func normalizeAuditMessage()

in auparse/auparse.go [286:311]

• 21 lines of code
• 6 McCabe index (conditional complexity)

func normalizeAuditMessage(typ AuditMessageType, msg string) (string, error) {
	switch typ {
	case AUDIT_AVC:
		i := selinuxAVCMessageRegex.FindStringSubmatchIndex(msg)
		if i == nil {
			// It's a different type of AVC (e.g. AppArmor) and doesn't require
			// normalization to make it parsable.
			return msg, nil
		}

		// This selinux AVC regex match should return three pairs.
		if len(i) != 3*2 {
			return "", errParseFailure
		}
		perms := strings.Fields(msg[i[4]:i[5]])
		msg = fmt.Sprintf("seresult=%v seperms=%v %v", msg[i[2]:i[3]], strings.Join(perms, ","), msg[i[1]:])
	case AUDIT_LOGIN:
		msg = strings.Replace(msg, "old ", "old_", 2)
		msg = strings.Replace(msg, "new ", "new_", 2)
	case AUDIT_CRED_DISP, AUDIT_USER_START, AUDIT_USER_END:
		msg = strings.Replace(msg, " (hostname=", " hostname=", 2)
		msg = strings.TrimRight(msg, ")'")
	}

	return msg, nil
}