Gitea/cache
1
0
Fork 0
mirror of https://github.com/actions/cache.git synced 2025-11-04 07:38:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

updated cache with latest changes

Browse Source
This commit is contained in:
Salman Chishti 2025-03-12 03:22:00 -07:00
parent 0576707e37
commit edd449b9cf
4 changed files with 588 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
dist/restore-only/index.js vendored
View File

@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492); const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944); const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208); const cache_twirp_client_1 = __nccwpck_require__(1208);
const util_1 = __nccwpck_require__(2718);
/** /**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
* *
@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`); throw new Error(`Request failed`);
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_download_url' in body &&
typeof body.signed_download_url === 'string') {
this.maskSigUrl(body.signed_download_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
isSuccessStatusCode(statusCode) { isSuccessStatusCode(statusCode) {
if (!statusCode) if (!statusCode)
return false; return false;
@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }), /***/ }),
/***/ 2718:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728);
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_download_url' in obj &&
typeof obj.signed_download_url === 'string') {
maskSigUrl(obj.signed_download_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map
/***/ }),
/***/ 2043: /***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {

178
dist/restore/index.js vendored
View File

@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492); const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944); const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208); const cache_twirp_client_1 = __nccwpck_require__(1208);
const util_1 = __nccwpck_require__(2718);
/** /**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
* *
@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`); throw new Error(`Request failed`);
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_download_url' in body &&
typeof body.signed_download_url === 'string') {
this.maskSigUrl(body.signed_download_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
isSuccessStatusCode(statusCode) { isSuccessStatusCode(statusCode) {
if (!statusCode) if (!statusCode)
return false; return false;
@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }), /***/ }),
/***/ 2718:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728);
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_download_url' in obj &&
typeof obj.signed_download_url === 'string') {
maskSigUrl(obj.signed_download_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map
/***/ }),
/***/ 2043: /***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {

178
dist/save-only/index.js vendored
View File

@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492); const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944); const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208); const cache_twirp_client_1 = __nccwpck_require__(1208);
const util_1 = __nccwpck_require__(2718);
/** /**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
* *
@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`); throw new Error(`Request failed`);
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_download_url' in body &&
typeof body.signed_download_url === 'string') {
this.maskSigUrl(body.signed_download_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
isSuccessStatusCode(statusCode) { isSuccessStatusCode(statusCode) {
if (!statusCode) if (!statusCode)
return false; return false;
@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }), /***/ }),
/***/ 2718:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728);
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_download_url' in obj &&
typeof obj.signed_download_url === 'string') {
maskSigUrl(obj.signed_download_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map
/***/ }),
/***/ 2043: /***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {

178
dist/save/index.js vendored
View File

@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492); const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944); const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208); const cache_twirp_client_1 = __nccwpck_require__(1208);
const util_1 = __nccwpck_require__(2718);
/** /**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
* *
@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`); throw new Error(`Request failed`);
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_download_url' in body &&
typeof body.signed_download_url === 'string') {
this.maskSigUrl(body.signed_download_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
isSuccessStatusCode(statusCode) { isSuccessStatusCode(statusCode) {
if (!statusCode) if (!statusCode)
return false; return false;
@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }), /***/ }),
/***/ 2718:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728);
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_download_url' in obj &&
typeof obj.signed_download_url === 'string') {
maskSigUrl(obj.signed_download_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map
/***/ }),
/***/ 2043: /***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {