Reliably escaping special characters for HSL messages
Hi,
I'm developing a rule to log HTTP details to Splunk in JSON format via an HSL setup. I'm having problems when it comes to dealing with special characters when I build a formatted output string in JSON, as the strings pulled out of HTTP::header operations frequently contain characters, principally double quote marks, which break the broader JSON format.
There is a conflict between wanting to create nicely, well formatted log objects out of unknown, user (attacker?) submitted data which can't be fully known, so there's a line where it becomes potentially irresponsible to try to process data too much before logging it, but ideally i'm looking for a way to easily escape special characters on demand in a string.
Quite what would define "Special" I don't know, but I'm hoping there are some useful pointers in how to approach this in iRule land. For one I'm thinking a few try / catch block may be essential.