(0);
String replacement;
switch (letter) {
case '\r':
replacement = "\\\\r";
break;
case '\n':
replacement = "\\\\n";
break;
case '\\':
replacement = "\\\\\\\\";
break;
default:
replacement = "\\\\" + letter;
}
matcher.appendReplacement(escapedStrBuf, replacement);
}
matcher.appendTail(escapedStrBuf);
final String escapedStr = escapedStrBuf.toString();
StringUtils.LOG.debug(
"The CEF extension value \"{}\" was escaped to \"{}\"", valueStr, escapedStr);
return escapedStr;
}
/**
* Every field in a CEF string (minus the extension) must escape the bar <code>("|")</code>
* character as well as the backslash <code>("\")</code>.
*
* <p>Additionally, the field string may not contain a vertical newline character and, if one is
* found, then an IllegalArgument exception is thrown!
*
* <p>Null strings return null for now.
*
* @param fieldStr the text of the field that requires escaping
* @return the escaped version of the field string
* @throws InvalidField if the string to be escaped is invalid according to the CEF spec
*/
public static String escapeField(final String fieldStr) throws InvalidField {
if (fieldStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF field");
return null;
}
if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) {
StringUtils.LOG.error("The field string contained an invalid character");
throw new InvalidField("The field string " + fieldStr + " contained an invalid character");
}
final String escapedStr =
StringUtils.ESCAPE_FIELD_PATTERN.matcher(fieldStr).replaceAll("\\\\$1");
StringUtils.LOG.debug("The CEF field \"{}\" was escaped to \"{}\"", fieldStr, escapedStr);
return escapedStr;
}
/**
* Every key in a CEF extension map must escape the ='s character
*
* <p>Null strings return null for now.
*
* @param keyStr the text of the extension value that requires escaping
* @return the escaped version of the extension value string
* @throws InvalidExtensionKey if the key is invalid
*/
public static String escapeExtensionKey(final String keyStr) throws InvalidExtensionKey {
if (keyStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF extension key");
return null;
}
if (StringUtils.INVALID_EXTENSION_KEY_PATTERN.matcher(keyStr).find()) {
StringUtils.LOG.error("The field string contained an invalid character");
throw new InvalidExtensionKey(
"The field string " + keyStr + " contained an invalid character");
}
final String escapedStr =
StringUtils.ESCAPE_EXTENSION_KEY_PATTERN.matcher(keyStr).replaceAll("\\\\=");
StringUtils.LOG.debug("The CEF extension key \"{}\" was escaped to \"{}\"", keyStr, escapedStr);
return escapedStr;
}
