Move ConnectionInfo.Password to use SecureString. Only decrypt when required for connecting. Update tests to skip tests of password values where necessary.

mRemoteNGTests/Config/CredentialHarvesterTests.cs

@@ -19,7 +19,7 @@ public class CredentialHarvesterTests
     private CredentialHarvester _credentialHarvester;
     private ICryptographyProvider _cryptographyProvider;
     private SecureString _key;
-
+    private SecureString _password = "mypass".ConvertToSecureString();
     [SetUp]
     public void Setup()
     {
@@ -31,7 +31,7 @@ public class CredentialHarvesterTests
     [Test]
     public void HarvestsUsername()
     {
-        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = "mypass" };
+        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = _password };
         var xdoc = CreateTestData(connection);
         var credentials = _credentialHarvester.Harvest(xdoc, _key);
         Assert.That(credentials.Single().Username, Is.EqualTo(connection.Username));
@@ -40,7 +40,7 @@ public class CredentialHarvesterTests
     [Test]
     public void HarvestsDomain()
     {
-        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = "mypass" };
+        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = _password };
         var xdoc = CreateTestData(connection);
         var credentials = _credentialHarvester.Harvest(xdoc, _key);
         Assert.That(credentials.Single().Domain, Is.EqualTo(connection.Domain));
@@ -49,10 +49,10 @@ public class CredentialHarvesterTests
     [Test]
     public void HarvestsPassword()
     {
-        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = "mypass" };
+        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = _password };
         var xdoc = CreateTestData(connection);
         var credentials = _credentialHarvester.Harvest(xdoc, _key);
-        Assert.That(credentials.Single().Password.ConvertToUnsecureString(), Is.EqualTo(connection.Password));
+        Assert.That(credentials.Single().Password.ConvertToUnsecureString(), Is.EqualTo(connection.Password.ConvertToUnsecureString()));
     }
 
     [Test]
@@ -91,7 +91,7 @@ public class CredentialHarvesterTests
     [Test]
     public void CredentialMapCorrectForSingleCredential()
     {
-        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = "mypass" };
+        var connection = new ConnectionInfo { Username = "myuser", Domain = "somedomain", Password = _password };
         var connectionGuid = Guid.Parse(connection.ConstantID);
         var xdoc = CreateTestData(connection);
         _credentialHarvester.Harvest(xdoc, _key);

mRemoteNGTests/Config/Serializers/ConnectionSerializers/Csv/CsvConnectionsDeserializerMremotengFormatTests.cs

@@ -73,7 +73,7 @@ namespace mRemoteNGTests.Config.Serializers.ConnectionSerializers.Csv
                 Icon = "SomeIcon",
                 Panel = "SomePanel",
                 Username = "SomeUsername",
-                Password = "SomePassword",
+                Password = "SomePassword".ConvertToSecureString(),
                 Domain = "SomeDomain",
                 Hostname = "SomeHostname",
                 PuttySession = "SomePuttySession",
@@ -168,6 +168,9 @@ namespace mRemoteNGTests.Config.Serializers.ConnectionSerializers.Csv
 
                 foreach (var property in properties)
                 {
+                    if (property.Name == "Password")
+                        continue;
+
                     testCases.Add(
                         new TestCaseData(property.Name)
                         .Returns(property.GetValue(testConnectionInfo)));

mRemoteNGTests/Config/Serializers/ConnectionSerializers/Csv/CsvConnectionsSerializerMremotengFormatTests.cs

@@ -113,7 +113,7 @@ public class CsvConnectionsSerializerMremotengFormatTests
         Assert.That(csv, Does.Match(container.Name));
         Assert.That(csv, Does.Match(container.Username));
         Assert.That(csv, Does.Match(container.Domain));
-        Assert.That(csv, Does.Match(container.Password));
+        Assert.That(csv, Does.Match(container.Password?.ConvertToUnsecureString()));
         Assert.That(csv, Does.Contain(TreeNodeType.Container.ToString()));
     }
 
@@ -128,7 +128,7 @@ public class CsvConnectionsSerializerMremotengFormatTests
             .First(s => s.Contains(serializationTarget.Name));
         Assert.That(lineWithFolder3, Does.Contain(serializationTarget.Username));
         Assert.That(lineWithFolder3, Does.Contain(serializationTarget.Domain));
-        Assert.That(lineWithFolder3, Does.Contain(serializationTarget.Password));
+        Assert.That(lineWithFolder3, Does.Contain(serializationTarget.Password?.ConvertToUnsecureString()));
     }
 
     private ConnectionInfo BuildConnectionInfo()
@@ -138,7 +138,7 @@ public class CsvConnectionsSerializerMremotengFormatTests
             Name = ConnectionName,
             Username = Username,
             Domain = Domain,
-            Password = Password,
+            Password = Password?.ConvertToSecureString(),
             Inheritance = { Colors = true }
         };
     }
@@ -150,7 +150,7 @@ public class CsvConnectionsSerializerMremotengFormatTests
             Name = "MyFolder",
             Username = "BlahBlah1",
             Domain = "aklkskkksh8",
-            Password = "qweraslkdjf87"
+            Password = "qweraslkdjf87".ConvertToSecureString()
         };
     }
 }

mRemoteNGTests/Config/Serializers/MiscSerializers/PuttyConnectionManagerDeserializerTests.cs

@@ -3,6 +3,7 @@ using mRemoteNG.Config.Serializers.MiscSerializers;
 using mRemoteNG.Connection;
 using mRemoteNG.Connection.Protocol;
 using mRemoteNG.Container;
+using mRemoteNG.Security;
 using mRemoteNGTests.Properties;
 using NUnit.Framework;
 
@@ -99,7 +100,7 @@ public class PuttyConnectionManagerDeserializerTests
     public void ConnectionPasswordImported()
     {
         var connection = GetSshConnection();
-        Assert.That(connection.Password, Is.EqualTo(ExpectedConnectionPassword));
+        Assert.That(connection.Password?.ConvertToUnsecureString(), Is.EqualTo(ExpectedConnectionPassword));
     }
 
     private ConnectionInfo GetSshConnection()

mRemoteNGTests/Connection/AbstractConnectionInfoDataTests.cs

@@ -4,6 +4,7 @@ using mRemoteNG.Connection.Protocol;
 using mRemoteNG.Connection.Protocol.Http;
 using mRemoteNG.Connection.Protocol.RDP;
 using mRemoteNG.Connection.Protocol.VNC;
+using mRemoteNG.Security;
 using NUnit.Framework;
 
 
@@ -93,7 +94,7 @@ public class AbstractConnectionInfoDataTests
     {
         var wasCalled = false;
         _testAbstractConnectionInfoData.PropertyChanged += (sender, args) => wasCalled = true;
-        _testAbstractConnectionInfoData.Password = "a";
+        _testAbstractConnectionInfoData.Password = "a".ConvertToSecureString();
         Assert.That(wasCalled, Is.True);
     }
 

mRemoteNGTests/Connection/DefaultConnectionInfoTests.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Reflection;
 using mRemoteNG.Connection;
 using mRemoteNGTests.TestHelpers;
@@ -51,6 +52,14 @@ namespace mRemoteNGTests.Connection
 
 			var valueInSource = property.GetValue(DefaultConnectionInfo.Instance)?.ToString();
 			var valueInDestination = saveTarget.GetType().GetProperty(property.Name)?.GetValue(saveTarget)?.ToString();
+            try
+            {
+                Assert.That(valueInDestination, Is.EqualTo(valueInSource));
+            }
+            catch (AssertionException)
+            {
+                Console.WriteLine($"Assertion Failed: Parameter {property.Name}");                
+            }
             Assert.That(valueInDestination, Is.EqualTo(valueInSource));
         }
 

mRemoteNGTests/IntegrationTests/XmlSerializationLifeCycleTests.cs

@@ -115,6 +115,9 @@ namespace mRemoteNGTests.IntegrationTests
             var sb = new StringBuilder();
             foreach (var property in originalConnectionInfo.GetSerializableProperties())
             {
+                if (property.Name == nameof(ConnectionInfo.Password))
+                    continue;
+
                 var originalValue = property.GetValue(originalConnectionInfo);
                 var deserializedValue = property.GetValue(deserializedConnectionInfo);
                 if (originalValue.Equals(deserializedValue))
@@ -143,6 +146,9 @@ namespace mRemoteNGTests.IntegrationTests
             var sb = new StringBuilder();
             foreach (var property in originalConnectionInfo.Inheritance.GetProperties())
             {
+                if (property.Name == nameof(originalConnectionInfo.Password))
+                    continue;
+
                 var originalValue = property.GetValue(originalConnectionInfo.Inheritance);
                 var deserializedValue = property.GetValue(deserializedConnectionInfo.Inheritance);
 

mRemoteNGTests/TestHelpers/ConnectionTreeModelBuilder.cs

@@ -1,5 +1,6 @@
 using mRemoteNG.Connection;
 using mRemoteNG.Container;
+using mRemoteNG.Security;
 using mRemoteNG.Tree;
 using mRemoteNG.Tree.Root;
 
@@ -22,8 +23,8 @@ namespace mRemoteNGTests.TestHelpers
         {
             var model = new ConnectionTreeModel();
             var root = new RootNodeInfo(RootNodeType.Connection);
-            var folder1 = new ContainerInfo { Name = "folder1", Username = "user1", Domain = "domain1", Password = "password1" };
-            var folder2 = new ContainerInfo { Name = "folder2", Username = "user2", Domain = "domain2", Password = "password2" };
+            var folder1 = new ContainerInfo { Name = "folder1", Username = "user1", Domain = "domain1", Password = "password1".ConvertToSecureString() };
+            var folder2 = new ContainerInfo { Name = "folder2", Username = "user2", Domain = "domain2", Password = "password2".ConvertToSecureString() };
             var folder3 = new ContainerInfo
             {
                 Name = "folder3",
@@ -34,8 +35,8 @@ namespace mRemoteNGTests.TestHelpers
                     Password = true
                 }
             };
-            var con1 = new ConnectionInfo { Name = "Con1", Username = "user1", Domain = "domain1", Password = "password1" };
-            var con2 = new ConnectionInfo { Name = "Con2", Username = "user2", Domain = "domain2", Password = "password2" };
+            var con1 = new ConnectionInfo { Name = "Con1", Username = "user1", Domain = "domain1", Password = "password1".ConvertToSecureString() };
+            var con2 = new ConnectionInfo { Name = "Con2", Username = "user2", Domain = "domain2", Password = "password2".ConvertToSecureString() };
             var con3 = new ContainerInfo
             {
                 Name = "con3",

mRemoteNGTests/Tools/ExternalToolsArgumentParserTests.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections;
 using mRemoteNG.Connection;
+using mRemoteNG.Security;
 using mRemoteNG.Tools;
 using NUnit.Framework;
 
@@ -28,7 +29,7 @@ namespace mRemoteNGTests.Tools
                 Hostname = TestString,
                 Port = Port,
                 Username = TestString,
-                Password = TestString,
+                Password = TestString.ConvertToSecureString(),
                 Domain = TestString,
                 Description = TestString,
                 MacAddress = TestString,