actions/upload-artifact
2
0
Fork 0
mirror of https://github.com/actions/upload-artifact.git synced 2025-04-01 17:26:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

update with latest code

Browse source
This commit is contained in:
Salman Chishti 2025-03-12 03:20:06 -07:00
parent 9f58c48839
commit 139bd3da44
2 changed files with 272 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

167
dist/merge/index.js vendored
View file

@ -5576,6 +5576,7 @@ const generated_1 = __nccwpck_require__(57730);
const config_1 = __nccwpck_require__(63890); const config_1 = __nccwpck_require__(63890);
const user_agent_1 = __nccwpck_require__(269); const user_agent_1 = __nccwpck_require__(269);
const errors_1 = __nccwpck_require__(75971); const errors_1 = __nccwpck_require__(75971);
const util_1 = __nccwpck_require__(33337);
class ArtifactHttpClient { class ArtifactHttpClient {
constructor(userAgent, maxAttempts, baseRetryIntervalMilliseconds, retryMultiplier) { constructor(userAgent, maxAttempts, baseRetryIntervalMilliseconds, retryMultiplier) {
this.maxAttempts = 5; this.maxAttempts = 5;
@ -5614,35 +5615,6 @@ class ArtifactHttpClient {
} }
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_url' in body && typeof body.signed_url === 'string') {
this.maskSigUrl(body.signed_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
retryableRequest(operation) { retryableRequest(operation) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
let attempt = 0; let attempt = 0;
@ -5657,7 +5629,7 @@ class ArtifactHttpClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -5975,10 +5947,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getBackendIdsFromToken = void 0; exports.maskSecretUrls = exports.maskSigUrl = exports.getBackendIdsFromToken = void 0;
const core = __importStar(__nccwpck_require__(57818)); const core = __importStar(__nccwpck_require__(57818));
const config_1 = __nccwpck_require__(63890); const config_1 = __nccwpck_require__(63890);
const jwt_decode_1 = __importDefault(__nccwpck_require__(96538)); const jwt_decode_1 = __importDefault(__nccwpck_require__(96538));
const core_1 = __nccwpck_require__(57818);
const InvalidJwtError = new Error('Failed to get backend IDs: The provided JWT token is invalid and/or missing claims'); const InvalidJwtError = new Error('Failed to get backend IDs: The provided JWT token is invalid and/or missing claims');
// uses the JWT token claims to get the // uses the JWT token claims to get the
// workflow run and workflow job run backend ids // workflow run and workflow job run backend ids
@ -6027,6 +6000,138 @@ function getBackendIdsFromToken() {
throw InvalidJwtError; throw InvalidJwtError;
} }
exports.getBackendIdsFromToken = getBackendIdsFromToken; exports.getBackendIdsFromToken = getBackendIdsFromToken;
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_url' in obj && typeof obj.signed_url === 'string') {
maskSigUrl(obj.signed_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map //# sourceMappingURL=util.js.map
/***/ }), /***/ }),

167
dist/upload/index.js vendored
View file

@ -5576,6 +5576,7 @@ const generated_1 = __nccwpck_require__(57730);
const config_1 = __nccwpck_require__(63890); const config_1 = __nccwpck_require__(63890);
const user_agent_1 = __nccwpck_require__(269); const user_agent_1 = __nccwpck_require__(269);
const errors_1 = __nccwpck_require__(75971); const errors_1 = __nccwpck_require__(75971);
const util_1 = __nccwpck_require__(33337);
class ArtifactHttpClient { class ArtifactHttpClient {
constructor(userAgent, maxAttempts, baseRetryIntervalMilliseconds, retryMultiplier) { constructor(userAgent, maxAttempts, baseRetryIntervalMilliseconds, retryMultiplier) {
this.maxAttempts = 5; this.maxAttempts = 5;
@ -5614,35 +5615,6 @@ class ArtifactHttpClient {
} }
}); });
} }
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
maskSigUrl(url) {
const sigIndex = url.indexOf('sig=');
if (sigIndex !== -1) {
const sigValue = url.substring(sigIndex + 4);
(0, core_1.setSecret)(sigValue);
return `${url.substring(0, sigIndex + 4)}***`;
}
return url;
}
maskSecretUrls(body) {
if (typeof body === 'object' && body !== null) {
if ('signed_upload_url' in body &&
typeof body.signed_upload_url === 'string') {
this.maskSigUrl(body.signed_upload_url);
}
if ('signed_url' in body && typeof body.signed_url === 'string') {
this.maskSigUrl(body.signed_url);
}
}
else {
(0, core_1.debug)('body is not an object or is null');
}
}
retryableRequest(operation) { retryableRequest(operation) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
let attempt = 0; let attempt = 0;
@ -5657,7 +5629,7 @@ class ArtifactHttpClient {
(0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
(0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
const body = JSON.parse(rawBody); const body = JSON.parse(rawBody);
this.maskSecretUrls(body); (0, util_1.maskSecretUrls)(body);
(0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
if (this.isSuccessStatusCode(statusCode)) { if (this.isSuccessStatusCode(statusCode)) {
return { response, body }; return { response, body };
@ -5975,10 +5947,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getBackendIdsFromToken = void 0; exports.maskSecretUrls = exports.maskSigUrl = exports.getBackendIdsFromToken = void 0;
const core = __importStar(__nccwpck_require__(57818)); const core = __importStar(__nccwpck_require__(57818));
const config_1 = __nccwpck_require__(63890); const config_1 = __nccwpck_require__(63890);
const jwt_decode_1 = __importDefault(__nccwpck_require__(96538)); const jwt_decode_1 = __importDefault(__nccwpck_require__(96538));
const core_1 = __nccwpck_require__(57818);
const InvalidJwtError = new Error('Failed to get backend IDs: The provided JWT token is invalid and/or missing claims'); const InvalidJwtError = new Error('Failed to get backend IDs: The provided JWT token is invalid and/or missing claims');
// uses the JWT token claims to get the // uses the JWT token claims to get the
// workflow run and workflow job run backend ids // workflow run and workflow job run backend ids
@ -6027,6 +6000,138 @@ function getBackendIdsFromToken() {
throw InvalidJwtError; throw InvalidJwtError;
} }
exports.getBackendIdsFromToken = getBackendIdsFromToken; exports.getBackendIdsFromToken = getBackendIdsFromToken;
/**
* Masks the `sig` parameter in a URL and sets it as a secret.
* @param url The URL containing the `sig` parameter.
* @returns A masked URL where the sig parameter value is replaced with '***' if found,
* or the original URL if no sig parameter is present.
*/
function maskSigUrl(url) {
if (!url)
return url;
try {
const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;
let match;
while ((match = rawSigRegex.exec(url)) !== null) {
const rawSignature = match[2];
if (rawSignature) {
(0, core_1.setSecret)(rawSignature);
}
}
let parsedUrl;
try {
parsedUrl = new URL(url);
}
catch (_a) {
try {
parsedUrl = new URL(url, 'https://example.com');
}
catch (error) {
(0, core_1.debug)(`Failed to parse URL: ${url}`);
return maskSigWithRegex(url);
}
}
let masked = false;
const paramNames = Array.from(parsedUrl.searchParams.keys());
for (const paramName of paramNames) {
if (paramName.toLowerCase() === 'sig') {
const signature = parsedUrl.searchParams.get(paramName);
if (signature) {
(0, core_1.setSecret)(signature);
(0, core_1.setSecret)(encodeURIComponent(signature));
parsedUrl.searchParams.set(paramName, '***');
masked = true;
}
}
}
if (masked) {
return parsedUrl.toString();
}
if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {
return maskSigWithRegex(url);
}
}
catch (error) {
(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);
return maskSigWithRegex(url);
}
return url;
}
exports.maskSigUrl = maskSigUrl;
/**
* Fallback method to mask signatures using regex when URL parsing fails
*/
function maskSigWithRegex(url) {
try {
const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;
return url.replace(regex, (fullMatch, prefix, paramName, value) => {
if (value) {
(0, core_1.setSecret)(value);
try {
(0, core_1.setSecret)(decodeURIComponent(value));
}
catch (_a) {
// Ignore decoding errors
}
return `${prefix}${paramName}=***`;
}
return fullMatch;
});
}
catch (error) {
(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);
return url;
}
}
/**
* Masks any URLs containing signature parameters in the provided object
* Recursively searches through nested objects and arrays
*/
function maskSecretUrls(body) {
if (typeof body !== 'object' || body === null) {
(0, core_1.debug)('body is not an object or is null');
return;
}
const processUrl = (url) => {
maskSigUrl(url);
};
const processObject = (obj) => {
if (typeof obj !== 'object' || obj === null) {
return;
}
if (Array.isArray(obj)) {
for (const item of obj) {
if (typeof item === 'string') {
processUrl(item);
}
else if (typeof item === 'object' && item !== null) {
processObject(item);
}
}
return;
}
if ('signed_upload_url' in obj &&
typeof obj.signed_upload_url === 'string') {
maskSigUrl(obj.signed_upload_url);
}
if ('signed_url' in obj && typeof obj.signed_url === 'string') {
maskSigUrl(obj.signed_url);
}
for (const key in obj) {
const value = obj[key];
if (typeof value === 'string') {
if (/([:?&]|^)(sig)=/i.test(value)) {
maskSigUrl(value);
}
}
else if (typeof value === 'object' && value !== null) {
processObject(value);
}
}
};
processObject(body);
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map //# sourceMappingURL=util.js.map
/***/ }), /***/ }),