Import Data from Safari iOS

[Brandon-T]

Security Review

• https://github.com/brave/reviews/issues/1815

Summary

• Add Password Importer API to Brave-Core and a Swift wrapper around it
• Add History Importer API to Brave-Core and a Swift wrapper around it
• Refactor Bookmarks Import API in Swift to be async-await

Resolves brave/brave-browser#42727

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[github-actions]

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

[kylehickinson]

Quick glance feedback (haven't looked at implementation details yet):

• Needs unit tests
• Everything under ios/browser/api should be Obj-C wrappers, please move all of the actual importer logic to separate directory/directories. Try to match Chromium's directory structure in this regard
• Is it possible to share this logic with desktop so that they can get Safari import via exported zip as well? (Perhaps with a layered component)

[kdenhartog]

Seems that the parser here considers the grammar simple enough that it doesn't require using a memory safe language or separate process.

I believe this the solves for the rule of 2 issue here as well.

[kdenhartog]

in general this seems ok to me, but I think it would be useful for @stoletheminerals to give this one a deeper look.

[mkarolin]

Not clear if we need a header in DEPS files, but for now ++

[thypon]

requires test

[kylehickinson]

Couple more notes

[kylehickinson]

You don't need a table name for all these strings, since its in a separate target

[kylehickinson]

This shouldn't be part of the VStack, it should be in a overlay(alignment: .topTrailing)

[kylehickinson]

It also probably shouldn't be part of the ScrollView

[Brandon-T]

This view doesn't have a scroll-view and isn't embedded in one.

[kylehickinson]

This should be a @StateObject if you're going to create it in the View

[kylehickinson]

As per DM these should all be removed

[kylehickinson]

Doesn't need to be a func, can just be private var mainView: some View

[kylehickinson]

These sheets are explicitly associated with the main view only it seems? Is that correct? If for instance the import state is any causing any of the other views to appear the sheets will be dismissed, should these go on the container view instead?

[kylehickinson]

As Per DM you can't leave one condition empty, need to return the view provided as the closure is a ViewBuilder

[kylehickinson]

EOF newline missing

[kylehickinson]

There's something weird here about creating an entire switch across import states all to display the same View (DataImporterStateView) with almost identical modifiers with the only thing changing is Buttons? You also seem to combine both making this reusable and a "View only" kind of component and also passing in the model which means you're now checking specific things related to the logic of the feature.

Either you should have one view and you only pass in the model and adjust inside directly based on importState, or you don't pass in the model and make sure you can pass in all necessary info from here.

You also probably want to find a way to do this without multiple if-else causing the creation of completely separate views for each state

[Brandon-T]

Switched them all to separate views instead of one shared view.

[kylehickinson]

This final page also doesnt match design

[kylehickinson]

You're already in an async method, just do try await Task.sleep(...) directly in it

[kylehickinson]

Same as above

[github-actions]

[puLL-Merge] - brave/brave-core@26914

Description

This PR adds support for importing Safari data into Brave on iOS. It includes functionality to import bookmarks, browsing history, and passwords from Safari export files, with careful handling of conflicts and data validation. The change also includes a new UI for guiding users through the import process.

Security Hotspots

1. Password handling in safari_password_importer.cc and related files - Ensure passwords are properly encrypted in memory and securely cleared after use
2. File handling in ZipImporter.swift - Check for zip bombs and malicious file paths
3. CSV parsing in csv_safari_password.cc - Validate input to prevent buffer overflows or injection attacks
4. IPC communication in csv_safari_password_parser_service.cc - Ensure proper sandboxing and validation of messages

Changes

Changes

By filename:

New Components:

• components/password_manager/core/browser/import/: New Safari password import infrastructure
  • safari_password_importer.{h,cc}: Core importer implementation
  • csv_safari_password.{h,cc}: CSV file parsing for passwords
  • safari_import_results.{h,cc}: Results handling

iOS Changes:

• ios/brave-ios/Sources/DataImporter/: New iOS UI for data import
  • Added import flow UI components
  • Multi-profile support
  • Error handling and success states
  • Tutorial for users

Build System:

• Updated BUILD.gn files to support new components
• Added dependencies for password importing

sequenceDiagram
    participant User
    participant UI
    participant Importer
    participant CSVParser
    participant Storage

    User->>UI: Initiates import
    UI->>Importer: Import request
    Importer->>CSVParser: Parse Safari export
    CSVParser-->>Importer: Parsed data
    
    alt Has Conflicts
        Importer->>UI: Show conflict resolution
        User->>UI: Resolve conflicts
        UI->>Importer: Resolution choice
    end

    Importer->>Storage: Store imported data
    Storage-->>UI: Import complete
    UI->>User: Show success/failure

Loading