Merged PR 12442400: Remove the plaintext value of $certPwd for fix the Credential Scanner issue

XinwLi · XinwLi · commit ee80997bf07b · 2025-03-06T03:14:08.000Z
## Pull Request Checklist
### General
- [ ] Are all regression test passed?
- [ ] Are there any test cases that will expose unfixed TDIs or Windows bugs?

### New Test Case
- [ ] Have Design Spec and User Guide been updated?
- [ ] Can all the test cases be loaded and executed by PTM &amp; PTMCli?
- [ ] Can the related changes support multiple platform(Windows, Linux, MacOS)?

### SDK Changes
- [ ] Are all related test suites Regression passed?

----
#### AI description  (iteration 1)
#### PR Classification
Bug fix to address Credential Scanner issue by removing plaintext password.

#### PR Summary
This pull request removes the hardcoded plaintext password `$certPwd` and retrieves it from a configuration file instead.
- `Config-DriverComputer.ps1`: Removed hardcoded `$certPwd` and added retrieval from configuration file.
- `Config-LinuxDriverComputer.ps1`: Removed hardcoded `$certPwd` and added retrieval from configuration file.
- `Config-DriverComputer.ps1` (Server): Removed hardcoded `$certPwd` and added retrieval from configuration file.
&lt;!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --&gt;
diff --git a/TestSuites/FileServer/docs/FileServerUserGuide.md b/TestSuites/FileServer/docs/FileServerUserGuide.md
@@ -707,6 +707,7 @@ To enable the Signing feature on the SUT (**Node01**) computer, perform the step
 
       * If you disabled **SigningRequired** on the SUT computer, set the value of the **IsRequireMessageSigning** property to `false` in the specified ptfconfig file.
 
+
 ###### <a name="5.1.2.2.3.7"/> 5.1.2.2.3.7 Create an SMB Compressed Share
 
 This configuration is used to test the **Compression** feature of an **MS-SMB2** protocol implementation. If **Compression** is not supported in your implementation, please ignore this section.
@@ -750,7 +751,7 @@ To configure SMB over QUIC, perform the steps that follow:
     ```
 4. Export the certificate to a PFX file and import it to the trusted root store:
     ```
-    Copy$pfxPwd = ConvertTo-SecureString -String "Password01!" -Force -AsPlainText
+    $pfxPwd = Read-Host -AsSecureString "Enter the PFX password:"
     Export-PfxCertificate -Cert $currCert -FilePath "QUICCert.pfx" -Password $pfxPwd
     Import-PfxCertificate -FilePath "QUICCert.pfx" -CertStoreLocation Cert:\LocalMachine\Root -Password $pfxPwd
     ```
@@ -775,6 +776,7 @@ The same certificate must be trusted on both the SUT and the Driver computers fo
 
 
 
+
 ##### <a name="5.1.2.3"/> 5.1.2.3 Setup to test DFSC
 
 This configuration is used to test an implementation of the [**MS-DFSC**] protocol. If the distributed file system (**DFS**) is not supported, please ignore this section.
diff --git a/TestSuites/RDP/Client/Setup/Scripts/Config-DriverComputer.ps1 b/TestSuites/RDP/Client/Setup/Scripts/Config-DriverComputer.ps1
@@ -36,6 +36,7 @@ if(Test-Path -Path $settingFile)
     $agentPort          = .\Get-Parameter.ps1 $settingFile agentPort
     $agentRemoteClient  = .\Get-Parameter.ps1 $settingFile agentRemoteClient
     $compressionInTC    = .\Get-Parameter.ps1 $settingFile compressionInTC
+    $certPwd            = .\Get-Parameter.ps1 $settingFile userPwdInTC
     .\Set-Parameter.ps1 $settingFile LogFile $logFile "If no log file path specified, this value should be used."
 }
 else
@@ -170,7 +171,7 @@ else
 {
     $certCN = $driverComputerName
 }
-$certPwd = "Password01!"
+
 $certFileName = $driverComputerName
 
 if (Test-Path -Path "$env:HOMEDRIVE\$certFileName.cer")
diff --git a/TestSuites/RDP/Client/Setup/Scripts/Config-LinuxDriverComputer.ps1 b/TestSuites/RDP/Client/Setup/Scripts/Config-LinuxDriverComputer.ps1
@@ -36,6 +36,7 @@ if(Test-Path -Path $settingFile)
     $agentPort          = ./Get-Parameter.ps1 $settingFile agentPort
     $agentRemoteClient  = ./Get-Parameter.ps1 $settingFile agentRemoteClient
     $compressionInTC    = ./Get-Parameter.ps1 $settingFile compressionInTC
+    $certPwd            = ./Get-Parameter.ps1 $settingFile userPwdInTC
     ./Set-Parameter.ps1 $settingFile LogFile $logFile "If no log file path specified, this value should be used."
 }
 
@@ -168,7 +169,7 @@ else
 {
     $certCN = $driverComputerName
 }
-$certPwd = "Password01!"
+
 $certFileName = $driverComputerName
 
 if (Test-Path -Path "$env:HOMEDRIVE/$certFileName.cer")
diff --git a/TestSuites/RDP/Server/Setup/Scripts/Config-DriverComputer.ps1 b/TestSuites/RDP/Server/Setup/Scripts/Config-DriverComputer.ps1
@@ -36,6 +36,7 @@ if(Test-Path -Path $settingFile)
     $agentPort          = .\Get-Parameter.ps1 $settingFile agentPort
     $agentRemoteClient  = .\Get-Parameter.ps1 $settingFile agentRemoteClient
     $compressionInTC    = .\Get-Parameter.ps1 $settingFile compressionInTC
+    $certPwd            = .\Get-Parameter.ps1 $settingFile userPwdInTC
     .\Set-Parameter.ps1 $settingFile LogFile $logFile "If no log file path specified, this value should be used."
 }
 else
@@ -186,7 +187,7 @@ else
 {
     $certCN = $driverComputerName
 }
-$certPwd = "Password01!"
+
 $certFileName = $driverComputerName
 
 if (Test-Path -Path "$env:HOMEDRIVE\$certFileName.cer")

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ if(Test-Path -Path $settingFile)`
`36`	`36`	`$agentPort = .\Get-Parameter.ps1 $settingFile agentPort`
`37`	`37`	`$agentRemoteClient = .\Get-Parameter.ps1 $settingFile agentRemoteClient`
`38`	`38`	`$compressionInTC = .\Get-Parameter.ps1 $settingFile compressionInTC`
	`39`	`+ $certPwd = .\Get-Parameter.ps1 $settingFile userPwdInTC`
`39`	`40`	`.\Set-Parameter.ps1 $settingFile LogFile $logFile "If no log file path specified, this value should be used."`
`40`	`41`	`}`
`41`	`42`	`else`
`@@ -170,7 +171,7 @@ else`
`170`	`171`	`{`
`171`	`172`	`$certCN = $driverComputerName`
`172`	`173`	`}`
`173`		`-$certPwd = "Password01!"`
	`174`	`+`
`174`	`175`	`$certFileName = $driverComputerName`
`175`	`176`
`176`	`177`	`if (Test-Path -Path "$env:HOMEDRIVE\$certFileName.cer")`