[PM-34126] feat: Add card scan screen by SaintPatrck · Pull Request #6721 · bitwarden/android

SaintPatrck · 2026-03-26T11:48:58Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34126

📔 Objective

Add the card scan screen with camera integration for credit card scanning:

CardScanManager: Shared result channel between scanner and consumer, located in ui module (cardscanner/manager/)
CardScanResult: Sealed class wrapping CardScanData for success/error states
CardScanViewModel: State management with duplicate-scan guarding and DeferredBackgroundEvent
CardScanScreen: Composable with camera preview, overlay, and close button
CardScanNavigation: Type-safe route and navigation helper
CardScanner feature flag: Gated behind card-scanner-mobile FlagKey
BitwardenComposeTest: Added cardTextAnalyzer parameter to setContent

Includes ViewModel, Screen, and Manager tests.

📸 Screenshots

github-actions · 2026-03-26T11:49:58Z

Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR adds a new card scan screen with camera integration for credit card scanning, including a ViewModel with duplicate-scan guarding, a shared result channel (CardScanManager), navigation setup, and a feature flag gate. The implementation closely follows the established QrCodeScanScreen pattern with appropriate window-size-based layout switching. Tests cover ViewModel actions/events, manager emission, and screen rendering.

Code Review Details

No actionable findings. The code follows established codebase patterns consistently, including:

ViewModel state/action/event pattern matching BaseViewModel conventions
DeferredBackgroundEvent on NavigateBack to handle scan timing
CompositionLocal-based analyzer injection mirroring QrCodeAnalyzer pattern
Proper sensitive data masking in CardScanData.toString()
Singleton-scoped CardScanManager in VaultManagerModule for cross-screen communication

codecov · 2026-03-26T11:54:24Z

Codecov Report

❌ Patch coverage is 69.42149% with 37 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.97%. Comparing base (ee2401e) to head (82b689a).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
...den/ui/vault/feature/cardscanner/CardScanScreen.kt	60.22%	32 Missing and 3 partials ⚠️
.../ui/vault/feature/cardscanner/CardScanViewModel.kt	92.30%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6721      +/-   ##
==========================================
- Coverage   85.33%   84.97%   -0.36%     
==========================================
  Files         957      841     -116     
  Lines       60714    58952    -1762     
  Branches     8634     8563      -71     
==========================================
- Hits        51808    50097    -1711     
+ Misses       5900     5873      -27     
+ Partials     3006     2982      -24

Flag	Coverage Δ
app-data	`17.52% <0.00%> (-0.06%)`	⬇️
app-ui-auth-tools	`20.42% <0.00%> (-0.38%)`	⬇️
app-ui-platform	`15.30% <0.00%> (-0.68%)`	⬇️
app-ui-vault	`25.88% <66.11%> (-0.49%)`	⬇️
authenticator	`6.56% <0.00%> (-0.04%)`	⬇️
lib-core-network-bridge	`4.25% <0.00%> (-0.05%)`	⬇️
lib-data-ui	`1.03% <5.78%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

github-actions · 2026-03-26T11:55:05Z

Checkmarx One – Scan Summary & Details – e66cde46-bfbe-4ae9-8421-3499e9aeaa2b

New Issues (128)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 154	details The web application's `clearCookies should remove all stored cookie configs` method creates a cookie Cookie, at line 154 of /app/src/test/kotlin/... Attack Vector
2	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 148	details The web application's `clearCookies should remove all stored cookie configs` method creates a cookie Cookie, at line 148 of /app/src/test/kotlin/... Attack Vector
3	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/NetworkCookieManagerTest.kt: 203	details The web application's Lambda method creates a cookie Cookie, at line 203 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/... Attack Vector
4	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/NetworkCookieManagerTest.kt: 229	details The web application's Lambda method creates a cookie Cookie, at line 229 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/... Attack Vector
5	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 46	details The web application's `toNetworkCookieList should map multiple cookies correctly` method creates a cookie Cookie, at line 46 of /app/src/test/kot... Attack Vector
6	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 62	details The web application's `toNetworkCookie should map name and value correctly` method creates a cookie Cookie, at line 62 of /app/src/test/kotlin/co... Attack Vector
7	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 45	details The web application's `toNetworkCookieList should map multiple cookies correctly` method creates a cookie Cookie, at line 45 of /app/src/test/kot... Attack Vector
8	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 31	details The web application's `toNetworkCookieList should map single cookie correctly` method creates a cookie Cookie, at line 31 of /app/src/test/kotlin... Attack Vector
9	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 129	details The web application's `storeCookieConfig with null should not affect other hostnames` method creates a cookie Cookie, at line 129 of /app/src/tes... Attack Vector
10	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 123	details The web application's `storeCookieConfig with null should not affect other hostnames` method creates a cookie Cookie, at line 123 of /app/src/tes... Attack Vector
11	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 103	details The web application's `storeCookieConfig with null should remove stored config` method creates a cookie Cookie, at line 103 of /app/src/test/kotl... Attack Vector
12	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 20	details The web application's `toConfigurationCookie should map AcquiredCookie to CookieConfigurationData Cookie` method creates a cookie Cookie, at line... Attack Vector
13	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 31	details The web application's `toAcquiredCookiesList should map list of Cookie to list of AcquiredCookie` method creates a cookie Cookie, at line 31 of /... Attack Vector
14	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 32	details The web application's `toAcquiredCookiesList should map list of Cookie to list of AcquiredCookie` method creates a cookie Cookie, at line 32 of /... Attack Vector
15	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 12	details The web application's `toAcquiredCookie should map Cookie to AcquiredCookie` method creates a cookie Cookie, at line 12 of /app/src/test/kotlin/c... Attack Vector
16	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 39	details The web application's `toConfigurationDataCookies should map list of AcquiredCookie to list of Cookie` method creates a cookie Cookie, at line 39... Attack Vector
17	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 40	details The web application's `toConfigurationDataCookies should map list of AcquiredCookie to list of Cookie` method creates a cookie Cookie, at line 40... Attack Vector
18	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 156	details The web application's Lambda method creates a cookie Cookie, at line 156 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/S... Attack Vector
19	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 71	details The web application's Lambda method creates a cookie Cookie, at line 71 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/Se... Attack Vector
20	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 72	details The web application's Lambda method creates a cookie Cookie, at line 72 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/Se... Attack Vector
21	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 157	details The web application's Lambda method creates a cookie Cookie, at line 157 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/S... Attack Vector
22	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 180	details The web application's `storage should isolate configs by hostname` method creates a cookie Cookie, at line 180 of /app/src/test/kotlin/com/x8bit/... Attack Vector
23	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 189	details The web application's `storage should isolate configs by hostname` method creates a cookie Cookie, at line 189 of /app/src/test/kotlin/com/x8bit/... Attack Vector
24	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 81	details The web application's `storage should handle cookies with multiple values` method creates a cookie Cookie, at line 81 of /app/src/test/kotlin/com... Attack Vector
25	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 85	details The web application's `storage should handle cookies with multiple values` method creates a cookie Cookie, at line 85 of /app/src/test/kotlin/com... Attack Vector
26	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 51	details The web application's `storeCookieConfig should update existing config` method creates a cookie Cookie, at line 51 of /app/src/test/kotlin/com/x8... Attack Vector
27	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 61	details The web application's `storeCookieConfig should update existing config` method creates a cookie Cookie, at line 61 of /app/src/test/kotlin/com/x8... Attack Vector
28	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 32	details The web application's `storeCookieConfig should persist config and getCookieConfig should retrieve it` method creates a cookie Cookie, at line 32... Attack Vector
29	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 98	details Method createMockCipherView at line 98 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user in... Attack Vector
30	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/passwordhistory/PasswordHistoryViewModelTest.kt: 203	details Method Lambda at line 203 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/passwordhistory/PasswordHistoryViewModelTest.kt s... Attack Vector
31	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt: 1202	details Method Lambda at line 1202 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt sends user inform... Attack Vector
32	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 429	details Method Lambda at line 429 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
33	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 386	details Method Lambda at line 386 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
34	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 402	details Method Lambda at line 402 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
35	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 334	details Method Lambda at line 334 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
36	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 305	details Method Lambda at line 305 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
37	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 265	details Method Lambda at line 265 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
38	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 237	details Method Lambda at line 237 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
39	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 206	details Method Lambda at line 206 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
40	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 170	details Method Lambda at line 170 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
41	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 110	details Method Lambda at line 110 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
42	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 90	details Method Lambda at line 90 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.... Attack Vector
43	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 70	details Method Lambda at line 70 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.... Attack Vector
44	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt: 482	details Method Lambda at line 482 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt s... Attack Vector
45	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 585	details Method Lambda at line 585 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
46	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModelTest.kt: 796	details Method `on UnlockClick for password unlock should display error dialog on AuthenticationError` at line 796 of /app/src/test/kotlin/com/x8bit/bitw... Attack Vector
47	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewModelTest.kt: 175	details Method Lambda at line 175 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewM... Attack Vector
48	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 61	details Method Lambda at line 61 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
49	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 61	details Method Lambda at line 61 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
50	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 125	details Method createMockLoginView at line 125 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user in... Attack Vector
51	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAssertionRequestUtil.kt: 12	details Method createMockFido2CredentialAssertionRequest at line 12 of /app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAsser... Attack Vector
52	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 150	details Method `on ApproveAccountChangeClick dialog state should be cleared, user should be switched, and getAuthRequestByIdFlow should be called` at lin... Attack Vector
53	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 376	details Method Lambda at line 376 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... Attack Vector
54	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 307	details Method Lambda at line 307 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... Attack Vector
55	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 330	details Method Lambda at line 330 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
56	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 675	details Method at line 675 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... Attack Vector
57	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 362	details Method Lambda at line 362 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
58	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 687	details Method at line 687 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... Attack Vector
59	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 446	details Method Lambda at line 446 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
60	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 77	details Method Lambda at line 77 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
61	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 77	details Method Lambda at line 77 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
62	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/attachments/AttachmentsViewModelTest.kt: 596	details The application uses the hard-coded password "mockId-1" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
63	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 205	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... Attack Vector
64	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt: 573	details The application uses the hard-coded password "some-password" for authentication purposes, either using it to verify users' identities, or to acce... Attack Vector
65	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/rootnav/RootNavViewModelTest.kt: 772	details The application uses the hard-coded password "testPassword123" for authentication purposes, either using it to verify users' identities, or to acc... Attack Vector
66	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1955	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
67	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 2011	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
68	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1252	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
69	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1354	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector

More results are available on the CxOne platform

david-livefront · 2026-03-30T20:54:34Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanScreen.kt

+
+    // This screen should always look like it's in dark mode
+    CompositionLocalProvider(
+        LocalBitwardenColorScheme provides darkBitwardenColorScheme,


david-livefront · 2026-03-30T20:54:39Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanScreen.kt

+    CompositionLocalProvider(
+        LocalBitwardenColorScheme provides darkBitwardenColorScheme,
+    ) {
+        StatusBarsAppearanceAffect()


david-livefront · 2026-03-30T20:57:17Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModel.kt

+    }
+
+    private fun handleCameraErrorReceive() {
+        cardScanManager.emitCardScanResult(CardScanResult.ScanError())


Do we need this too?

mutableStateFlow.update { it.copy(hasHandledScan = true) }

No. This is only fired on camera setup failure, so it will only be called once, unlike handleCardScan. Although, hasHandledScan doesn't really need to be in the state. I can make it a member of the ViewModel itself.

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModelTest.kt

david-livefront · 2026-04-02T19:39:09Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModel.kt

+) : BaseViewModel<CardScanState, CardScanEvent, CardScanAction>(
+    initialState = CardScanState,
+) {
+    private var hasHandledScan = false


Can we move this into the state

- Add Closeable to CardTextAnalyzerImpl to release ML Kit native resources - Override toString on CardScanData to mask sensitive fields - Add missing RuPay brand detection test coverage

LocalComposition doesn't provide a lifecycle hook for cleanup, so close() would never be invoked. Removes Closeable to stay consistent with QrCodeAnalyzerImpl.

Add the complete text analysis pipeline for credit card scanning: - CardNumberUtils: sanitize, Luhn validation, brand detection - CardDataParser: interface and implementation for OCR text parsing - CardTextAnalyzer: ML Kit-based camera frame analysis - CardScanOverlay: camera overlay composable - CardScanData: data class for parsed card fields - FakeCardTextAnalyzer: test fixture - LocalProviders: composition local for CardTextAnalyzer

Add the card scanner screen with camera integration: - CardScanManager: shared result channel between scanner and consumer - CardScanViewModel: state management for scan screen - CardScanScreen: composable with camera preview and overlay - CardScanNavigation: route and navigation helper - CardScanner feature flag gated behind card-scanner-mobile

Remove stale cardholderName parameter from test data, simplify ScanError verify to use direct value instead of match lambda, and fix import ordering.

Move hasHandledScan from Parcelable state to a private var since it is internal bookkeeping, not UI state. Update flag key name to pm-34171-card-scanner. Add OmitFromCoverage to navigation, fix minor formatting.

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanScreen.kt

SaintPatrck added the ai-review-vnext Request a Claude code review using the vNext workflow label Mar 26, 2026

github-actions bot added app:password-manager Bitwarden Password Manager app context app:authenticator Bitwarden Authenticator app context t:feature Change Type - Feature Development labels Mar 26, 2026

SaintPatrck added the innovation Feature work related to Innovation Sprint or BEEEP projects label Mar 27, 2026

david-livefront reviewed Mar 30, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModelTest.kt Outdated Show resolved Hide resolved

SaintPatrck force-pushed the card-scanner/3-card-scan-screen branch from be951b7 to ff88fbb Compare April 1, 2026 14:10

claude bot reviewed Apr 1, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModelTest.kt Show resolved Hide resolved

SaintPatrck added the hold do not merge yet label Apr 1, 2026

SaintPatrck requested a review from david-livefront April 2, 2026 17:23

SaintPatrck marked this pull request as ready for review April 2, 2026 17:23

SaintPatrck requested a review from a team as a code owner April 2, 2026 17:23

david-livefront reviewed Apr 2, 2026

View reviewed changes

SaintPatrck force-pushed the card-scanner/2-text-analysis-pipeline branch from 35fa5f1 to 8299421 Compare April 6, 2026 18:29

Base automatically changed from card-scanner/2-text-analysis-pipeline to main April 6, 2026 19:19

SaintPatrck added 7 commits April 7, 2026 07:16

Address code review feedback for card scanner

dca5681

- Add Closeable to CardTextAnalyzerImpl to release ML Kit native resources - Override toString on CardScanData to mask sensitive fields - Add missing RuPay brand detection test coverage

Remove Closeable implementation from CardTextAnalyzerImpl

a58b58c

LocalComposition doesn't provide a lifecycle hook for cleanup, so close() would never be invoked. Removes Closeable to stay consistent with QrCodeAnalyzerImpl.

Address code review feedback for card scan screen

1d7dde7

Remove stale cardholderName parameter from test data, simplify ScanError verify to use direct value instead of match lambda, and fix import ordering.

Simplify CardScanViewModel state and update flag key

167de2c

Move hasHandledScan from Parcelable state to a private var since it is internal bookkeeping, not UI state. Update flag key name to pm-34171-card-scanner. Add OmitFromCoverage to navigation, fix minor formatting.

Move hasHandledScan back into CardScanState

d076c37

SaintPatrck force-pushed the card-scanner/3-card-scan-screen branch from eeede50 to d076c37 Compare April 7, 2026 11:23

SaintPatrck enabled auto-merge April 7, 2026 11:24

SaintPatrck requested a review from david-livefront April 7, 2026 11:24

SaintPatrck removed the hold do not merge yet label Apr 7, 2026

david-livefront reviewed Apr 7, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanScreen.kt Outdated Show resolved Hide resolved

Add window-size-based layout switching to CardScanScreen

82b689a

SaintPatrck requested a review from david-livefront April 7, 2026 19:33

david-livefront approved these changes Apr 7, 2026

View reviewed changes

SaintPatrck added this pull request to the merge queue Apr 7, 2026

Merged via the queue into main with commit de47c50 Apr 7, 2026
32 checks passed

SaintPatrck deleted the card-scanner/3-card-scan-screen branch April 7, 2026 20:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PM-34126] feat: Add card scan screen#6721

[PM-34126] feat: Add card scan screen#6721
SaintPatrck merged 8 commits intomainfrom
card-scanner/3-card-scan-screen

SaintPatrck commented Mar 26, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Mar 26, 2026 •

edited

Loading

Uh oh!

codecov bot commented Mar 26, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Mar 26, 2026 •

edited

Loading

Uh oh!

david-livefront Mar 30, 2026

Uh oh!

david-livefront Mar 30, 2026

Uh oh!

david-livefront Mar 30, 2026

Uh oh!

SaintPatrck Apr 2, 2026

Uh oh!

Uh oh!

Uh oh!

david-livefront Apr 2, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

SaintPatrck commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎟️ Tracking

📔 Objective

📸 Screenshots

Uh oh!

github-actions bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bitwarden Claude Code Review

Uh oh!

codecov bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

david-livefront Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

david-livefront Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

david-livefront Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

SaintPatrck Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

david-livefront Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

SaintPatrck commented Mar 26, 2026 •

edited

Loading

github-actions bot commented Mar 26, 2026 •

edited

Loading

codecov bot commented Mar 26, 2026 •

edited

Loading

github-actions bot commented Mar 26, 2026 •

edited

Loading