/** * Tests if the provided string is a valid field string. * * <p>A field is not valid if it contains a vertical newline character * * @param fieldStr the field string to test * @return if the field string contains a vertical newline character */ public static Boolean isValidField(final String fieldStr) { final Boolean isValid; if (fieldStr == null) { StringUtils.LOG.warn("Tried to detect if a null string was a valid field string"); isValid = false; } else if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) { isValid = false; } else { isValid = true; } StringUtils.LOG.debug("The field \"{}\" is {}valid", fieldStr, isValid ? "" : "not "); return isValid; }
/** * Every field in a CEF string (minus the extension) must escape the bar <code>("|")</code> * character as well as the backslash <code>("\")</code>. * * <p>Additionally, the field string may not contain a vertical newline character and, if one is * found, then an IllegalArgument exception is thrown! * * <p>Null strings return null for now. * * @param fieldStr the text of the field that requires escaping * @return the escaped version of the field string * @throws InvalidField if the string to be escaped is invalid according to the CEF spec */ public static String escapeField(final String fieldStr) throws InvalidField { if (fieldStr == null) { StringUtils.LOG.warn("Tried to escape a null CEF field"); return null; } if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) { StringUtils.LOG.error("The field string contained an invalid character"); throw new InvalidField("The field string " + fieldStr + " contained an invalid character"); } final String escapedStr = StringUtils.ESCAPE_FIELD_PATTERN.matcher(fieldStr).replaceAll("\\\\$1"); StringUtils.LOG.debug("The CEF field \"{}\" was escaped to \"{}\"", fieldStr, escapedStr); return escapedStr; }