feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)

New standalone scanner (prefix IDE) discovers installed VS Code extensions across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH) and runs 7 IDE-specific threat checks: blocklist match (CRITICAL), theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH), wildcard activation, extension-pack expansion, typosquat (MEDIUM). Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed for v1.1. 22 new tests (1296 total, was 1274). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 16:23:35 +02:00 · 2026-04-17 16:23:35 +02:00 · 6252e55700
commit 6252e55700
parent 7bcf5fae9d
33 changed files with 1849 additions and 20 deletions
--- a/plugins/llm-security/knowledge/top-vscode-extensions.json
+++ b/plugins/llm-security/knowledge/top-vscode-extensions.json
@ -0,0 +1,118 @@
+{
+  "_meta": {
+    "source": "VS Code Marketplace 'Most Popular' snapshot 2026-04-17. Manually curated from Marketplace and Koi/ExtensionTotal research.",
+    "count": 100,
+    "last_updated": "2026-04-17",
+    "purpose": "Typosquat detection seed. IDs are lowercase publisher.name."
+  },
+  "vscode": [
+    "ms-python.python",
+    "ms-python.vscode-pylance",
+    "ms-python.debugpy",
+    "esbenp.prettier-vscode",
+    "dbaeumer.vscode-eslint",
+    "ms-azuretools.vscode-docker",
+    "github.copilot",
+    "github.copilot-chat",
+    "github.vscode-pull-request-github",
+    "github.remotehub",
+    "anthropic.claude-code",
+    "ms-vscode.cpptools",
+    "ms-vscode.cpptools-extension-pack",
+    "ms-vscode.cmake-tools",
+    "twxs.cmake",
+    "golang.go",
+    "rust-lang.rust-analyzer",
+    "vadimcn.vscode-lldb",
+    "vscode-icons-team.vscode-icons",
+    "zhuangtongfa.material-theme",
+    "pkief.material-icon-theme",
+    "ritwickdey.liveserver",
+    "redhat.java",
+    "vscjava.vscode-java-pack",
+    "vscjava.vscode-java-debug",
+    "vscjava.vscode-java-test",
+    "vscjava.vscode-maven",
+    "vscjava.vscode-gradle",
+    "ms-vscode-remote.remote-ssh",
+    "ms-vscode-remote.remote-ssh-edit",
+    "ms-vscode-remote.remote-containers",
+    "ms-vscode-remote.remote-wsl",
+    "ms-vscode-remote.vscode-remote-extensionpack",
+    "ms-dotnettools.csharp",
+    "ms-dotnettools.csdevkit",
+    "ms-dotnettools.vscode-dotnet-runtime",
+    "ms-toolsai.jupyter",
+    "ms-toolsai.jupyter-keymap",
+    "ms-toolsai.jupyter-renderers",
+    "ms-toolsai.vscode-jupyter-cell-tags",
+    "ms-toolsai.vscode-jupyter-slideshow",
+    "streetsidesoftware.code-spell-checker",
+    "editorconfig.editorconfig",
+    "codeium.codeium",
+    "continue.continue",
+    "saoudrizwan.claude-dev",
+    "visualstudioexptteam.vscodeintellicode",
+    "visualstudioexptteam.intellicode-api-usage-examples",
+    "bradlc.vscode-tailwindcss",
+    "formulahendry.auto-rename-tag",
+    "formulahendry.auto-close-tag",
+    "wix.vscode-import-cost",
+    "christian-kohler.path-intellisense",
+    "christian-kohler.npm-intellisense",
+    "mhutchie.git-graph",
+    "eamodio.gitlens",
+    "donjayamanne.githistory",
+    "waderyan.gitblame",
+    "ms-vscode.live-server",
+    "ms-vscode.powershell",
+    "ms-vscode.vscode-typescript-next",
+    "ms-vscode.vscode-node-azure-pack",
+    "ms-vscode.makefile-tools",
+    "ms-vscode.hexeditor",
+    "hashicorp.terraform",
+    "hashicorp.hcl",
+    "redhat.vscode-yaml",
+    "redhat.vscode-xml",
+    "tamasfe.even-better-toml",
+    "yzhang.markdown-all-in-one",
+    "davidanson.vscode-markdownlint",
+    "shd101wyy.markdown-preview-enhanced",
+    "yzane.markdown-pdf",
+    "unifiedjs.vscode-mdx",
+    "mechatroner.rainbow-csv",
+    "sonarsource.sonarlint-vscode",
+    "snyk-security.snyk-vulnerability-scanner",
+    "42crunch.vscode-openapi",
+    "humao.rest-client",
+    "rangav.vscode-thunder-client",
+    "ms-kubernetes-tools.vscode-kubernetes-tools",
+    "redhat.vscode-commons",
+    "bmewburn.vscode-intelephense-client",
+    "xdebug.php-debug",
+    "dbaeumer.jshint",
+    "esbenp.vscode-prettier",
+    "svelte.svelte-vscode",
+    "vue.volar",
+    "angular.ng-template",
+    "denoland.vscode-deno",
+    "biomejs.biome",
+    "oven.bun-vscode",
+    "astro-build.astro-vscode",
+    "styled-components.vscode-styled-components",
+    "graphql.vscode-graphql",
+    "graphql.vscode-graphql-syntax",
+    "prisma.prisma",
+    "bigonesystems.django",
+    "ms-azuretools.vscode-azurefunctions",
+    "ms-azuretools.vscode-azureresourcegroups",
+    "amazonwebservices.aws-toolkit-vscode",
+    "googlecloudtools.cloudcode",
+    "orta.vscode-jest",
+    "firsttris.vscode-jest-runner",
+    "vitest.explorer",
+    "ms-playwright.playwright",
+    "cypress-io.vscode-cypress"
+  ],
+  "blocklist": []
+}