From edd449b9cf39c2a20dc7c3d505ff6dc193c48a02 Mon Sep 17 00:00:00 2001
From: Salman Chishti <salmanmkc@GitHub.com>
Date: Wed, 12 Mar 2025 03:22:00 -0700
Subject: [PATCH] updated cache with latest changes
---
dist/restore-only/index.js | 178 ++++++++++++++++++++++++++++++-------
dist/restore/index.js | 178 ++++++++++++++++++++++++++++++-------
dist/save-only/index.js | 178 ++++++++++++++++++++++++++++++-------
dist/save/index.js | 178 ++++++++++++++++++++++++++++++-------
4 files changed, 588 insertions(+), 124 deletions(-)
diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js
index 1047b61..f7d9223 100644
--- a/dist/restore-only/index.js
+++ b/dist/restore-only/index.js
@@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208);
+const util_1 = __nccwpck_require__(2718);
/**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
*
@@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody);
- this.maskSecretUrls(body);
+ (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) {
return { response, body };
@@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`);
});
}
- /**
- * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
- * or the original URL if no sig parameter is present.
- */
- maskSigUrl(url) {
- const sigIndex = url.indexOf('sig=');
- if (sigIndex !== -1) {
- const sigValue = url.substring(sigIndex + 4);
- (0, core_1.setSecret)(sigValue);
- return `${url.substring(0, sigIndex + 4)}***`;
- }
- return url;
- }
- maskSecretUrls(body) {
- if (typeof body === 'object' && body !== null) {
- if ('signed_upload_url' in body &&
- typeof body.signed_upload_url === 'string') {
- this.maskSigUrl(body.signed_upload_url);
- }
- if ('signed_download_url' in body &&
- typeof body.signed_download_url === 'string') {
- this.maskSigUrl(body.signed_download_url);
- }
- }
- else {
- (0, core_1.debug)('body is not an object or is null');
- }
- }
isSuccessStatusCode(statusCode) {
if (!statusCode)
return false;
@@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }),
+/***/ 2718:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(9728);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ * @param url The URL containing the `sig` parameter.
+ * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * or the original URL if no sig parameter is present.
+ */
+function maskSigUrl(url) {
+ if (!url)
+ return url;
+ try {
+ const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
+ let match;
+ while ((match = rawSigRegex.exec(url)) !== null) {
+ const rawSignature = match[2];
+ if (rawSignature) {
+ (0, core_1.setSecret)(rawSignature);
+ }
+ }
+ let parsedUrl;
+ try {
+ parsedUrl = new URL(url);
+ }
+ catch (_a) {
+ try {
+ parsedUrl = new URL(url, 'https://example.com');
+ }
+ catch (error) {
+ (0, core_1.debug)(`Failed to parse URL: ${url}`);
+ return maskSigWithRegex(url);
+ }
+ }
+ let masked = false;
+ const paramNames = Array.from(parsedUrl.searchParams.keys());
+ for (const paramName of paramNames) {
+ if (paramName.toLowerCase() === 'sig') {
+ const signature = parsedUrl.searchParams.get(paramName);
+ if (signature) {
+ (0, core_1.setSecret)(signature);
+ (0, core_1.setSecret)(encodeURIComponent(signature));
+ parsedUrl.searchParams.set(paramName, '***');
+ masked = true;
+ }
+ }
+ }
+ if (masked) {
+ return parsedUrl.toString();
+ }
+ if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
+ return maskSigWithRegex(url);
+ }
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
+ return maskSigWithRegex(url);
+ }
+ return url;
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Fallback method to mask signatures using regex when URL parsing fails
+ */
+function maskSigWithRegex(url) {
+ try {
+ const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
+ return url.replace(regex, (fullMatch, prefix, paramName, value) => {
+ if (value) {
+ (0, core_1.setSecret)(value);
+ try {
+ (0, core_1.setSecret)(decodeURIComponent(value));
+ }
+ catch (_a) {
+ // Ignore decoding errors
+ }
+ return `${prefix}${paramName}=***`;
+ }
+ return fullMatch;
+ });
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
+ return url;
+ }
+}
+/**
+ * Masks any URLs containing signature parameters in the provided object
+ * Recursively searches through nested objects and arrays
+ */
+function maskSecretUrls(body) {
+ if (typeof body !== 'object' || body === null) {
+ (0, core_1.debug)('body is not an object or is null');
+ return;
+ }
+ const processUrl = (url) => {
+ maskSigUrl(url);
+ };
+ const processObject = (obj) => {
+ if (typeof obj !== 'object' || obj === null) {
+ return;
+ }
+ if (Array.isArray(obj)) {
+ for (const item of obj) {
+ if (typeof item === 'string') {
+ processUrl(item);
+ }
+ else if (typeof item === 'object' && item !== null) {
+ processObject(item);
+ }
+ }
+ return;
+ }
+ if ('signed_upload_url' in obj &&
+ typeof obj.signed_upload_url === 'string') {
+ maskSigUrl(obj.signed_upload_url);
+ }
+ if ('signed_download_url' in obj &&
+ typeof obj.signed_download_url === 'string') {
+ maskSigUrl(obj.signed_download_url);
+ }
+ for (const key in obj) {
+ const value = obj[key];
+ if (typeof value === 'string') {
+ if (/([:?&]|^)(sig)=/i.test(value)) {
+ maskSigUrl(value);
+ }
+ }
+ else if (typeof value === 'object' && value !== null) {
+ processObject(value);
+ }
+ }
+ };
+ processObject(body);
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
/***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
diff --git a/dist/restore/index.js b/dist/restore/index.js
index 035d123..df76568 100644
--- a/dist/restore/index.js
+++ b/dist/restore/index.js
@@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208);
+const util_1 = __nccwpck_require__(2718);
/**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
*
@@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody);
- this.maskSecretUrls(body);
+ (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) {
return { response, body };
@@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`);
});
}
- /**
- * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
- * or the original URL if no sig parameter is present.
- */
- maskSigUrl(url) {
- const sigIndex = url.indexOf('sig=');
- if (sigIndex !== -1) {
- const sigValue = url.substring(sigIndex + 4);
- (0, core_1.setSecret)(sigValue);
- return `${url.substring(0, sigIndex + 4)}***`;
- }
- return url;
- }
- maskSecretUrls(body) {
- if (typeof body === 'object' && body !== null) {
- if ('signed_upload_url' in body &&
- typeof body.signed_upload_url === 'string') {
- this.maskSigUrl(body.signed_upload_url);
- }
- if ('signed_download_url' in body &&
- typeof body.signed_download_url === 'string') {
- this.maskSigUrl(body.signed_download_url);
- }
- }
- else {
- (0, core_1.debug)('body is not an object or is null');
- }
- }
isSuccessStatusCode(statusCode) {
if (!statusCode)
return false;
@@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }),
+/***/ 2718:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(9728);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ * @param url The URL containing the `sig` parameter.
+ * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * or the original URL if no sig parameter is present.
+ */
+function maskSigUrl(url) {
+ if (!url)
+ return url;
+ try {
+ const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
+ let match;
+ while ((match = rawSigRegex.exec(url)) !== null) {
+ const rawSignature = match[2];
+ if (rawSignature) {
+ (0, core_1.setSecret)(rawSignature);
+ }
+ }
+ let parsedUrl;
+ try {
+ parsedUrl = new URL(url);
+ }
+ catch (_a) {
+ try {
+ parsedUrl = new URL(url, 'https://example.com');
+ }
+ catch (error) {
+ (0, core_1.debug)(`Failed to parse URL: ${url}`);
+ return maskSigWithRegex(url);
+ }
+ }
+ let masked = false;
+ const paramNames = Array.from(parsedUrl.searchParams.keys());
+ for (const paramName of paramNames) {
+ if (paramName.toLowerCase() === 'sig') {
+ const signature = parsedUrl.searchParams.get(paramName);
+ if (signature) {
+ (0, core_1.setSecret)(signature);
+ (0, core_1.setSecret)(encodeURIComponent(signature));
+ parsedUrl.searchParams.set(paramName, '***');
+ masked = true;
+ }
+ }
+ }
+ if (masked) {
+ return parsedUrl.toString();
+ }
+ if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
+ return maskSigWithRegex(url);
+ }
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
+ return maskSigWithRegex(url);
+ }
+ return url;
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Fallback method to mask signatures using regex when URL parsing fails
+ */
+function maskSigWithRegex(url) {
+ try {
+ const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
+ return url.replace(regex, (fullMatch, prefix, paramName, value) => {
+ if (value) {
+ (0, core_1.setSecret)(value);
+ try {
+ (0, core_1.setSecret)(decodeURIComponent(value));
+ }
+ catch (_a) {
+ // Ignore decoding errors
+ }
+ return `${prefix}${paramName}=***`;
+ }
+ return fullMatch;
+ });
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
+ return url;
+ }
+}
+/**
+ * Masks any URLs containing signature parameters in the provided object
+ * Recursively searches through nested objects and arrays
+ */
+function maskSecretUrls(body) {
+ if (typeof body !== 'object' || body === null) {
+ (0, core_1.debug)('body is not an object or is null');
+ return;
+ }
+ const processUrl = (url) => {
+ maskSigUrl(url);
+ };
+ const processObject = (obj) => {
+ if (typeof obj !== 'object' || obj === null) {
+ return;
+ }
+ if (Array.isArray(obj)) {
+ for (const item of obj) {
+ if (typeof item === 'string') {
+ processUrl(item);
+ }
+ else if (typeof item === 'object' && item !== null) {
+ processObject(item);
+ }
+ }
+ return;
+ }
+ if ('signed_upload_url' in obj &&
+ typeof obj.signed_upload_url === 'string') {
+ maskSigUrl(obj.signed_upload_url);
+ }
+ if ('signed_download_url' in obj &&
+ typeof obj.signed_download_url === 'string') {
+ maskSigUrl(obj.signed_download_url);
+ }
+ for (const key in obj) {
+ const value = obj[key];
+ if (typeof value === 'string') {
+ if (/([:?&]|^)(sig)=/i.test(value)) {
+ maskSigUrl(value);
+ }
+ }
+ else if (typeof value === 'object' && value !== null) {
+ processObject(value);
+ }
+ }
+ };
+ processObject(body);
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
/***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
diff --git a/dist/save-only/index.js b/dist/save-only/index.js
index 92e7e6e..7ba8d66 100644
--- a/dist/save-only/index.js
+++ b/dist/save-only/index.js
@@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208);
+const util_1 = __nccwpck_require__(2718);
/**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
*
@@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody);
- this.maskSecretUrls(body);
+ (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) {
return { response, body };
@@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`);
});
}
- /**
- * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
- * or the original URL if no sig parameter is present.
- */
- maskSigUrl(url) {
- const sigIndex = url.indexOf('sig=');
- if (sigIndex !== -1) {
- const sigValue = url.substring(sigIndex + 4);
- (0, core_1.setSecret)(sigValue);
- return `${url.substring(0, sigIndex + 4)}***`;
- }
- return url;
- }
- maskSecretUrls(body) {
- if (typeof body === 'object' && body !== null) {
- if ('signed_upload_url' in body &&
- typeof body.signed_upload_url === 'string') {
- this.maskSigUrl(body.signed_upload_url);
- }
- if ('signed_download_url' in body &&
- typeof body.signed_download_url === 'string') {
- this.maskSigUrl(body.signed_download_url);
- }
- }
- else {
- (0, core_1.debug)('body is not an object or is null');
- }
- }
isSuccessStatusCode(statusCode) {
if (!statusCode)
return false;
@@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }),
+/***/ 2718:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(9728);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ * @param url The URL containing the `sig` parameter.
+ * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * or the original URL if no sig parameter is present.
+ */
+function maskSigUrl(url) {
+ if (!url)
+ return url;
+ try {
+ const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
+ let match;
+ while ((match = rawSigRegex.exec(url)) !== null) {
+ const rawSignature = match[2];
+ if (rawSignature) {
+ (0, core_1.setSecret)(rawSignature);
+ }
+ }
+ let parsedUrl;
+ try {
+ parsedUrl = new URL(url);
+ }
+ catch (_a) {
+ try {
+ parsedUrl = new URL(url, 'https://example.com');
+ }
+ catch (error) {
+ (0, core_1.debug)(`Failed to parse URL: ${url}`);
+ return maskSigWithRegex(url);
+ }
+ }
+ let masked = false;
+ const paramNames = Array.from(parsedUrl.searchParams.keys());
+ for (const paramName of paramNames) {
+ if (paramName.toLowerCase() === 'sig') {
+ const signature = parsedUrl.searchParams.get(paramName);
+ if (signature) {
+ (0, core_1.setSecret)(signature);
+ (0, core_1.setSecret)(encodeURIComponent(signature));
+ parsedUrl.searchParams.set(paramName, '***');
+ masked = true;
+ }
+ }
+ }
+ if (masked) {
+ return parsedUrl.toString();
+ }
+ if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
+ return maskSigWithRegex(url);
+ }
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
+ return maskSigWithRegex(url);
+ }
+ return url;
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Fallback method to mask signatures using regex when URL parsing fails
+ */
+function maskSigWithRegex(url) {
+ try {
+ const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
+ return url.replace(regex, (fullMatch, prefix, paramName, value) => {
+ if (value) {
+ (0, core_1.setSecret)(value);
+ try {
+ (0, core_1.setSecret)(decodeURIComponent(value));
+ }
+ catch (_a) {
+ // Ignore decoding errors
+ }
+ return `${prefix}${paramName}=***`;
+ }
+ return fullMatch;
+ });
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
+ return url;
+ }
+}
+/**
+ * Masks any URLs containing signature parameters in the provided object
+ * Recursively searches through nested objects and arrays
+ */
+function maskSecretUrls(body) {
+ if (typeof body !== 'object' || body === null) {
+ (0, core_1.debug)('body is not an object or is null');
+ return;
+ }
+ const processUrl = (url) => {
+ maskSigUrl(url);
+ };
+ const processObject = (obj) => {
+ if (typeof obj !== 'object' || obj === null) {
+ return;
+ }
+ if (Array.isArray(obj)) {
+ for (const item of obj) {
+ if (typeof item === 'string') {
+ processUrl(item);
+ }
+ else if (typeof item === 'object' && item !== null) {
+ processObject(item);
+ }
+ }
+ return;
+ }
+ if ('signed_upload_url' in obj &&
+ typeof obj.signed_upload_url === 'string') {
+ maskSigUrl(obj.signed_upload_url);
+ }
+ if ('signed_download_url' in obj &&
+ typeof obj.signed_download_url === 'string') {
+ maskSigUrl(obj.signed_download_url);
+ }
+ for (const key in obj) {
+ const value = obj[key];
+ if (typeof value === 'string') {
+ if (/([:?&]|^)(sig)=/i.test(value)) {
+ maskSigUrl(value);
+ }
+ }
+ else if (typeof value === 'object' && value !== null) {
+ processObject(value);
+ }
+ }
+ };
+ processObject(body);
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
/***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
diff --git a/dist/save/index.js b/dist/save/index.js
index cc0c253..345a1b0 100644
--- a/dist/save/index.js
+++ b/dist/save/index.js
@@ -8763,6 +8763,7 @@ const cacheUtils_1 = __nccwpck_require__(6017);
const auth_1 = __nccwpck_require__(2492);
const http_client_1 = __nccwpck_require__(944);
const cache_twirp_client_1 = __nccwpck_require__(1208);
+const util_1 = __nccwpck_require__(2718);
/**
* This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
*
@@ -8822,7 +8823,7 @@ class CacheServiceClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody);
- this.maskSecretUrls(body);
+ (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) {
return { response, body };
@@ -8863,36 +8864,6 @@ class CacheServiceClient {
throw new Error(`Request failed`);
});
}
- /**
- * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
- * or the original URL if no sig parameter is present.
- */
- maskSigUrl(url) {
- const sigIndex = url.indexOf('sig=');
- if (sigIndex !== -1) {
- const sigValue = url.substring(sigIndex + 4);
- (0, core_1.setSecret)(sigValue);
- return `${url.substring(0, sigIndex + 4)}***`;
- }
- return url;
- }
- maskSecretUrls(body) {
- if (typeof body === 'object' && body !== null) {
- if ('signed_upload_url' in body &&
- typeof body.signed_upload_url === 'string') {
- this.maskSigUrl(body.signed_upload_url);
- }
- if ('signed_download_url' in body &&
- typeof body.signed_download_url === 'string') {
- this.maskSigUrl(body.signed_download_url);
- }
- }
- else {
- (0, core_1.debug)('body is not an object or is null');
- }
- }
isSuccessStatusCode(statusCode) {
if (!statusCode)
return false;
@@ -9035,6 +9006,151 @@ exports.getUserAgentString = getUserAgentString;
/***/ }),
+/***/ 2718:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(9728);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ * @param url The URL containing the `sig` parameter.
+ * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * or the original URL if no sig parameter is present.
+ */
+function maskSigUrl(url) {
+ if (!url)
+ return url;
+ try {
+ const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
+ let match;
+ while ((match = rawSigRegex.exec(url)) !== null) {
+ const rawSignature = match[2];
+ if (rawSignature) {
+ (0, core_1.setSecret)(rawSignature);
+ }
+ }
+ let parsedUrl;
+ try {
+ parsedUrl = new URL(url);
+ }
+ catch (_a) {
+ try {
+ parsedUrl = new URL(url, 'https://example.com');
+ }
+ catch (error) {
+ (0, core_1.debug)(`Failed to parse URL: ${url}`);
+ return maskSigWithRegex(url);
+ }
+ }
+ let masked = false;
+ const paramNames = Array.from(parsedUrl.searchParams.keys());
+ for (const paramName of paramNames) {
+ if (paramName.toLowerCase() === 'sig') {
+ const signature = parsedUrl.searchParams.get(paramName);
+ if (signature) {
+ (0, core_1.setSecret)(signature);
+ (0, core_1.setSecret)(encodeURIComponent(signature));
+ parsedUrl.searchParams.set(paramName, '***');
+ masked = true;
+ }
+ }
+ }
+ if (masked) {
+ return parsedUrl.toString();
+ }
+ if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
+ return maskSigWithRegex(url);
+ }
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
+ return maskSigWithRegex(url);
+ }
+ return url;
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Fallback method to mask signatures using regex when URL parsing fails
+ */
+function maskSigWithRegex(url) {
+ try {
+ const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
+ return url.replace(regex, (fullMatch, prefix, paramName, value) => {
+ if (value) {
+ (0, core_1.setSecret)(value);
+ try {
+ (0, core_1.setSecret)(decodeURIComponent(value));
+ }
+ catch (_a) {
+ // Ignore decoding errors
+ }
+ return `${prefix}${paramName}=***`;
+ }
+ return fullMatch;
+ });
+ }
+ catch (error) {
+ (0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
+ return url;
+ }
+}
+/**
+ * Masks any URLs containing signature parameters in the provided object
+ * Recursively searches through nested objects and arrays
+ */
+function maskSecretUrls(body) {
+ if (typeof body !== 'object' || body === null) {
+ (0, core_1.debug)('body is not an object or is null');
+ return;
+ }
+ const processUrl = (url) => {
+ maskSigUrl(url);
+ };
+ const processObject = (obj) => {
+ if (typeof obj !== 'object' || obj === null) {
+ return;
+ }
+ if (Array.isArray(obj)) {
+ for (const item of obj) {
+ if (typeof item === 'string') {
+ processUrl(item);
+ }
+ else if (typeof item === 'object' && item !== null) {
+ processObject(item);
+ }
+ }
+ return;
+ }
+ if ('signed_upload_url' in obj &&
+ typeof obj.signed_upload_url === 'string') {
+ maskSigUrl(obj.signed_upload_url);
+ }
+ if ('signed_download_url' in obj &&
+ typeof obj.signed_download_url === 'string') {
+ maskSigUrl(obj.signed_download_url);
+ }
+ for (const key in obj) {
+ const value = obj[key];
+ if (typeof value === 'string') {
+ if (/([:?&]|^)(sig)=/i.test(value)) {
+ maskSigUrl(value);
+ }
+ }
+ else if (typeof value === 'object' && value !== null) {
+ processObject(value);
+ }
+ }
+ };
+ processObject(body);
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
/***/ 2043:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {