func()

in auparse/auparse.go [342:406]

• 53 lines of code
• 19 McCabe index (conditional complexity)

func (m *AuditMessage) enrichData(data fieldMap) error {
	data.normalizeUnsetID("auid")
	data.normalizeUnsetID("old-auid")
	data.normalizeUnsetID("ses")

	// Many message types can have subj field so check them all.
	data.parseSELinuxContext("subj")

	// Normalize success/res to result.
	data.result()

	// Convert exit codes to named POSIX exit codes.
	data.exit()

	// Normalize keys that are of the form key="key=user_command".
	m.auditRuleKeyNew(data)

	data.hexDecode("cwd")

	switch m.RecordType {
	case AUDIT_SECCOMP:
		if err := data.setSignalName(); err != nil {
			return err
		}
		fallthrough
	case AUDIT_SYSCALL:
		if err := data.arch(); err != nil {
			return err
		}
		if err := data.setSyscallName(); err != nil {
			return err
		}
		if err := data.hexDecode("exe"); err != nil {
			return err
		}
	case AUDIT_SOCKADDR:
		if err := data.saddr(); err != nil {
			return err
		}
	case AUDIT_PROCTITLE:
		if err := data.hexDecode("proctitle"); err != nil {
			return err
		}
	case AUDIT_USER_CMD:
		if err := data.hexDecode("cmd"); err != nil {
			return err
		}
	case AUDIT_TTY, AUDIT_USER_TTY:
		if err := data.hexDecode("data"); err != nil {
			return err
		}
	case AUDIT_EXECVE:
		if err := data.execveArgs(); err != nil {
			return err
		}
	case AUDIT_PATH:
		data.parseSELinuxContext("obj")
		data.hexDecode("name")
	case AUDIT_USER_LOGIN:
		// acct only exists in failed logins.
		data.hexDecode("acct")
	}

	return nil
}