Escape log field 'data' value

src/rule_message.cc

@@ -31,7 +31,7 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
     msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
     msg.append(" [rev \"" + rm->m_rev + "\"]");
     msg.append(" [msg \"" + rm->m_message + "\"]");
-    msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]");
+    msg.append(" [data \"" + utils::string::log_escape_hex(utils::string::limitTo(200, rm->m_data)) + "\"]");
     msg.append(" [severity \"" +
         std::to_string(rm->m_severity) + "\"]");
     msg.append(" [ver \"" + rm->m_ver + "\"]");

src/utils/string.cc

@@ -267,6 +267,28 @@ void replaceAll(std::string *str, const std::string& from,
     }
 }
 
+std::string log_escape_hex(std::string s) {
+
+    std::string ret = "";
+    char tchar[2];
+
+    for (std::string::size_type i = 0; i < s.size(); i++) {
+        if (  (s[i] == '"')
+                ||(s[i] == '\\')
+                ||(s[i] <= 0x1f)
+                ||(s[i] >= 0x7f))
+        {
+            ret.append("\\x");
+            c2x(s[i], (unsigned char*)tchar);
+            ret.push_back(tchar[0]);
+            ret.push_back(tchar[1]);
+        }
+        else {
+            ret.push_back(s[i]);
+        }
+    }
+    return ret;
+}
 
 }  // namespace string
 }  // namespace utils

src/utils/string.h

@@ -72,6 +72,7 @@ void replaceAll(std::string *str, const std::string& from,
     const std::string& to);
 std::string removeWhiteSpacesIfNeeded(std::string a);
 std::string parserSanitizer(std::string a);
+std::string log_escape_hex(std::string s);
 
 unsigned char x2c(unsigned char *what);
 unsigned char xsingle2c(unsigned char *what);