PSInvalidCastException should not display the value to be cast when target type is a secure string #19375
Description
Prerequisites
- Write a descriptive title.
- Make sure you are able to repro it on the latest released version
- Search the existing issues.
- Refer to the FAQ.
- Refer to Differences between Windows PowerShell 5.1 and PowerShell.
Steps to reproduce
If you have a template parameter with a secure string type and you accidentally pass a plain string, on the command line, that string is prnted in the error text. Since you know it's a secure string, it shoud not be printed in the error
Example 1:
PS C:\> ConvertFrom-SecureString "p@assw0rd"
ConvertFrom-SecureString: Cannot bind parameter 'SecureString'. Cannot convert the "p@assw0rd" value of type "System.String" to type "System.Security.SecureString"Example 2:
PS> New-AzResourceGroupDeployment -ResourceGroupName MyRG -Name MyDeployment -TemplateParameterFile .\mytemplate.parameters.json -TemplateFile .\mytemplate.json -domainPassword $PlainString -Whatif
# Template file contains parameter:
# "domainPassword": {
# "type": "securestring"
# }
New-AzResourceGroupDeployment: Cannot bind parameter 'domainPassword'. Cannot convert the "p@assw0rd" value of type "System.String" to type "System.Security.SecureString".
# the value of "p@ssw0rd" should not be revealed.Originally reported by @dbaileyut in Azure/azure-powershell#21250
Expected behavior
the value of "p@ssw0rd" should not be revealed.Actual behavior
the value of "p@ssw0rd" was leaked to console.Error details
No response
Environment data
Name Value
---- -----
PSVersion 7.3.3
PSEdition Core
GitCommitId 7.3.3
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Visuals
No response