[Autofill Assistant] Clear field inputs immediately after use.

See bug description for more info.

Bug: b/142454202
Change-Id: Iadebe24cc579502f32db8503e35e262651464ee1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1852087Reviewed-by: Jordan Demeulenaere <jdemeulenaere@chromium.org>
Commit-Queue: Clemens Arbesser <arbesser@google.com>
Cr-Commit-Position: refs/heads/master@{#704583}

components/autofill_assistant/browser/actions/set_form_field_value_action.cc

@@ -238,6 +238,8 @@ void SetFormFieldValueAction::OnGetPassword(int field_index,
 }
 
 void SetFormFieldValueAction::EndAction(const ClientStatus& status) {
+  // Clear immediately, to prevent sensitive information from staying in memory.
+  field_inputs_.clear();
   UpdateProcessedAction(status);
   std::move(process_action_callback_).Run(std::move(processed_action_proto_));
 }

components/autofill_assistant/browser/actions/set_form_field_value_action.h

@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "base/callback.h"
+#include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "components/autofill_assistant/browser/actions/action.h"
@@ -24,6 +25,9 @@ class SetFormFieldValueAction : public Action {
   ~SetFormFieldValueAction() override;
 
  private:
+  FRIEND_TEST_ALL_PREFIXES(SetFormFieldValueActionTest,
+                           PasswordIsClearedFromMemory);
+
   // A field input as extracted from the proto, but already checked for
   // validity.
   struct FieldInput {

components/autofill_assistant/browser/actions/set_form_field_value_action_unittest.cc

@@ -24,7 +24,6 @@ const char kFakePassword[] = "example_password";
 }  // namespace
 
 namespace autofill_assistant {
-namespace {
 
 using ::base::test::RunOnceCallback;
 using ::testing::_;
@@ -222,5 +221,14 @@ TEST_F(SetFormFieldValueActionTest, Fallback) {
   action.ProcessAction(callback_.Get());
 }
 
-}  // namespace
-}  // namespace autofill_assistant
\ No newline at end of file
+TEST_F(SetFormFieldValueActionTest, PasswordIsClearedFromMemory) {
+  auto* value = set_form_field_proto_->add_value();
+  value->set_use_password(true);
+  SetFormFieldValueAction action(&mock_action_delegate_, proto_);
+  ON_CALL(mock_action_delegate_, OnGetFieldValue(_, _))
+      .WillByDefault(RunOnceCallback<1>(true, kFakePassword));
+  action.ProcessAction(callback_.Get());
+  EXPECT_TRUE(action.field_inputs_.empty());
+}
+
+}  // namespace autofill_assistant