Actions/upload-artifact
1
Fork 0
mirror of https://github.com/actions/upload-artifact.git synced 2025-10-31 23:43:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Salman Chishti 2025-03-13 04:29:34 -07:00
parent 139bd3da44
commit e87b6b880a
2 changed files with 30 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
dist/merge/index.js vendored
View File

@ -5568,7 +5568,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.internalArtifactTwirpClient = exports.ArtifactHttpClient = void 0;
exports.internalArtifactTwirpClient = void 0;
const http_client_1 = __nccwpck_require__(52179);
const auth_1 = __nccwpck_require__(91669);
const core_1 = __nccwpck_require__(57818);
@ -5705,7 +5705,6 @@ class ArtifactHttpClient {
return Math.trunc(Math.random() * (maxTime - minTime) + minTime);
}
}
exports.ArtifactHttpClient = ArtifactHttpClient;
function internalArtifactTwirpClient(options) {
const client = new ArtifactHttpClient((0, user_agent_1.getUserAgentString)(), options === null || options === void 0 ? void 0 : options.maxAttempts, options === null || options === void 0 ? void 0 : options.retryIntervalMs, options === null || options === void 0 ? void 0 : options.retryMultiplier);
return new generated_1.ArtifactServiceClientJSON(client);
@ -6010,126 +6009,36 @@ function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig');
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_url' in obj && typeof obj.signed_url === 'string') {
maskSigUrl(obj.signed_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
maskSigUrl(body.signed_upload_url);
}
if ('signed_url' in body && typeof body.signed_url === 'string') {
maskSigUrl(body.signed_url);
}
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map

121
dist/upload/index.js vendored
View File

@ -5568,7 +5568,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.internalArtifactTwirpClient = exports.ArtifactHttpClient = void 0;
exports.internalArtifactTwirpClient = void 0;
const http_client_1 = __nccwpck_require__(52179);
const auth_1 = __nccwpck_require__(91669);
const core_1 = __nccwpck_require__(57818);
@ -5705,7 +5705,6 @@ class ArtifactHttpClient {
return Math.trunc(Math.random() * (maxTime - minTime) + minTime);
}
}
exports.ArtifactHttpClient = ArtifactHttpClient;
function internalArtifactTwirpClient(options) {
const client = new ArtifactHttpClient((0, user_agent_1.getUserAgentString)(), options === null || options === void 0 ? void 0 : options.maxAttempts, options === null || options === void 0 ? void 0 : options.retryIntervalMs, options === null || options === void 0 ? void 0 : options.retryMultiplier);
return new generated_1.ArtifactServiceClientJSON(client);
@ -6010,126 +6009,36 @@ function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
const parsedUrl = new URL(url);
const signature = parsedUrl.searchParams.get('sig');
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set('sig', '***');
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_url' in obj && typeof obj.signed_url === 'string') {
maskSigUrl(obj.signed_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
maskSigUrl(body.signed_upload_url);
}
if ('signed_url' in body && typeof body.signed_url === 'string') {
maskSigUrl(body.signed_url);
}
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map