fix: credential leak in placeholder of PW prompt (#3842)

* fix: credential leak in placeholder of PW prompt

Signed-off-by: Trae Yelovich <[email protected]>

* remove jest runner settings from testing

Signed-off-by: Trae Yelovich <[email protected]>

* test: add case to prevent future regressions

Signed-off-by: Trae Yelovich <[email protected]>

---------

Signed-off-by: Trae Yelovich <[email protected]>

Author: traeok

packages/zowe-explorer-api/__tests__/__unit__/vscode/ZoweVsCodeExtension.unit.test.ts

@@ -645,6 +645,35 @@ describe("ZoweVsCodeExtension", () => {
         };
         const onProfileUpdatedEmitter = new vscode.EventEmitter<imperative.IProfileLoaded>();
 
+        it("should not leak the password value in the input box placeholder", async () => {
+            const mockUpdateProperty = jest.fn();
+            jest.spyOn(ZoweVsCodeExtension, "getZoweExplorerApi").mockReturnValueOnce({
+                onProfileUpdated: onProfileUpdatedEmitter.event,
+                onProfileUpdatedEmitter,
+            } as any);
+            jest.spyOn(ZoweVsCodeExtension as any, "profilesCache", "get").mockReturnValue({
+                getLoadedProfConfig: jest.fn().mockReturnValue({
+                    profile: {},
+                }),
+                getProfileInfo: jest.fn().mockReturnValue({
+                    getTeamConfig: jest.fn().mockReturnValue({ properties: { autoStore: true } }),
+                    isSecured: jest.fn().mockReturnValue(true),
+                    updateProperty: mockUpdateProperty,
+                }),
+                refresh: jest.fn(),
+                updateCachedProfile: jest.fn(),
+            });
+            const showInputBoxSpy = jest.spyOn(Gui, "showInputBox").mockResolvedValueOnce("fakeUser").mockResolvedValueOnce("fakePassword");
+            const profileLoaded: imperative.IProfileLoaded = await ZoweVsCodeExtension.updateCredentials(
+                promptCredsOptions,
+                undefined as unknown as Types.IApiRegisterClient
+            );
+            expect(profileLoaded.profile?.password).toBe("fakePassword");
+            expect(showInputBoxSpy).toHaveBeenCalledTimes(2);
+            // The placeholder should not contain the raw password value
+            expect(showInputBoxSpy.mock.calls[1][0].placeHolder).not.toBe("fakePassword");
+        });
+
         it("should update user and password as secure fields", async () => {
             const mockUpdateProperty = jest.fn();
             jest.spyOn(ZoweVsCodeExtension, "getZoweExplorerApi").mockReturnValueOnce({

packages/zowe-explorer/l10n/bundle.l10n.json

@@ -243,42 +243,6 @@
   "Uploading USS files...": "Uploading USS files...",
   "Error uploading files": "Error uploading files",
   "Retrieving response from USS list API": "Retrieving response from USS list API",
-  "The 'move' function is not implemented for this USS API.": "The 'move' function is not implemented for this USS API.",
-  "Failed to move {0}/File path": {
-    "message": "Failed to move {0}",
-    "comment": [
-      "File path"
-    ]
-  },
-  "Profile does not exist for this file.": "Profile does not exist for this file.",
-  "Saving USS file...": "Saving USS file...",
-  "Failed to rename {0}/File path": {
-    "message": "Failed to rename {0}",
-    "comment": [
-      "File path"
-    ]
-  },
-  "Failed to delete {0}/File name": {
-    "message": "Failed to delete {0}",
-    "comment": [
-      "File name"
-    ]
-  },
-  "No error details given": "No error details given",
-  "Error fetching destination {0} for paste action: {1}/USS pathError message": {
-    "message": "Error fetching destination {0} for paste action: {1}",
-    "comment": [
-      "USS path",
-      "Error message"
-    ]
-  },
-  "Failed to copy {0} to {1}/Source pathDestination path": {
-    "message": "Failed to copy {0} to {1}",
-    "comment": [
-      "Source path",
-      "Destination path"
-    ]
-  },
   "Downloaded: {0}/Download time": {
     "message": "Downloaded: {0}",
     "comment": [
@@ -341,6 +305,42 @@
   "initializeUSSFavorites.error.buttonRemove": "initializeUSSFavorites.error.buttonRemove",
   "File does not exist. It may have been deleted.": "File does not exist. It may have been deleted.",
   "Pulling from Mainframe...": "Pulling from Mainframe...",
+  "The 'move' function is not implemented for this USS API.": "The 'move' function is not implemented for this USS API.",
+  "Failed to move {0}/File path": {
+    "message": "Failed to move {0}",
+    "comment": [
+      "File path"
+    ]
+  },
+  "Profile does not exist for this file.": "Profile does not exist for this file.",
+  "Saving USS file...": "Saving USS file...",
+  "Failed to rename {0}/File path": {
+    "message": "Failed to rename {0}",
+    "comment": [
+      "File path"
+    ]
+  },
+  "Failed to delete {0}/File name": {
+    "message": "Failed to delete {0}",
+    "comment": [
+      "File name"
+    ]
+  },
+  "No error details given": "No error details given",
+  "Error fetching destination {0} for paste action: {1}/USS pathError message": {
+    "message": "Error fetching destination {0} for paste action: {1}",
+    "comment": [
+      "USS path",
+      "Error message"
+    ]
+  },
+  "Failed to copy {0} to {1}/Source pathDestination path": {
+    "message": "Failed to copy {0} to {1}",
+    "comment": [
+      "Source path",
+      "Destination path"
+    ]
+  },
   "{0} location/Node type": {
     "message": "{0} location",
     "comment": [

packages/zowe-explorer/l10n/poeditor.json

@@ -706,15 +706,6 @@
   "Uploading USS files...": "",
   "Error uploading files": "",
   "Retrieving response from USS list API": "",
-  "The 'move' function is not implemented for this USS API.": "",
-  "Failed to move {0}": "",
-  "Profile does not exist for this file.": "",
-  "Saving USS file...": "",
-  "Failed to rename {0}": "",
-  "Failed to delete {0}": "",
-  "No error details given": "",
-  "Error fetching destination {0} for paste action: {1}": "",
-  "Failed to copy {0} to {1}": "",
   "Downloaded: {0}": "",
   "Encoding: {0}": "",
   "Binary": "",
@@ -741,6 +732,15 @@
   "initializeUSSFavorites.error.buttonRemove": "",
   "File does not exist. It may have been deleted.": "",
   "Pulling from Mainframe...": "",
+  "The 'move' function is not implemented for this USS API.": "",
+  "Failed to move {0}": "",
+  "Profile does not exist for this file.": "",
+  "Saving USS file...": "",
+  "Failed to rename {0}": "",
+  "Failed to delete {0}": "",
+  "No error details given": "",
+  "Error fetching destination {0} for paste action: {1}": "",
+  "Failed to copy {0} to {1}": "",
   "{0} location": "",
   "Choose a location to create the {0}": "",
   "Name of file or directory": "",

packages/zowe-explorer/src/configuration/Profiles.ts

@@ -608,15 +608,15 @@ export class Profiles extends ProfilesCache {
         const isProfileString = typeof profile === "string";
         const profilename = isProfileString ? profile : profile.name;
         const userInputBoxOptions: vscode.InputBoxOptions = {
-            placeHolder: isProfileString ? vscode.l10n.t(`User Name`) : profile.profile.user,
+            placeHolder: vscode.l10n.t(`User Name`),
             prompt: vscode.l10n.t({
                 message: "Enter the user name for the {0} connection. Leave blank to not store.",
                 args: [profilename],
                 comment: ["Profile name"],
             }),
         };
         const passwordInputBoxOptions: vscode.InputBoxOptions = {
-            placeHolder: isProfileString ? vscode.l10n.t(`Password`) : profile.profile.password,
+            placeHolder: vscode.l10n.t(`Password`),
             prompt: vscode.l10n.t({
                 message: "Enter the password for the {0} connection. Leave blank to not store.",
                 args: [profilename],