neil/cache
1
0
Fork 0
mirror of https://github.com/actions/cache.git synced 2025-10-31 02:14:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

new package

Browse Source
This commit is contained in:
Salman Chishti 2025-03-13 04:55:45 -07:00
parent 45cfd0e7ff
commit 8c80c27c5e
4 changed files with 136 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
dist/restore-only/index.js vendored
View File

@ -9015,13 +9015,24 @@ exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728); const core_1 = __nccwpck_require__(9728);
/** /**
* Masks the `sig` parameter in a URL and sets it as a secret. * Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter. *
* @returns A masked URL where the sig parameter value is replaced with '***' if found, * @param url - The URL containing the signature parameter to mask
* or the original URL if no sig parameter is present. * @remarks
* This function attempts to parse the provided URL and identify the 'sig' query parameter.
* If found, it registers both the raw and URL-encoded signature values as secrets using
* the Actions `setSecret` API, which prevents them from being displayed in logs.
*
* The function handles errors gracefully if URL parsing fails, logging them as debug messages.
*
* @example
* ```typescript
* // Mask a signature in an Azure SAS token URL
* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
* ```
*/ */
function maskSigUrl(url) { function maskSigUrl(url) {
if (!url) if (!url)
return url; return;
try { try {
const parsedUrl = new URL(url); const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig'); const signature = parsedUrl.searchParams.get('sig');
@ -9029,17 +9040,33 @@ function maskSigUrl(url) {
(0, core_1.setSecret)(signature); (0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature)); (0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***'); parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
} }
} }
catch (error) { catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
} }
return url;
} }
exports.maskSigUrl = maskSigUrl; exports.maskSigUrl = maskSigUrl;
/** /**
* Masks any URLs containing signature parameters in the provided object * Masks sensitive information in URLs containing signature parameters.
* Currently supports masking 'sig' parameters in the 'signed_upload_url'
* and 'signed_download_url' properties of the provided object.
*
* @param body - The object should contain a signature
* @remarks
* This function extracts URLs from the object properties and calls maskSigUrl
* on each one to redact sensitive signature information. The function doesn't
* modify the original object; it only marks the signatures as secrets for
* logging purposes.
*
* @example
* ```typescript
* const responseBody = {
* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
* signed_download_url: 'https://blob.core/windows.net/?sig=def456'
* };
* maskSecretUrls(responseBody);
* ```
*/ */
function maskSecretUrls(body) { function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) { if (typeof body !== 'object' || body === null) {

41
dist/restore/index.js vendored
View File

@ -9015,13 +9015,24 @@ exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728); const core_1 = __nccwpck_require__(9728);
/** /**
* Masks the `sig` parameter in a URL and sets it as a secret. * Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter. *
* @returns A masked URL where the sig parameter value is replaced with '***' if found, * @param url - The URL containing the signature parameter to mask
* or the original URL if no sig parameter is present. * @remarks
* This function attempts to parse the provided URL and identify the 'sig' query parameter.
* If found, it registers both the raw and URL-encoded signature values as secrets using
* the Actions `setSecret` API, which prevents them from being displayed in logs.
*
* The function handles errors gracefully if URL parsing fails, logging them as debug messages.
*
* @example
* ```typescript
* // Mask a signature in an Azure SAS token URL
* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
* ```
*/ */
function maskSigUrl(url) { function maskSigUrl(url) {
if (!url) if (!url)
return url; return;
try { try {
const parsedUrl = new URL(url); const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig'); const signature = parsedUrl.searchParams.get('sig');
@ -9029,17 +9040,33 @@ function maskSigUrl(url) {
(0, core_1.setSecret)(signature); (0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature)); (0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***'); parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
} }
} }
catch (error) { catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
} }
return url;
} }
exports.maskSigUrl = maskSigUrl; exports.maskSigUrl = maskSigUrl;
/** /**
* Masks any URLs containing signature parameters in the provided object * Masks sensitive information in URLs containing signature parameters.
* Currently supports masking 'sig' parameters in the 'signed_upload_url'
* and 'signed_download_url' properties of the provided object.
*
* @param body - The object should contain a signature
* @remarks
* This function extracts URLs from the object properties and calls maskSigUrl
* on each one to redact sensitive signature information. The function doesn't
* modify the original object; it only marks the signatures as secrets for
* logging purposes.
*
* @example
* ```typescript
* const responseBody = {
* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
* signed_download_url: 'https://blob.core/windows.net/?sig=def456'
* };
* maskSecretUrls(responseBody);
* ```
*/ */
function maskSecretUrls(body) { function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) { if (typeof body !== 'object' || body === null) {

41
dist/save-only/index.js vendored
View File

@ -9015,13 +9015,24 @@ exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728); const core_1 = __nccwpck_require__(9728);
/** /**
* Masks the `sig` parameter in a URL and sets it as a secret. * Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter. *
* @returns A masked URL where the sig parameter value is replaced with '***' if found, * @param url - The URL containing the signature parameter to mask
* or the original URL if no sig parameter is present. * @remarks
* This function attempts to parse the provided URL and identify the 'sig' query parameter.
* If found, it registers both the raw and URL-encoded signature values as secrets using
* the Actions `setSecret` API, which prevents them from being displayed in logs.
*
* The function handles errors gracefully if URL parsing fails, logging them as debug messages.
*
* @example
* ```typescript
* // Mask a signature in an Azure SAS token URL
* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
* ```
*/ */
function maskSigUrl(url) { function maskSigUrl(url) {
if (!url) if (!url)
return url; return;
try { try {
const parsedUrl = new URL(url); const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig'); const signature = parsedUrl.searchParams.get('sig');
@ -9029,17 +9040,33 @@ function maskSigUrl(url) {
(0, core_1.setSecret)(signature); (0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature)); (0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***'); parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
} }
} }
catch (error) { catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
} }
return url;
} }
exports.maskSigUrl = maskSigUrl; exports.maskSigUrl = maskSigUrl;
/** /**
* Masks any URLs containing signature parameters in the provided object * Masks sensitive information in URLs containing signature parameters.
* Currently supports masking 'sig' parameters in the 'signed_upload_url'
* and 'signed_download_url' properties of the provided object.
*
* @param body - The object should contain a signature
* @remarks
* This function extracts URLs from the object properties and calls maskSigUrl
* on each one to redact sensitive signature information. The function doesn't
* modify the original object; it only marks the signatures as secrets for
* logging purposes.
*
* @example
* ```typescript
* const responseBody = {
* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
* signed_download_url: 'https://blob.core/windows.net/?sig=def456'
* };
* maskSecretUrls(responseBody);
* ```
*/ */
function maskSecretUrls(body) { function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) { if (typeof body !== 'object' || body === null) {

41
dist/save/index.js vendored
View File

@ -9015,13 +9015,24 @@ exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = __nccwpck_require__(9728); const core_1 = __nccwpck_require__(9728);
/** /**
* Masks the `sig` parameter in a URL and sets it as a secret. * Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter. *
* @returns A masked URL where the sig parameter value is replaced with '***' if found, * @param url - The URL containing the signature parameter to mask
* or the original URL if no sig parameter is present. * @remarks
* This function attempts to parse the provided URL and identify the 'sig' query parameter.
* If found, it registers both the raw and URL-encoded signature values as secrets using
* the Actions `setSecret` API, which prevents them from being displayed in logs.
*
* The function handles errors gracefully if URL parsing fails, logging them as debug messages.
*
* @example
* ```typescript
* // Mask a signature in an Azure SAS token URL
* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
* ```
*/ */
function maskSigUrl(url) { function maskSigUrl(url) {
if (!url) if (!url)
return url; return;
try { try {
const parsedUrl = new URL(url); const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig'); const signature = parsedUrl.searchParams.get('sig');
@ -9029,17 +9040,33 @@ function maskSigUrl(url) {
(0, core_1.setSecret)(signature); (0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature)); (0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***'); parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
} }
} }
catch (error) { catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
} }
return url;
} }
exports.maskSigUrl = maskSigUrl; exports.maskSigUrl = maskSigUrl;
/** /**
* Masks any URLs containing signature parameters in the provided object * Masks sensitive information in URLs containing signature parameters.
* Currently supports masking 'sig' parameters in the 'signed_upload_url'
* and 'signed_download_url' properties of the provided object.
*
* @param body - The object should contain a signature
* @remarks
* This function extracts URLs from the object properties and calls maskSigUrl
* on each one to redact sensitive signature information. The function doesn't
* modify the original object; it only marks the signatures as secrets for
* logging purposes.
*
* @example
* ```typescript
* const responseBody = {
* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
* signed_download_url: 'https://blob.core/windows.net/?sig=def456'
* };
* maskSecretUrls(responseBody);
* ```
*/ */
function maskSecretUrls(body) { function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) { if (typeof body !== 'object' || body === null) {