Remove logging of any SAS tokens in Actions/Cache and Actions/Artifact #1982
+549
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
robherley
reviewed
Mar 10, 2025
robherley
reviewed
Mar 11, 2025
…tures, nested parameters, and moved to a utility file
Link-
reviewed
Mar 12, 2025
Link-
reviewed
Mar 12, 2025
robherley
reviewed
Mar 12, 2025
robherley
approved these changes
Mar 14, 2025
robherley
reviewed
Mar 14, 2025
robherley
approved these changes
Mar 14, 2025
This was referenced Mar 18, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Currently you are able to see the SAS token for downloading and uploading files when debugging.
This is not secure as technically anyone with access to the logs can use the SAS token to download or upload files.
Fix
Fix: masking the SAS token, so that you are unable to see it anymore, it will show three stars: , e.g. sig= in the URL
The code handles malformed URLs as well, encoding the raw, encoded & decoded URL in-case. Code also checks for nested parameters and for any sig fields, in the case where for some reason signature_upload_url or the keys in the object could change.
Examples now changed approach to just mask the signature part:
Cache
Cache uploading
Cache downloading
Artifact
Artifact uploading
Artifact downloading
### Cache _(old approach)_Cache uploading (old approach)
Cache downloading (old approach)
Artifact (old approach)
Uploading to artifact (old approach)
Downloading from artifact (old approach)
Questions
Discussion outcome was to have duplicate code rather than using a shared utility function in Core, which was the previous approach as indicated via previous commits.
This PR will need a release of: