open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/ide-scan.md
Kjell Tore Guttormsen fe0193956d feat(llm-security): /security ide-scan <url> — Marketplace/OpenVSX/direct VSIX (v6.4.0) 
Pre-installation verification of VS Code extensions via URL — fetch a remote
VSIX, extract it in a hardened sandbox, and run the existing IDE scanner
pipeline against it. No npm dependencies.

Sources:
- VS Code Marketplace (publisher.gallery.vsassets.io direct download)
- OpenVSX (open-vsx.org official API)
- Direct .vsix HTTPS URLs

Defenses:
- HTTPS-only, TLS verified, manual redirect with per-source host whitelist
- 30s total timeout via AbortController
- 50MB compressed cap, 500MB uncompressed, 100x expansion ratio
- Zero-dep ZIP extractor: zip-slip, absolute paths, drive letters, NUL bytes,
  symlinks (Unix mode 0xA000), depth limits, ZIP64 rejected, encrypted rejected
- SHA-256 streamed during fetch, surfaced in meta.source
- Temp dir cleanup in all paths (try/finally)

Files:
- scanners/lib/vsix-fetch.mjs (HTTPS fetcher, host whitelist, streaming SHA-256)
- scanners/lib/zip-extract.mjs (zero-dep parser with hardening caps)
- knowledge/marketplace-api-notes.md (endpoint reference)
- 3 test files (48 tests added: vsix-fetch, zip-extract, ide-extension-url)

Tests: 1296 → 1344 (all green).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 17:16:26 +02:00

101 lines
4.4 KiB
Markdown
Raw Blame History

---
name: security:ide-scan
description: Scan installed VS Code / IntelliJ extensions for supply-chain risk, typosquats, obfuscation, and malicious patterns
allowed-tools: Read, Glob, Grep, Bash
model: sonnet
---
# /security ide-scan
Scan installed IDE extensions (VS Code + forks like Cursor/Windsurf/VSCodium/code-server; JetBrains is v1.1 stub).
Runs the IDE scanner plus reused scanners (UNI, ENT, NET, TNT, MEM, SCR) per extension. Offline by default.
## Step 1: Run Scanner
Run the IDE extension scanner:
```
node <this plugin's scanners/ide-extension-scanner.mjs> [target]
```
Arguments (pass through as provided by the user):
- `[target]` — one of:
- omit, `.`, or `all` → discover all installed extensions
- absolute path to an extracted extension directory → single-scan mode
- `https://marketplace.visualstudio.com/items?itemName=<publisher>.<name>` → fetch from VS Code Marketplace
- `https://open-vsx.org/extension/<publisher>/<name>[/<version>]` → fetch from OpenVSX
- `https://example.com/path/foo.vsix` → direct VSIX download (HTTPS only)
- GitHub repo URLs are NOT supported in v6.4.0 (would require build step)
- `--vscode-only` / `--intellij-only` — restrict discovery
- `--include-builtin` — include Microsoft builtin extensions (default: excluded)
- `--online` — enable Marketplace/OSV.dev lookups (opt-in; default: fully offline)
- `--format compact|json` — output format
- `--fail-on <severity>` — exit 1 if findings at/above severity
URL mode notes:
- Hardened ZIP extractor with caps: 50MB compressed, 500MB uncompressed, 100x expansion ratio, 10 000 entries, depth 20.
- Rejects: zip-slip paths, symlink entries, absolute paths, drive letters, encrypted entries, ZIP64.
- TLS verified, HTTPS only, 30s timeout. Cross-host redirects rejected.
- Temp directory always cleaned up (success, error, abort).
- `meta.source` in the envelope contains `{ type: "url", kind, url, finalUrl, sha256, size, publisher, name, version }`.
Parse the JSON output. The result contains:
- `meta.scanner`, `meta.version`, `meta.target`, `meta.extensions_discovered` (per type), `meta.roots_scanned`, `meta.warnings`
- `extensions[]` — per-extension results with `id`, `version`, `type`, `publisher`, `source`, `is_builtin`, `signed`, `scanner_results` (IDE/UNI/ENT/NET/TNT/MEM/SCR), `aggregate` (counts, risk_score, risk_band, verdict), `warnings`
- `aggregate` — top-level counts, risk_score, risk_band, verdict, extensions_total, extensions_blocked, extensions_warning
## Step 2: Format Report
Present the results:
```
# IDE Extension Scan
| Field | Value |
|-------|-------|
| **Scanner** | ide-extension-scanner v[version] |
| **Target** | [target] |
| **Roots** | [comma-separated roots_scanned] |
| **Extensions** | [vscode] VS Code, [jetbrains] JetBrains |
| **Top Verdict** | [ALLOW/WARNING/BLOCK] |
| **Risk** | [risk_score]/100 ([risk_band]) |
| **Duration** | [duration_ms]ms |
## Counts
crit=[N] high=[N] medium=[N] low=[N] info=[N]
## Per-Extension Results
[One row per extension, sorted: BLOCK first, then WARNING, then ALLOW with findings]
| Extension | Version | Source | Verdict | Risk | Top Issue |
|-----------|---------|--------|---------|------|-----------|
Omit ALLOW rows with zero findings unless the user passed `--verbose`.
## Top Findings
[For each extension with verdict != ALLOW, list up to 3 findings as:
- [SEV] [SCANNER]: title — file:line — recommendation]
## Warnings
[Any top-level or per-extension `warnings` entries, if present]
```
## Step 3: Recommendations
- `aggregate.verdict === 'BLOCK'`: "One or more extensions are block-listed. Uninstall immediately — `code --uninstall-extension <id>`."
- `aggregate.verdict === 'WARNING'`: "High/medium findings detected. Review the Top Findings list. Audit suspicious extensions before continuing."
- `aggregate.verdict === 'ALLOW'` and counts.info > 0: "Extensions look clean. Info-level findings are observational only."
- `aggregate.extensions_total === 0`: "No extensions discovered. Run `code --list-extensions` to confirm, or pass a specific path."
If the user has many sideloaded (`source=vsix`) extensions: suggest re-installing from Marketplace where possible.
## Notes
- First run with no `--online` is fully offline.
- JetBrains discovery is deferred to v1.1 (see `knowledge/ide-extension-threat-patterns.md`).
- Pass a single extracted extension directory to scan just one extension.
Reference in a new issue View git blame Copy permalink