From 957d42e6c503430f00929e33a24c63be04206062 Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Fri, 14 Mar 2025 06:38:57 -0700 Subject: [PATCH] add encoding back with extra tests --- packages/artifact/__tests__/util.test.ts | 53 +++++++++++++++++++ packages/artifact/src/internal/shared/util.ts | 1 + packages/cache/__tests__/util.test.ts | 53 +++++++++++++++++++ packages/cache/src/internal/shared/util.ts | 1 + 4 files changed, 108 insertions(+) diff --git a/packages/artifact/__tests__/util.test.ts b/packages/artifact/__tests__/util.test.ts index dd987d26..2649662e 100644 --- a/packages/artifact/__tests__/util.test.ts +++ b/packages/artifact/__tests__/util.test.ts @@ -96,6 +96,59 @@ describe('maskSigUrl', () => { }) }) +describe('maskSigUrl handles special characters in signatures', () => { + beforeEach(() => { + jest.clearAllMocks() + }) + + it('handles signatures with slashes', () => { + const url = 'https://example.com/?sig=abc/123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc/123') + expect(setSecret).toHaveBeenCalledWith('abc%2F123') + }) + + it('handles signatures with plus signs', () => { + const url = 'https://example.com/?sig=abc+123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc 123') + expect(setSecret).toHaveBeenCalledWith('abc%20123') + }) + + it('handles signatures with equals signs', () => { + const url = 'https://example.com/?sig=abc=123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc=123') + expect(setSecret).toHaveBeenCalledWith('abc%3D123') + }) + + it('handles already percent-encoded signatures', () => { + const url = 'https://example.com/?sig=abc%2F123%3D' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc/123=') + expect(setSecret).toHaveBeenCalledWith('abc%2F123%3D') + }) + + it('handles complex Azure SAS signatures', () => { + const url = + 'https://example.com/container/file.txt?sig=nXyQIUj%2F%2F06Cxt80pBRYiiJlYqtPYg5sz%2FvEh5iHAhw%3D&se=2023-12-31' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith( + 'nXyQIUj//06Cxt80pBRYiiJlYqtPYg5sz/vEh5iHAhw=' + ) + expect(setSecret).toHaveBeenCalledWith( + 'nXyQIUj%2F%2F06Cxt80pBRYiiJlYqtPYg5sz%2FvEh5iHAhw%3D' + ) + }) + + it('handles signatures with multiple special characters', () => { + const url = 'https://example.com/?sig=a/b+c=d&e=f' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('a/b c=d') + expect(setSecret).toHaveBeenCalledWith('a%2Fb%20c%3Dd') + }) +}) + describe('maskSecretUrls', () => { beforeEach(() => { jest.clearAllMocks() diff --git a/packages/artifact/src/internal/shared/util.ts b/packages/artifact/src/internal/shared/util.ts index d6c62794..67120e27 100644 --- a/packages/artifact/src/internal/shared/util.ts +++ b/packages/artifact/src/internal/shared/util.ts @@ -95,6 +95,7 @@ export function maskSigUrl(url: string): void { const signature = parsedUrl.searchParams.get('sig') if (signature) { setSecret(signature) + setSecret(encodeURIComponent(signature)) } } catch (error) { debug( diff --git a/packages/cache/__tests__/util.test.ts b/packages/cache/__tests__/util.test.ts index 7cf071dd..3ba3bba7 100644 --- a/packages/cache/__tests__/util.test.ts +++ b/packages/cache/__tests__/util.test.ts @@ -35,6 +35,59 @@ describe('maskSigUrl', () => { }) }) +describe('maskSigUrl handles special characters in signatures', () => { + beforeEach(() => { + jest.clearAllMocks() + }) + + it('handles signatures with slashes', () => { + const url = 'https://example.com/?sig=abc/123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc/123') + expect(setSecret).toHaveBeenCalledWith('abc%2F123') + }) + + it('handles signatures with plus signs', () => { + const url = 'https://example.com/?sig=abc+123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc 123') + expect(setSecret).toHaveBeenCalledWith('abc%20123') + }) + + it('handles signatures with equals signs', () => { + const url = 'https://example.com/?sig=abc=123' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc=123') + expect(setSecret).toHaveBeenCalledWith('abc%3D123') + }) + + it('handles already percent-encoded signatures', () => { + const url = 'https://example.com/?sig=abc%2F123%3D' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('abc/123=') + expect(setSecret).toHaveBeenCalledWith('abc%2F123%3D') + }) + + it('handles complex Azure SAS signatures', () => { + const url = + 'https://example.com/container/file.txt?sig=nXyQIUj%2F%2F06Cxt80pBRYiiJlYqtPYg5sz%2FvEh5iHAhw%3D&se=2023-12-31' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith( + 'nXyQIUj//06Cxt80pBRYiiJlYqtPYg5sz/vEh5iHAhw=' + ) + expect(setSecret).toHaveBeenCalledWith( + 'nXyQIUj%2F%2F06Cxt80pBRYiiJlYqtPYg5sz%2FvEh5iHAhw%3D' + ) + }) + + it('handles signatures with multiple special characters', () => { + const url = 'https://example.com/?sig=a/b+c=d&e=f' + maskSigUrl(url) + expect(setSecret).toHaveBeenCalledWith('a/b c=d') + expect(setSecret).toHaveBeenCalledWith('a%2Fb%20c%3Dd') + }) +}) + describe('maskSecretUrls', () => { beforeEach(() => { jest.clearAllMocks() diff --git a/packages/cache/src/internal/shared/util.ts b/packages/cache/src/internal/shared/util.ts index 2e2d6434..36d2ebfd 100644 --- a/packages/cache/src/internal/shared/util.ts +++ b/packages/cache/src/internal/shared/util.ts @@ -24,6 +24,7 @@ export function maskSigUrl(url: string): void { const signature = parsedUrl.searchParams.get('sig') if (signature) { setSecret(signature) + setSecret(encodeURIComponent(signature)) } } catch (error) { debug(