const util_1 = __nccwpck_require__(2718);

(0, util_1.maskSecretUrls)(body);

/***/ 2718:

/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {

"use strict";

Object.defineProperty(exports, "__esModule", ({ value: true }));

exports.maskSecretUrls = exports.maskSigUrl = void 0;

const core_1 = __nccwpck_require__(9728);

/**

* Masks the `sig` parameter in a URL and sets it as a secret.

* @param url The URL containing the `sig` parameter.

* @returns A masked URL where the sig parameter value is replaced with '***' if found,

* or the original URL if no sig parameter is present.

*/

function maskSigUrl(url) {

if (!url)

return url;

try {

const rawSigRegex = /[?&](sig)=([^&=#]+)/gi;

let match;

while ((match = rawSigRegex.exec(url)) !== null) {

const rawSignature = match[2];

if (rawSignature) {

(0, core_1.setSecret)(rawSignature);

}

}

let parsedUrl;

try {

parsedUrl = new URL(url);

}

catch (_a) {

try {

parsedUrl = new URL(url, 'https://example.com');

}

catch (error) {

(0, core_1.debug)(`Failed to parse URL: ${url}`);

return maskSigWithRegex(url);

}

}

let masked = false;

const paramNames = Array.from(parsedUrl.searchParams.keys());

for (const paramName of paramNames) {

if (paramName.toLowerCase() === 'sig') {

const signature = parsedUrl.searchParams.get(paramName);

if (signature) {

(0, core_1.setSecret)(signature);

(0, core_1.setSecret)(encodeURIComponent(signature));

parsedUrl.searchParams.set(paramName, '***');

masked = true;

}

}

}

if (masked) {

return parsedUrl.toString();

}

if (/([:?&]|^)(sig)=([^&=#]+)/i.test(url)) {

return maskSigWithRegex(url);

}

}

catch (error) {

(0, core_1.debug)(`Error masking URL: ${error instanceof Error ? error.message : String(error)}`);

return maskSigWithRegex(url);

}

return url;

}

exports.maskSigUrl = maskSigUrl;

/**

* Fallback method to mask signatures using regex when URL parsing fails

*/

function maskSigWithRegex(url) {

try {

const regex = /([:?&]|^)(sig)=([^&=#]+)/gi;

return url.replace(regex, (fullMatch, prefix, paramName, value) => {

if (value) {

(0, core_1.setSecret)(value);

try {

(0, core_1.setSecret)(decodeURIComponent(value));

}

catch (_a) {

// Ignore decoding errors

}

return `${prefix}${paramName}=***`;

}

return fullMatch;

});

}

catch (error) {

(0, core_1.debug)(`Error in maskSigWithRegex: ${error instanceof Error ? error.message : String(error)}`);

return url;

}

}

/**

* Masks any URLs containing signature parameters in the provided object

* Recursively searches through nested objects and arrays

*/

function maskSecretUrls(body) {

if (typeof body !== 'object' || body === null) {

(0, core_1.debug)('body is not an object or is null');

return;

}

const processUrl = (url) => {

maskSigUrl(url);

};

const processObject = (obj) => {

if (typeof obj !== 'object' || obj === null) {

return;

}

if (Array.isArray(obj)) {

for (const item of obj) {

if (typeof item === 'string') {

processUrl(item);

}

else if (typeof item === 'object' && item !== null) {

processObject(item);

}

}

return;

}

if ('signed_upload_url' in obj &&

typeof obj.signed_upload_url === 'string') {

maskSigUrl(obj.signed_upload_url);

}

if ('signed_download_url' in obj &&

typeof obj.signed_download_url === 'string') {

maskSigUrl(obj.signed_download_url);

}

for (const key in obj) {

const value = obj[key];

if (typeof value === 'string') {

if (/([:?&]|^)(sig)=/i.test(value)) {

maskSigUrl(value);

}

}

else if (typeof value === 'object' && value !== null) {

processObject(value);

}

}

};

processObject(body);

}

exports.maskSecretUrls = maskSecretUrls;

//# sourceMappingURL=util.js.map

/***/ }),