Bug in Get-TssSecretField: Substring, startIndex cannot be larger than length of string

[rvdginste]

Verified issue does not already exist?

Yes

What error did you receive

Thycotic.PowerShell.Authentication.Session
WARNING: Issue getting field [Password] on secret [1412]
C:\Windows\system32\config\systemprofile\Documents\WindowsPowerShell\Modules\Thycotic.SecretServer\0.61.0\parts\ErrorHa
ndling.ps1 : Exception calling "Substring" with "2" argument(s): "startIndex cannot be larger than length of string.
Parameter name: startIndex"
At C:\Windows\system32\config\systemprofile\Documents\WindowsPowerShell\Modules\Thycotic.SecretServer\0.61.0\functions\
secrets\Get-TssSecretField.ps1:167 char:21
+                     . $ErrorHandling $err
+                     ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (https://secrets...fields/Password:String) [ErrorHandling.ps1], Exception
    + FullyQualifiedErrorId : ResultError,ErrorHandling.ps1

Please run the command using -Verbose

No response

Provide a test case or steps to reproduce

This is happening in a pipeline, and likely something else is going wrong. It is hard to reproduce, but the following PowerShell code is causing the problem (Get-TssSecretField.ps1, line 158):

                    $apiResponse = Invoke-TssApi @invokeParams
                    if (-not $tssParams.ContainsKey('OutFile')) {
						$content = $apiResponse.Content
						$apiResponse.Content = $content.Substring(1,$content.Length-2)
                        . $ProcessResponse $apiResponse
                    }

The content seems to be the empty string and in that case, the code fails. It seems the code was added to remove double quotes at the start and end of the content. (see commit 96480e7)
Is it intentional that the code triggers an error in the case the string $content is empty? Or can the code be made safer by using something like $content.Trim([char]'"'), or checking whether $content is the empty string?

Expected behavior

The code should not trigger an error on substring. The code should be written in a more defensive way and if this is not expected behavior, a better error should be used.

What Edition of Secret Server?

Other

What version of Secret Server

Current GA release

What PowerShell host was used when producing this error

Windows PowerShell (powershell)

PowerShell Host Version

This is using Windows PowerShell 5.1. We used the module inside Azure DevOps pipelines that use an agent that is running on Windows servers. These server do not have PowerShell Core installed and that is the reason why we use 0.61.0.

Note: I do not know the exact version of Secret Server that is used, nor do I know the exact edition of Secret Server that is used.

[rvdginste]

When I see the bug in #336, it looks like you maybe want to deserialize json? Maybe the code can be rewritten to the following?

$apiResponse.Content = $(ConvertFrom-Json -InputObject $apiResponse.Content)