Add desktop autotype unittests for windows

[neuronull]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-26023

📔 Objective

The purpose of this PR is to add unit test coverage for the windows implementation of autotype. Specifically, there are errors that can occur in the Win32 API unsafe code, that is not manually testable.

This has a natural side effect of the additional benefit of more cleanly isolating the Win32 API calls into traits.

The file became > 500 lines so I separated it into the constituent modules, one for window title and one for typing input.

Also, after I posted this PR I was looking at the GHA runs and noticed the new unit tests weren't being exercised... I tracked that down and opened up a separate investigation here: #16711

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – d6e74ea1-9fdb-49a3-8fa9-f2780f96fa9d

New Issues (18)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-10585	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... Attack Vector: NETWORK Attack Complexity: LOW ID: HZagGnQvfiwVAoqvnY756LVQGrVR6Rugn3SgvFmh1vM%3D Vulnerable Package
	CVE-2025-10200	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Use After Free in 'ServiceWorker' in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corrupt... Attack Vector: NETWORK Attack Complexity: LOW ID: yDW1FD4fFIc%2F8oy5XTapenRQz7q1fjbQAcxB%2BX6pCRk%3D Vulnerable Package
	CVE-2025-10201	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site ... Attack Vector: NETWORK Attack Complexity: LOW ID: cLmV9fx6z0G9IpF1POuYI4anEpzZQ3GhPJymx8mqdJE%3D Vulnerable Package
	CVE-2025-10500	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Use After Free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW ID: 7WPjoeeJGbE76pMN0kgvXpos7qnw7XKkSmSF96PIY74%3D Vulnerable Package
	CVE-2025-10891	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW ID: nYxgsxKexgHAxbDyEJpMoy%2BfEMSI2SrxssqqmdOEM2U%3D Vulnerable Package
	CVE-2025-10892	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Integer Overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW ID: njnosEMayhOPSk04G9hu52SLq%2B4o%2BGPFiBB5edLLyRQ%3D Vulnerable Package
	CVE-2025-8880	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Race in V8 in Google Chrome through 139.0.7258.126 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: LOW ID: daBUZEOcMJjGlwEslU5Z%2F%2FSKAWjJz1j%2F2E4oXIviLOc%3D Vulnerable Package
	CVE-2025-8882	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to... Attack Vector: NETWORK Attack Complexity: LOW ID: aSDeDIQ2gF9nLIgPaLmniROh%2BbcqYFF2DsRpSrmq1VU%3D Vulnerable Package
	CVE-2025-8901	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Out-of-bounds Write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out-of-bounds memory access via a crafte... Attack Vector: NETWORK Attack Complexity: LOW ID: 7xUo1Y69wHDlzi%2FjcJGFYlgts8o3Zhid1l3zhiC7lCw%3D Vulnerable Package
	CVE-2025-9132	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Out-of-bounds Write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted H... Attack Vector: NETWORK Attack Complexity: LOW ID: iHk31NNlg1NK1bXma%2F1TMydWUMitLPHoSDAcwmlwxUU%3D Vulnerable Package
	CVE-2025-9478	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM... Attack Vector: NETWORK Attack Complexity: LOW ID: jJuODZzudHLtT5i%2Bhn0geLmYoyGKFMVvbzISjj7hO4Y%3D Vulnerable Package
	CVE-2025-9864	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Use After Free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: LOW ID: 2tdVqPswSZ4qlXM6cgExYbMfL32shzvLBcyeNIZ9otU%3D Vulnerable Package
	CVE-2025-9866	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via ... Attack Vector: NETWORK Attack Complexity: LOW ID: casYOl7UO%2F6pMFSzqKliqv1CuBo0a4n7S%2FUB7k27Ck8%3D Vulnerable Package
	CVE-2025-8583	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in Permissions in Google Chrome through 139.0.7258.65 allowed a remote attacker to perform UI spoofing via a crafted H... Attack Vector: NETWORK Attack Complexity: LOW ID: d0uttyOqFs1OX1yfBfWC6FO72Ef%2FXZeR7nJot1GRfqo%3D Vulnerable Package
	CVE-2025-8881	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in sp... Attack Vector: NETWORK Attack Complexity: LOW ID: irHQFsgqatLVJQyb1exmrIieos20ERk%2FOOQP5dnA908%3D Vulnerable Package
	CVE-2025-9865	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in the Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to en... Attack Vector: NETWORK Attack Complexity: LOW ID: DQUB4dTMmRlF66V%2B07JQHfxuPWE4NDGadKW4lRngPXs%3D Vulnerable Package
	CVE-2025-9867	Npm-electron-36.8.1	details Recommended version: 38.2.1 Description: Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a... Attack Vector: NETWORK Attack Complexity: LOW ID: 2Aexvxa0MvApLNoD1tLE2zz0WALmlQ64pjUQxhNs624%3D Vulnerable Package
	Angular_Usage_of_Unsafe_DOM_Sanitizer	/libs/components/src/avatar/avatar.component.ts: 96	details Usage of an unsafe class bypassSecurityTrustResourceUrl, which overrides output sanitization, was found at /libs/components/src/avatar/avatar.comp... ID: p3xM9XJ2b8uXntt84Va4Lt%2BAIkY%3D Attack Vector

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 38.76%. Comparing base (75253c7) to head (9951bca).
⚠️ Report is 46 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16710      +/-   ##
==========================================
- Coverage   38.79%   38.76%   -0.03%     
==========================================
  Files        3394     3406      +12     
  Lines       96440    96673     +233     
  Branches    14468    14533      +65     
==========================================
+ Hits        37413    37479      +66     
- Misses      57394    57556     +162     
- Partials     1633     1638       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud