masks the whole URL, update tests

packages/cache/__tests__/cacheTwirpClient.test.ts

@@ -1,9 +1,5 @@
-import {
-  CreateCacheEntryResponse,
-  GetCacheEntryDownloadURLResponse
-} from '../src/generated/results/api/v1/cache'
 import {CacheServiceClient} from '../src/internal/shared/cacheTwirpClient'
-import {setSecret, debug} from '@actions/core'
+import {setSecret} from '@actions/core'
 
 jest.mock('@actions/core', () => ({
   setSecret: jest.fn(),
@@ -24,75 +20,106 @@ describe('CacheServiceClient', () => {
     delete process.env['ACTIONS_RUNTIME_TOKEN']
   })
 
-  describe('maskSecretUrls', () => {
-    it('should mask signedUploadUrl', () => {
-      const response = {
-        ok: true,
-        signedUploadUrl:
-          'https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=secret-token'
-      } as CreateCacheEntryResponse
+  describe('maskSigUrl', () => {
+    it('should mask the sig parameter and set it as a secret', () => {
+      const url =
+        'https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=secret-token'
 
-      client.maskSecretUrls(response)
+      const maskedUrl = client.maskSigUrl(url)
 
       expect(setSecret).toHaveBeenCalledWith('secret-token')
-      expect(debug).toHaveBeenCalledWith(
-        'Masked signed_upload_url: https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=***'
+      expect(maskedUrl).toBe(
+        'https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=***'
       )
     })
 
-    it('should mask signedDownloadUrl', () => {
-      const response = {
-        ok: true,
-        signedDownloadUrl:
-          'https://example.com/download?se=2025-03-05T16%3A47%3A23Z&sig=secret-token',
-        matchedKey: 'cache-key'
-      } as GetCacheEntryDownloadURLResponse
+    it('should return the original URL if no sig parameter is found', () => {
+      const url = 'https://example.com/upload?se=2025-03-05T16%3A47%3A23Z'
 
-      client.maskSecretUrls(response)
-
-      expect(setSecret).toHaveBeenCalledWith('secret-token')
-      expect(debug).toHaveBeenCalledWith(
-        'Masked signed_download_url: https://example.com/download?se=2025-03-05T16%3A47%3A23Z&sig=***'
-      )
-    })
-
-    it('should not call setSecret if URLs are missing', () => {
-      const response = {ok: true} as CreateCacheEntryResponse
-
-      client.maskSecretUrls(response)
+      const maskedUrl = client.maskSigUrl(url)
 
       expect(setSecret).not.toHaveBeenCalled()
+      expect(maskedUrl).toBe(url)
     })
 
-    it('should mask only the sensitive token part of signedUploadUrl', () => {
-      const response = {
-        ok: true,
-        signedUploadUrl:
-          'https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=secret-token'
-      } as CreateCacheEntryResponse
+    it('should handle sig parameter at the end of the URL', () => {
+      const url = 'https://example.com/upload?param1=value&sig=secret-token'
 
-      client.maskSecretUrls(response)
+      const maskedUrl = client.maskSigUrl(url)
 
       expect(setSecret).toHaveBeenCalledWith('secret-token')
-      expect(debug).toHaveBeenCalledWith(
-        'Masked signed_upload_url: https://example.com/upload?se=2025-03-05T16%3A47%3A23Z&sig=***'
+      expect(maskedUrl).toBe('https://example.com/upload?param1=value&sig=***')
+    })
+
+    it('should handle sig parameter in the middle of the URL', () => {
+      const url = 'https://example.com/upload?sig=secret-token&param2=value'
+
+      const maskedUrl = client.maskSigUrl(url)
+
+      expect(setSecret).toHaveBeenCalledWith('secret-token&param2=value')
+      expect(maskedUrl).toBe('https://example.com/upload?sig=***')
+    })
+  })
+
+  describe('maskSecretUrls', () => {
+    it('should mask signed_upload_url', () => {
+      const spy = jest.spyOn(client, 'maskSigUrl')
+      const body = {
+        signed_upload_url: 'https://example.com/upload?sig=secret-token',
+        key: 'test-key',
+        version: 'test-version'
+      }
+
+      client.maskSecretUrls(body)
+
+      expect(spy).toHaveBeenCalledWith(
+        'https://example.com/upload?sig=secret-token'
       )
     })
 
-    it('should mask only the sensitive token part of signedDownloadUrl', () => {
-      const response = {
-        ok: true,
-        signedDownloadUrl:
-          'https://example.com/download?se=2025-03-05T16%3A47%3A23Z&sig=secret-token',
-        matchedKey: 'cache-key'
-      } as GetCacheEntryDownloadURLResponse
+    it('should mask signed_download_url', () => {
+      const spy = jest.spyOn(client, 'maskSigUrl')
+      const body = {
+        signed_download_url: 'https://example.com/download?sig=secret-token',
+        key: 'test-key',
+        version: 'test-version'
+      }
 
-      client.maskSecretUrls(response)
+      client.maskSecretUrls(body)
 
-      expect(setSecret).toHaveBeenCalledWith('secret-token')
-      expect(debug).toHaveBeenCalledWith(
-        'Masked signed_download_url: https://example.com/download?se=2025-03-05T16%3A47%3A23Z&sig=***'
+      expect(spy).toHaveBeenCalledWith(
+        'https://example.com/download?sig=secret-token'
       )
     })
+
+    it('should mask both URLs when both are present', () => {
+      const spy = jest.spyOn(client, 'maskSigUrl')
+      const body = {
+        signed_upload_url: 'https://example.com/upload?sig=secret-token1',
+        signed_download_url: 'https://example.com/download?sig=secret-token2'
+      }
+
+      client.maskSecretUrls(body)
+
+      expect(spy).toHaveBeenCalledTimes(2)
+      expect(spy).toHaveBeenCalledWith(
+        'https://example.com/upload?sig=secret-token1'
+      )
+      expect(spy).toHaveBeenCalledWith(
+        'https://example.com/download?sig=secret-token2'
+      )
+    })
+
+    it('should not call maskSigUrl when URLs are missing', () => {
+      const spy = jest.spyOn(client, 'maskSigUrl')
+      const body = {
+        key: 'test-key',
+        version: 'test-version'
+      }
+
+      client.maskSecretUrls(body)
+
+      expect(spy).not.toHaveBeenCalled()
+    })
   })
 })