/**
* Every field in a CEF string (minus the extension) must escape the bar <code>("|")</code>
* character as well as the backslash <code>("\")</code>.
*
* <p>Additionally, the field string may not contain a vertical newline character and, if one is
* found, then an IllegalArgument exception is thrown!
*
* <p>Null strings return null for now.
*
* @param fieldStr the text of the field that requires escaping
* @return the escaped version of the field string
* @throws InvalidField if the string to be escaped is invalid according to the CEF spec
*/
public static String escapeField(final String fieldStr) throws InvalidField {
if (fieldStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF field");
return null;
}
if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) {
StringUtils.LOG.error("The field string contained an invalid character");
throw new InvalidField("The field string " + fieldStr + " contained an invalid character");
}
final String escapedStr =
StringUtils.ESCAPE_FIELD_PATTERN.matcher(fieldStr).replaceAll("\\\\$1");
StringUtils.LOG.debug("The CEF field \"{}\" was escaped to \"{}\"", fieldStr, escapedStr);
return escapedStr;
}
/**
* Every key in a CEF extension map must escape the ='s character
*
* <p>Null strings return null for now.
*
* @param keyStr the text of the extension value that requires escaping
* @return the escaped version of the extension value string
* @throws InvalidExtensionKey if the key is invalid
*/
public static String escapeExtensionKey(final String keyStr) throws InvalidExtensionKey {
if (keyStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF extension key");
return null;
}
if (StringUtils.INVALID_EXTENSION_KEY_PATTERN.matcher(keyStr).find()) {
StringUtils.LOG.error("The field string contained an invalid character");
throw new InvalidExtensionKey(
"The field string " + keyStr + " contained an invalid character");
}
final String escapedStr =
StringUtils.ESCAPE_EXTENSION_KEY_PATTERN.matcher(keyStr).replaceAll("\\\\=");
StringUtils.LOG.debug("The CEF extension key \"{}\" was escaped to \"{}\"", keyStr, escapedStr);
return escapedStr;
}