[PM-27119] Prevent import card data when ITEM_RESTRICT_TYPES policy is active

[aj-rosado]

🎟️ Tracking

📔 Objective

If the user has active ITEM_RESTRICTION policies.

Will not request card types from other password managers
If the data still contains card data, this will filter the card types out of the import if the importing data

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 1c38eebc-a99c-4a4b-aa69-16ad6dea0ff6

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.96%. Comparing base (d86443c) to head (c24f1fd).
⚠️ Report is 17 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6123      +/-   ##
==========================================
+ Coverage   84.82%   84.96%   +0.13%     
==========================================
  Files         721      737      +16     
  Lines       52824    53069     +245     
  Branches     7667     7664       -3     
==========================================
+ Hits        44808    45090     +282     
+ Misses       5328     5296      -32     
+ Partials     2688     2683       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.99%. Comparing base (510072b) to head (0995f1e).
⚠️ Report is 21 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6123      +/-   ##
==========================================
+ Coverage   84.96%   84.99%   +0.02%     
==========================================
  Files         724      723       -1     
  Lines       52758    52747      -11     
  Branches     7659     7652       -7     
==========================================
+ Hits        44826    44832       +6     
+ Misses       5249     5242       -7     
+ Partials     2683     2673      -10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

Claude finished @aj-rosado's task —— View job

---

Code Review Complete

Summary

Implementation successfully prevents card imports when ITEM_RESTRICT_TYPES policy is active. Defense-in-depth approach (filtering at ViewModel and Manager layers) is sound. Test coverage is comprehensive.

Findings

Finding 1: Unnecessary suppression annotation remains in test file

---

Details

The PR implements a two-layer filtering approach:

1. ViewModel layer (ImportItemsViewModel:129): Prevents requesting card types from credential providers
2. Manager layer (CredentialExchangeImportManagerImpl:105): Filters cards if they appear in import data

This defense-in-depth pattern is appropriate given that credential providers may return cards regardless of request parameters.

Helper method PolicyManager.hasRestrictItemTypes() properly centralizes the policy check logic, avoiding duplication.

Test coverage is thorough with 4 new test cases covering all scenarios including edge case where all ciphers are cards.

---

[david-livefront]

Could the restriction be for a different type?

[aj-rosado]

Right now we only have restrictions for cards and I do not think we have future work to change that.

[david-livefront]

I don't think we need this suppression.

[david-livefront]

Don't need the suppression

[david-livefront]

Don't need the suppression

[david-livefront]

We don't need this suppression

[claude]

⚠️ Finding 1: Unnecessary suppression annotation

The @Suppress("MaxLineLength") annotation is not needed for this test function. The function name length (97 characters) does not violate the max line length rule, which typically applies to code lines, not function names in tests using backticks.

Per david-livefront's review comment, this suppression should be removed.