/**
* Tests if the provided string is a valid field string.
*
* <p>A field is not valid if it contains a vertical newline character
*
* @param fieldStr the field string to test
* @return if the field string contains a vertical newline character
*/
public static Boolean isValidField(final String fieldStr) {
final Boolean isValid;
if (fieldStr == null) {
StringUtils.LOG.warn("Tried to detect if a null string was a valid field string");
isValid = false;
} else if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) {
isValid = false;
} else {
isValid = true;
}
StringUtils.LOG.debug("The field \"{}\" is {}valid", fieldStr, isValid ? "" : "not ");
return isValid;
}
/**
* Every field in a CEF string (minus the extension) must escape the bar <code>("|")</code>
* character as well as the backslash <code>("\")</code>.
*
* <p>Additionally, the field string may not contain a vertical newline character and, if one is
* found, then an IllegalArgument exception is thrown!
*
* <p>Null strings return null for now.
*
* @param fieldStr the text of the field that requires escaping
* @return the escaped version of the field string
* @throws InvalidField if the string to be escaped is invalid according to the CEF spec
*/
public static String escapeField(final String fieldStr) throws InvalidField {
if (fieldStr == null) {
StringUtils.LOG.warn("Tried to escape a null CEF field");
return null;
}
if (StringUtils.INVALID_FIELD_PATTERN.matcher(fieldStr).find()) {
StringUtils.LOG.error("The field string contained an invalid character");
throw new InvalidField("The field string " + fieldStr + " contained an invalid character");
}
final String escapedStr =
StringUtils.ESCAPE_FIELD_PATTERN.matcher(fieldStr).replaceAll("\\\\$1");
StringUtils.LOG.debug("The CEF field \"{}\" was escaped to \"{}\"", fieldStr, escapedStr);
return escapedStr;
}
