mirror of
				https://github.com/actions/cache.git
				synced 2025-10-26 21:25:11 +07:00 
			
		
		
		
	new package
This commit is contained in:
		
							
								
								
									
										41
									
								
								dist/save-only/index.js
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										41
									
								
								dist/save-only/index.js
									
									
									
									
										vendored
									
									
								
							| @ -9015,13 +9015,24 @@ exports.maskSecretUrls = exports.maskSigUrl = void 0; | ||||
| const core_1 = __nccwpck_require__(9728); | ||||
| /** | ||||
|  * Masks the `sig` parameter in a URL and sets it as a secret. | ||||
|  * @param url The URL containing the `sig` parameter. | ||||
|  * @returns A masked URL where the sig parameter value is replaced with '***' if found, | ||||
|  *          or the original URL if no sig parameter is present. | ||||
|  * | ||||
|  * @param url - The URL containing the signature parameter to mask | ||||
|  * @remarks | ||||
|  * This function attempts to parse the provided URL and identify the 'sig' query parameter. | ||||
|  * If found, it registers both the raw and URL-encoded signature values as secrets using | ||||
|  * the Actions `setSecret` API, which prevents them from being displayed in logs. | ||||
|  * | ||||
|  * The function handles errors gracefully if URL parsing fails, logging them as debug messages. | ||||
|  * | ||||
|  * @example | ||||
|  * ```typescript
 | ||||
|  * // Mask a signature in an Azure SAS token URL
 | ||||
|  * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01'); | ||||
|  * ``` | ||||
|  */ | ||||
| function maskSigUrl(url) { | ||||
|     if (!url) | ||||
|         return url; | ||||
|         return; | ||||
|     try { | ||||
|         const parsedUrl = new URL(url); | ||||
|         const signature = parsedUrl.searchParams.get('sig'); | ||||
| @ -9029,17 +9040,33 @@ function maskSigUrl(url) { | ||||
|             (0, core_1.setSecret)(signature); | ||||
|             (0, core_1.setSecret)(encodeURIComponent(signature)); | ||||
|             parsedUrl.searchParams.set('sig', '***'); | ||||
|             return parsedUrl.toString(); | ||||
|         } | ||||
|     } | ||||
|     catch (error) { | ||||
|         (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); | ||||
|     } | ||||
|     return url; | ||||
| } | ||||
| exports.maskSigUrl = maskSigUrl; | ||||
| /** | ||||
|  * Masks any URLs containing signature parameters in the provided object | ||||
|  * Masks sensitive information in URLs containing signature parameters. | ||||
|  * Currently supports masking 'sig' parameters in the 'signed_upload_url' | ||||
|  * and 'signed_download_url' properties of the provided object. | ||||
|  * | ||||
|  * @param body - The object should contain a signature | ||||
|  * @remarks | ||||
|  * This function extracts URLs from the object properties and calls maskSigUrl | ||||
|  * on each one to redact sensitive signature information. The function doesn't | ||||
|  * modify the original object; it only marks the signatures as secrets for | ||||
|  * logging purposes. | ||||
|  * | ||||
|  * @example | ||||
|  * ```typescript
 | ||||
|  * const responseBody = { | ||||
|  *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123', | ||||
|  *   signed_download_url: 'https://blob.core/windows.net/?sig=def456' | ||||
|  * }; | ||||
|  * maskSecretUrls(responseBody); | ||||
|  * ``` | ||||
|  */ | ||||
| function maskSecretUrls(body) { | ||||
|     if (typeof body !== 'object' || body === null) { | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Salman Chishti
					Salman Chishti