feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)
New standalone scanner (prefix IDE) discovers installed VS Code extensions across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH) and runs 7 IDE-specific threat checks: blocklist match (CRITICAL), theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH), wildcard activation, extension-pack expansion, typosquat (MEDIUM). Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed for v1.1. 22 new tests (1296 total, was 1274). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
parent
7bcf5fae9d
commit
6252e55700
33 changed files with 1849 additions and 20 deletions
10
plugins/llm-security/knowledge/top-jetbrains-plugins.json
Normal file
10
plugins/llm-security/knowledge/top-jetbrains-plugins.json
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"_meta": {
|
||||
"source": "Stub for v1.1 — IntelliJ discovery deferred. See research brief §2, §4.",
|
||||
"count": 0,
|
||||
"last_updated": "2026-04-17",
|
||||
"purpose": "Typosquat detection seed for JetBrains plugins. To be populated in v1.1."
|
||||
},
|
||||
"jetbrains": [],
|
||||
"blocklist": []
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue