-
Notifications
You must be signed in to change notification settings - Fork 4
/
leef.js
80 lines (71 loc) · 1.4 KB
/
leef.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
const FRX = /[a-zA-Z][a-zA-Z0-9]+=/;
const LEEF_FIELDS = [
{k:"leefVersion",v1:true,v2:true},
{k:"vendor",v1:true,v2:true},
{k:"product",v1:true,v2:true},
{k:"version",v1:true,v2:true},
{k:"eventID",v1:true,v2:true},
{k:"delimiter",v1:false,v2:true},
{k:"extension",v1:true,v2:true},
];
const LLEN = LEEF_FIELDS.length;
function splitHeaders(text) {
var arr = [], map = {};
var scape = false;
var fields = 7;
var curr = "";
text.split("").forEach(ch=>{
if(!fields) {
curr += ch;
}
else {
if(ch=="|") {
if(scape) {
scape = false;
curr += ch;
}
else {
arr.push(curr);
curr = "";
fields--;
}
}
else if(ch=="\\") {
curr += ch;
scape = !scape;
}
else {
scape = false;
curr += ch;
}
}
});
if(curr.length)
arr.push(curr);
const ver = arr[0]=='LEEF:1.0'? 'v1' : 'v2';
for(let i=0;i<LLEN;i++) {
let f = LEEF_FIELDS[i];
if(f[ver]) map[f.k] = arr.shift();
}
return map;
}
function splitFields(msg, delimiter) {
delimiter = delimiter || '\t';
let tokens = msg.split(delimiter);
let map = tokens.reduce((map,token)=>{
let keyval = token.split('=');
map[keyval[0]] = keyval[1];
return map;
},{});
return map;
}
module.exports = {
parse(text) {
var headers = splitHeaders(text);
var fields = splitFields(headers.extension || "", headers.delimiter);
return {
headers : headers,
fields : fields
}
}
}