mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 09:40:17 +08:00
41 lines
1.6 KiB
TypeScript
41 lines
1.6 KiB
TypeScript
/**
|
|
* Masks the `sig` parameter in a URL and sets it as a secret.
|
|
*
|
|
* @param url - The URL containing the signature parameter to mask
|
|
* @remarks
|
|
* This function attempts to parse the provided URL and identify the 'sig' query parameter.
|
|
* If found, it registers both the raw and URL-encoded signature values as secrets using
|
|
* the Actions `setSecret` API, which prevents them from being displayed in logs.
|
|
*
|
|
* The function handles errors gracefully if URL parsing fails, logging them as debug messages.
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* // Mask a signature in an Azure SAS token URL
|
|
* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
|
|
* ```
|
|
*/
|
|
export declare function maskSigUrl(url: string): void;
|
|
/**
|
|
* Masks sensitive information in URLs containing signature parameters.
|
|
* Currently supports masking 'sig' parameters in the 'signed_upload_url'
|
|
* and 'signed_download_url' properties of the provided object.
|
|
*
|
|
* @param body - The object should contain a signature
|
|
* @remarks
|
|
* This function extracts URLs from the object properties and calls maskSigUrl
|
|
* on each one to redact sensitive signature information. The function doesn't
|
|
* modify the original object; it only marks the signatures as secrets for
|
|
* logging purposes.
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const responseBody = {
|
|
* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
|
|
* signed_download_url: 'https://blob.core/windows.net/?sig=def456'
|
|
* };
|
|
* maskSecretUrls(responseBody);
|
|
* ```
|
|
*/
|
|
export declare function maskSecretUrls(body: Record<string, unknown> | null): void;
|