[PM-34127] feat: Integrate card scanner with VaultAddEdit by SaintPatrck · Pull Request #6722 · bitwarden/android

SaintPatrck · 2026-03-26T12:32:18Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34127

📔 Objective

Integrate the card scanner with the VaultAddEdit screen:

VaultAddEditViewModel: Collect CardScanManager results, map scanned card data to form fields (number, expiry, CVV, brand detection), and emit focus event for cardholder name input
VaultAddEditScreen: Add "Scan card" button for Card cipher types, gated behind card-scanner-mobile feature flag. After a successful scan, focus the cardholder name field and show the keyboard using DeferredBackgroundEvent to survive lifecycle filtering
VaultAddEditCardItems: New scan card row composable
VaultUnlockedNavigation: Wire CardScanScreen destination and navigation
Camera permission: Reuses existing launcher pattern from QR code scanner

Includes ViewModel and Screen tests for scan result handling, partial scans, feature flag gating, and post-scan focus behavior.

📸 Screenshots

Figma designs (based on iOS)

Permission dialog

Scan flow

Screen_recording_20260402_155715.mp4

github-actions · 2026-03-26T12:33:21Z

Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR integrates the card scanner with the VaultAddEdit screen, adding scan-card button UI gated behind a feature flag, camera permission handling with a settings dialog, card scan result mapping to form fields (number, expiry, CVV, brand detection), and post-scan focus on the cardholder name input. The implementation closely follows the established QR code scanner pattern for navigation, permission handling, and result flow. Card data remains client-side throughout the flow. Test coverage is comprehensive, including ViewModel tests for scan results, partial scans, flag gating, permission states, and Screen tests for UI visibility and focus behavior.

Code Review Details

No findings. The code follows established patterns, handles edge cases well (partial scans preserve existing fields, duplicate scan guard via hasHandledScan, graceful fallback for invalid month values), and includes thorough test coverage.

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModel.kt

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreenTest.kt

github-actions · 2026-03-26T12:38:39Z

Checkmarx One – Scan Summary & Details – d4898213-7837-4ea1-afc5-ae0564ab36dc

New Issues (128)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 154	details The web application's `clearCookies should remove all stored cookie configs` method creates a cookie Cookie, at line 154 of /app/src/test/kotlin/... Attack Vector
2	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 148	details The web application's `clearCookies should remove all stored cookie configs` method creates a cookie Cookie, at line 148 of /app/src/test/kotlin/... Attack Vector
3	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/NetworkCookieManagerTest.kt: 203	details The web application's Lambda method creates a cookie Cookie, at line 203 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/... Attack Vector
4	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/NetworkCookieManagerTest.kt: 229	details The web application's Lambda method creates a cookie Cookie, at line 229 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/network/... Attack Vector
5	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 46	details The web application's `toNetworkCookieList should map multiple cookies correctly` method creates a cookie Cookie, at line 46 of /app/src/test/kot... Attack Vector
6	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 62	details The web application's `toNetworkCookie should map name and value correctly` method creates a cookie Cookie, at line 62 of /app/src/test/kotlin/co... Attack Vector
7	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 45	details The web application's `toNetworkCookieList should map multiple cookies correctly` method creates a cookie Cookie, at line 45 of /app/src/test/kot... Attack Vector
8	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/CookieConfigurationDataExtensionsTest.kt: 31	details The web application's `toNetworkCookieList should map single cookie correctly` method creates a cookie Cookie, at line 31 of /app/src/test/kotlin... Attack Vector
9	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 129	details The web application's `storeCookieConfig with null should not affect other hostnames` method creates a cookie Cookie, at line 129 of /app/src/tes... Attack Vector
10	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 123	details The web application's `storeCookieConfig with null should not affect other hostnames` method creates a cookie Cookie, at line 123 of /app/src/tes... Attack Vector
11	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 103	details The web application's `storeCookieConfig with null should remove stored config` method creates a cookie Cookie, at line 103 of /app/src/test/kotl... Attack Vector
12	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 167	details The web application's Lambda method creates a cookie Cookie, at line 167 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/S... Attack Vector
13	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 168	details The web application's Lambda method creates a cookie Cookie, at line 168 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/S... Attack Vector
14	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 81	details The web application's Lambda method creates a cookie Cookie, at line 81 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/Se... Attack Vector
15	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/ServerCommunicationConfigRepositoryTest.kt: 80	details The web application's Lambda method creates a cookie Cookie, at line 80 of /app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/sdk/Se... Attack Vector
16	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 39	details The web application's `toConfigurationDataCookies should map list of AcquiredCookie to list of Cookie` method creates a cookie Cookie, at line 39... Attack Vector
17	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 12	details The web application's `toAcquiredCookie should map Cookie to AcquiredCookie` method creates a cookie Cookie, at line 12 of /app/src/test/kotlin/c... Attack Vector
18	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 31	details The web application's `toAcquiredCookiesList should map list of Cookie to list of AcquiredCookie` method creates a cookie Cookie, at line 31 of /... Attack Vector
19	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/CookieConfigurationDataExtensionsTest.kt: 32	details The web application's `toAcquiredCookiesList should map list of Cookie to list of AcquiredCookie` method creates a cookie Cookie, at line 32 of /... Attack Vector
20	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 40	details The web application's `toConfigurationDataCookies should map list of AcquiredCookie to list of Cookie` method creates a cookie Cookie, at line 40... Attack Vector
21	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/repository/util/AcquiredCookieExtensionsTest.kt: 20	details The web application's `toConfigurationCookie should map AcquiredCookie to CookieConfigurationData Cookie` method creates a cookie Cookie, at line... Attack Vector
22	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 189	details The web application's `storage should isolate configs by hostname` method creates a cookie Cookie, at line 189 of /app/src/test/kotlin/com/x8bit/... Attack Vector
23	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 180	details The web application's `storage should isolate configs by hostname` method creates a cookie Cookie, at line 180 of /app/src/test/kotlin/com/x8bit/... Attack Vector
24	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 81	details The web application's `storage should handle cookies with multiple values` method creates a cookie Cookie, at line 81 of /app/src/test/kotlin/com... Attack Vector
25	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 85	details The web application's `storage should handle cookies with multiple values` method creates a cookie Cookie, at line 85 of /app/src/test/kotlin/com... Attack Vector
26	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 51	details The web application's `storeCookieConfig should update existing config` method creates a cookie Cookie, at line 51 of /app/src/test/kotlin/com/x8... Attack Vector
27	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 61	details The web application's `storeCookieConfig should update existing config` method creates a cookie Cookie, at line 61 of /app/src/test/kotlin/com/x8... Attack Vector
28	HttpOnly_Cookie_Flag_Not_Set	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/CookieDiskSourceTest.kt: 32	details The web application's `storeCookieConfig should persist config and getCookieConfig should retrieve it` method creates a cookie Cookie, at line 32... Attack Vector
29	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 98	details Method createMockCipherView at line 98 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user in... Attack Vector
30	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/passwordhistory/PasswordHistoryViewModelTest.kt: 203	details Method Lambda at line 203 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/passwordhistory/PasswordHistoryViewModelTest.kt s... Attack Vector
31	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt: 1202	details Method Lambda at line 1202 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt sends user inform... Attack Vector
32	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 429	details Method Lambda at line 429 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
33	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 386	details Method Lambda at line 386 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
34	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 402	details Method Lambda at line 402 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
35	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 334	details Method Lambda at line 334 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
36	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 305	details Method Lambda at line 305 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
37	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 265	details Method Lambda at line 265 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
38	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 237	details Method Lambda at line 237 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
39	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 206	details Method Lambda at line 206 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
40	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 170	details Method Lambda at line 170 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
41	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 110	details Method Lambda at line 110 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest... Attack Vector
42	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 90	details Method Lambda at line 90 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.... Attack Vector
43	Privacy_Violation	/testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.kt: 70	details Method Lambda at line 70 of /testharness/src/test/kotlin/com/bitwarden/testharness/ui/platform/feature/createpassword/CreatePasswordViewModelTest.... Attack Vector
44	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt: 482	details Method Lambda at line 482 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt s... Attack Vector
45	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 585	details Method Lambda at line 585 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
46	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModelTest.kt: 796	details Method `on UnlockClick for password unlock should display error dialog on AuthenticationError` at line 796 of /app/src/test/kotlin/com/x8bit/bitw... Attack Vector
47	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewModelTest.kt: 175	details Method Lambda at line 175 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewM... Attack Vector
48	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 61	details Method Lambda at line 61 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
49	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 61	details Method Lambda at line 61 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
50	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 125	details Method createMockLoginView at line 125 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user in... Attack Vector
51	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAssertionRequestUtil.kt: 12	details Method createMockFido2CredentialAssertionRequest at line 12 of /app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAsser... Attack Vector
52	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 307	details Method Lambda at line 307 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... Attack Vector
53	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 376	details Method Lambda at line 376 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... Attack Vector
54	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 150	details Method `on ApproveAccountChangeClick dialog state should be cleared, user should be switched, and getAuthRequestByIdFlow should be called` at lin... Attack Vector
55	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 675	details Method at line 675 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... Attack Vector
56	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 687	details Method at line 687 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... Attack Vector
57	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 446	details Method Lambda at line 446 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
58	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 330	details Method Lambda at line 330 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
59	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 362	details Method Lambda at line 362 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... Attack Vector
60	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 77	details Method Lambda at line 77 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
61	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 77	details Method Lambda at line 77 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... Attack Vector
62	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/attachments/AttachmentsViewModelTest.kt: 596	details The application uses the hard-coded password "mockId-1" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
63	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 205	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... Attack Vector
64	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/send/addedit/AddEditSendViewModelTest.kt: 573	details The application uses the hard-coded password "some-password" for authentication purposes, either using it to verify users' identities, or to acce... Attack Vector
65	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/rootnav/RootNavViewModelTest.kt: 772	details The application uses the hard-coded password "testPassword123" for authentication purposes, either using it to verify users' identities, or to acc... Attack Vector
66	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1955	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
67	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 2011	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
68	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1252	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector
69	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt: 1162	details The application uses the hard-coded password "mockValue" for authentication purposes, either using it to verify users' identities, or to access an... Attack Vector

More results are available on the CxOne platform

codecov · 2026-03-26T12:38:58Z

Codecov Report

❌ Patch coverage is 64.16667% with 43 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.69%. Comparing base (de47c50) to head (5f9f445).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
.../ui/vault/feature/addedit/VaultAddEditViewModel.kt	73.61%	3 Missing and 16 partials ⚠️
...den/ui/vault/feature/addedit/VaultAddEditScreen.kt	31.81%	13 Missing and 2 partials ⚠️
...i/vault/feature/addedit/VaultAddEditItemContent.kt	28.57%	4 Missing and 1 partial ⚠️
...e/addedit/handlers/VaultAddEditCardTypeHandlers.kt	40.00%	3 Missing ⚠️
...ui/vault/feature/addedit/VaultAddEditNavigation.kt	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6722      +/-   ##
==========================================
+ Coverage   84.85%   85.69%   +0.83%     
==========================================
  Files         844      827      -17     
  Lines       59037    58549     -488     
  Branches     8563     8589      +26     
==========================================
+ Hits        50097    50173      +76     
+ Misses       5958     5376     -582     
- Partials     2982     3000      +18

Flag	Coverage Δ
app-data	`17.48% <0.00%> (-0.04%)`	⬇️
app-ui-auth-tools	`20.38% <0.00%> (-0.05%)`	⬇️
app-ui-platform	`15.27% <0.00%> (-0.04%)`	⬇️
app-ui-vault	`25.96% <64.16%> (+0.07%)`	⬆️
authenticator	`6.55% <0.00%> (-0.02%)`	⬇️
lib-core-network-bridge	`4.31% <0.00%> (+0.06%)`	⬆️
lib-data-ui	`1.03% <0.00%> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

...main/kotlin/com/x8bit/bitwarden/ui/platform/feature/vaultunlocked/VaultUnlockedNavigation.kt

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModelTest.kt

...kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/handlers/VaultAddEditCardTypeHandlers.kt

david-livefront · 2026-04-02T19:47:48Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModel.kt

+        } else {
+            toastManager.show(
+                messageId = BitwardenString
+                    .enable_camera_permission_to_use_the_scanner,


Should this be a Snackbar?

That's a good question. I'll have to check with design. Good catch.

We use a dialog with an option to navigate to settings or dismiss the dialog in other places. That's what happens here now, too.

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModelTest.kt

app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/composition/LocalManagerProvider.kt

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt

Wire the card scanner into the card cipher add/edit flow: - VaultAddEditViewModel: inject CardScanManager, handle scan results, populate card fields with brand-aware CVV validation - VaultAddEditScreen: pass scanner enabled state and click handler - VaultAddEditCardItems: conditionally render Scan Card button - VaultUnlockedNavigation: register card scan route

david-livefront · 2026-04-08T18:38:07Z

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModel.kt

 class CardScanViewModel @Inject constructor(
-    savedStateHandle: SavedStateHandle,
    private val cardScanManager: CardScanManager,
+    savedStateHandle: SavedStateHandle,


What's up with this change?

Another rebase artifact 🤦

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModel.kt

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreenTest.kt

david-livefront · 2026-04-08T18:39:07Z

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModelTest.kt

        CardScanViewModel(
-            savedStateHandle = SavedStateHandle(),
+            savedStateHandle = SavedStateHandle().apply {
+                set("state", initialState)


ui/src/main/kotlin/com/bitwarden/ui/platform/feature/cardscanner/util/CardTextAnalyzerImpl.kt

SaintPatrck added the ai-review-vnext Request a Claude code review using the vNext workflow label Mar 26, 2026

github-actions bot added app:password-manager Bitwarden Password Manager app context t:feature Change Type - Feature Development labels Mar 26, 2026

claude bot reviewed Mar 26, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModel.kt Outdated Show resolved Hide resolved

claude bot reviewed Mar 26, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreenTest.kt Outdated Show resolved Hide resolved

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 583a110 to 7c9d521 Compare March 26, 2026 12:56

claude bot reviewed Mar 26, 2026

View reviewed changes

...main/kotlin/com/x8bit/bitwarden/ui/platform/feature/vaultunlocked/VaultUnlockedNavigation.kt Outdated Show resolved Hide resolved

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 7c9d521 to 204305e Compare March 26, 2026 13:19

SaintPatrck added the innovation Feature work related to Innovation Sprint or BEEEP projects label Mar 27, 2026

david-livefront reviewed Mar 30, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModelTest.kt Outdated Show resolved Hide resolved

SaintPatrck force-pushed the card-scanner/3-card-scan-screen branch from be951b7 to ff88fbb Compare April 1, 2026 14:10

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 204305e to ca82c3b Compare April 1, 2026 14:10

SaintPatrck added the hold do not merge yet label Apr 1, 2026

github-actions bot added the app:authenticator Bitwarden Authenticator app context label Apr 1, 2026

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 21a7f1a to 31ae25f Compare April 1, 2026 18:21

github-actions bot removed the app:authenticator Bitwarden Authenticator app context label Apr 1, 2026

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 31ae25f to cb0433e Compare April 2, 2026 17:34

SaintPatrck marked this pull request as ready for review April 2, 2026 17:34

SaintPatrck requested a review from a team as a code owner April 2, 2026 17:34

SaintPatrck requested a review from david-livefront April 2, 2026 17:34

david-livefront reviewed Apr 2, 2026

View reviewed changes

...kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/handlers/VaultAddEditCardTypeHandlers.kt Outdated Show resolved Hide resolved

david-livefront reviewed Apr 2, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt Outdated Show resolved Hide resolved

david-livefront reviewed Apr 2, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModelTest.kt Show resolved Hide resolved

SaintPatrck force-pushed the card-scanner/3-card-scan-screen branch from eeede50 to d076c37 Compare April 7, 2026 11:23

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from d16f24a to 009a1bc Compare April 7, 2026 11:30

github-actions bot added the app:authenticator Bitwarden Authenticator app context label Apr 7, 2026

SaintPatrck removed the hold do not merge yet label Apr 7, 2026

claude bot reviewed Apr 7, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/composition/LocalManagerProvider.kt Outdated Show resolved Hide resolved

david-livefront reviewed Apr 7, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt Outdated Show resolved Hide resolved

Base automatically changed from card-scanner/3-card-scan-screen to main April 7, 2026 20:00

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 4f8369b to 2b11285 Compare April 7, 2026 20:10

SaintPatrck force-pushed the card-scanner/4-addedit-integration branch from 2b11285 to daa0596 Compare April 7, 2026 20:10

Update camera permission dialog

b712959

david-livefront reviewed Apr 8, 2026

View reviewed changes

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/cardscanner/CardScanViewModel.kt Show resolved Hide resolved

david-livefront reviewed Apr 8, 2026

View reviewed changes

app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreenTest.kt Show resolved Hide resolved

david-livefront reviewed Apr 8, 2026

View reviewed changes

ui/src/main/kotlin/com/bitwarden/ui/platform/feature/cardscanner/util/CardTextAnalyzerImpl.kt Outdated Show resolved Hide resolved

Fixup rebase artifacts

5f9f445

david-livefront approved these changes Apr 8, 2026

View reviewed changes

SaintPatrck added this pull request to the merge queue Apr 9, 2026

Merged via the queue into main with commit 29e73ad Apr 9, 2026
32 checks passed

SaintPatrck deleted the card-scanner/4-addedit-integration branch April 9, 2026 01:52

Conversation

SaintPatrck commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎟️ Tracking

📔 Objective

📸 Screenshots

Figma designs (based on iOS)

Permission dialog

Scan flow

Uh oh!

github-actions bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bitwarden Claude Code Review

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

david-livefront Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

SaintPatrck Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

SaintPatrck Apr 7, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

david-livefront Apr 8, 2026

Choose a reason for hiding this comment

Uh oh!

SaintPatrck Apr 8, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

david-livefront Apr 8, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

SaintPatrck commented Mar 26, 2026 •

edited

Loading

github-actions bot commented Mar 26, 2026 •

edited

Loading

github-actions bot commented Mar 26, 2026 •

edited

Loading

codecov bot commented Mar 26, 2026 •

edited

Loading