Unable to pass Secure String to CV Type Into activity - ST-SEC-009

News Knowledge Base
1

Unable to Publish/Run a UiPath Studio process due to "Potential SecureString misusage detected in activity CV Type Into - InputBox, property" error message. How to workaround the error message received when using a secure string into a CV type into activity?

Issue Description

In automation scenarios where target applications do not properly expose selectors, Computer Vision (CV) activities are utilized as a fallback method. These activities depend on the screen image to identify areas for action execution. However, automation developers might encounter an error when using a secure string within specific CV activities like CV Type Into.

Error Message
The error message displayed is: “Potential SecureString misusage detected in activity CV Type Into - InputBox, property”.

ErrorImage1.jpg

Root Cause

Secure string variables offer enhanced security by attempting to prevent sensitive data from being stored in process memory as plain text. They are typically used in password fields. Nevertheless, UiPath Studio’s CV activities cannot recognize UiElements selectors, making it impossible to discern whether a field is a password input or a standard text input.
This limitation triggers an error message, prompting a verification and confirmation process for actions by developers.

Additional Clarification
The CV Type Into activity is capable of handling secure strings securely.
The activity ensures that the data remains encrypted and is not displayed as plain text during the process execution.

SecureHandle.jpg


Resolution

The following workarounds are listed in order of specificity.

  1. Disable the Rule for Computer Vision: To exclude computer vision from the rule.

  • Navigate to UiPath Studio > Design Tab > Project Panel.

  • Click on the gear icon to open Project Settings.

  • Click on the Workflow Analyzer section.

  • Search for “ST-SEC-009” and select the rule.

  • In the “Exclude Activities” field, type “UiPath.CV.Activities”.

  • Click the “OK” button.

    WK11.jpg

  1. Edit the ST-SEC-009 Rule Action: To change the rule’s action level and allow the process to be published or executed without error interruptions.

  • Follow the steps outlined in the first workaround to open the Workflow Analyzer settings.

  • Locate “ST-SEC-009” and edit the Default Action from "Error" to “Warning” or “Information”.

  • Click the “OK” button.

    WK2.jpg

  1. Disable the ST-SEC-009 rule: This setting applies to the entire currently open project.

  • Follow the steps outlined in the first workaround to open the Workflow Analyzer settings.

  • Search for “ST-SEC-009” and select the rule.

  • Uncheck the left side checkbox for the “ST-SEC-009” rule.

  • Click the “OK” button.

    WK3.jpg

  1. Disable Workflow Analyzer at the Studio Level: The Workflow Analyzer ensures projects meet high standards, to disable enforcement.

  • Go to Studio Backstage View > Settings > Design.

  • Turn off the toggles for Enforce Analyzer before Run and Enforce Analyzer before Push/Check-in.

    WK4.jpg