def transform()

in source/lambda/es_loader/siem/sf_rds_postgresql.py [0:0]

• 41 lines of code
• 10 McCabe index (conditional complexity)

def transform(logdata):
    logdata = utils.convert_underscore_field_into_dot_notation(
        'postgresql', logdata)
    identifier = utils.cluster_instance_identifier(logdata)
    logdata['rds']['cluster_identifier'] = identifier['cluster']
    logdata['rds']['instance_identifier'] = identifier['instance']

    if 'log_level' in logdata['postgresql']:
        if logdata['postgresql']['log_level'] in ('STATEMENT', ):
            logdata['rds']['query'] = logdata['postgresql']['message']
            return logdata
        elif logdata['postgresql']['log_level'] in ('FATAL', ):
            m_failed = RE_AUTH_FAILED.search(logdata['postgresql']['message'])
            if m_failed:
                logdata['event']['category'] = 'authentication'
                logdata['event']['type'] = 'start'
                logdata['event']['action'] = 'failed'
                logdata['event']['outcome'] = 'failure'
                return logdata
        elif logdata['postgresql']['log_level'] in ('LOG', ):
            m_success = RE_AUTH_SUCCESS.search(
                logdata['postgresql']['message'])
            if m_success:
                logdata['event']['category'] = 'authentication'
                logdata['event']['type'] = 'start'
                logdata['event']['action'] = 'authorized'
                logdata['event']['outcome'] = 'success'
                return logdata
            m_session = RE_SESSION_TIME.match(logdata['postgresql']['message'])
            if m_session:
                hours = int(m_session.group(1))
                minutes = int(m_session.group(2))
                seconds = float(m_session.group(3))
                m_session_time = seconds
                if hours > 0:
                    m_session_time += hours * 60 * 24
                if minutes > 0:
                    m_session_time += minutes * 60
                logdata['postgresql']['session_time_seconds'] = m_session_time
                return logdata
            logdata = extract_slow_log(logdata)

    return logdata