@@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
220220 };
221221 const response = yield twirpClient.GetCacheEntryDownloadURL(request);
222222 if (!response.ok) {
223- core.debug(`Cache not found for keys: ${keys.join(', ')}`);
223+ core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
224224 return undefined;
225225 }
226226 core.info(`Cache hit for: ${request.key}`);
@@ -2204,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(680);
22042204const auth_1 = __nccwpck_require__(4552);
22052205const http_client_1 = __nccwpck_require__(4844);
22062206const cache_twirp_client_1 = __nccwpck_require__(1486);
2207+ const util_1 = __nccwpck_require__(7564);
22072208/**
22082209 * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
22092210 *
@@ -2263,6 +2264,7 @@ class CacheServiceClient {
22632264 (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
22642265 (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
22652266 const body = JSON.parse(rawBody);
2267+ (0, util_1.maskSecretUrls)(body);
22662268 (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
22672269 if (this.isSuccessStatusCode(statusCode)) {
22682270 return { response, body };
@@ -2444,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
24442446
24452447/***/ }),
24462448
2449+ /***/ 7564:
2450+ /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
2451+
2452+ "use strict";
2453+
2454+ Object.defineProperty(exports, "__esModule", ({ value: true }));
2455+ exports.maskSecretUrls = exports.maskSigUrl = void 0;
2456+ const core_1 = __nccwpck_require__(7484);
2457+ /**
2458+ * Masks the `sig` parameter in a URL and sets it as a secret.
2459+ *
2460+ * @param url - The URL containing the signature parameter to mask
2461+ * @remarks
2462+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
2463+ * If found, it registers both the raw and URL-encoded signature values as secrets using
2464+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
2465+ *
2466+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
2467+ *
2468+ * @example
2469+ * ```typescript
2470+ * // Mask a signature in an Azure SAS token URL
2471+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
2472+ * ```
2473+ */
2474+ function maskSigUrl(url) {
2475+ if (!url)
2476+ return;
2477+ try {
2478+ const parsedUrl = new URL(url);
2479+ const signature = parsedUrl.searchParams.get('sig');
2480+ if (signature) {
2481+ (0, core_1.setSecret)(signature);
2482+ (0, core_1.setSecret)(encodeURIComponent(signature));
2483+ }
2484+ }
2485+ catch (error) {
2486+ (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
2487+ }
2488+ }
2489+ exports.maskSigUrl = maskSigUrl;
2490+ /**
2491+ * Masks sensitive information in URLs containing signature parameters.
2492+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
2493+ * and 'signed_download_url' properties of the provided object.
2494+ *
2495+ * @param body - The object should contain a signature
2496+ * @remarks
2497+ * This function extracts URLs from the object properties and calls maskSigUrl
2498+ * on each one to redact sensitive signature information. The function doesn't
2499+ * modify the original object; it only marks the signatures as secrets for
2500+ * logging purposes.
2501+ *
2502+ * @example
2503+ * ```typescript
2504+ * const responseBody = {
2505+ * signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
2506+ * signed_download_url: 'https://blob.core/windows.net/?sig=def456'
2507+ * };
2508+ * maskSecretUrls(responseBody);
2509+ * ```
2510+ */
2511+ function maskSecretUrls(body) {
2512+ if (typeof body !== 'object' || body === null) {
2513+ (0, core_1.debug)('body is not an object or is null');
2514+ return;
2515+ }
2516+ if ('signed_upload_url' in body &&
2517+ typeof body.signed_upload_url === 'string') {
2518+ maskSigUrl(body.signed_upload_url);
2519+ }
2520+ if ('signed_download_url' in body &&
2521+ typeof body.signed_download_url === 'string') {
2522+ maskSigUrl(body.signed_download_url);
2523+ }
2524+ }
2525+ exports.maskSecretUrls = maskSecretUrls;
2526+ //# sourceMappingURL=util.js.map
2527+
2528+ /***/ }),
2529+
24472530/***/ 5321:
24482531/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
24492532
@@ -88838,7 +88921,7 @@ function getUserAgent() {
8883888921 return navigator.userAgent;
8883988922 }
8884088923
88841- if (typeof process === "object" && " version" in process ) {
88924+ if (typeof process === "object" && process. version !== undefined ) {
8884288925 return `Node.js/${process.version.substr(1)} (${process.platform}; ${process.arch})`;
8884388926 }
8884488927
@@ -99922,7 +100005,7 @@ module.exports = parseParams
99922100005/***/ ((module) => {
99923100006
99924100007"use strict";
99925- module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.2","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
100008+ module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
99926100009
99927100010/***/ }),
99928100011
0 commit comments