open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/tests/scanners/vsix-fetch.test.mjs
Kjell Tore Guttormsen fe0193956d feat(llm-security): /security ide-scan <url> — Marketplace/OpenVSX/direct VSIX (v6.4.0) 
Pre-installation verification of VS Code extensions via URL — fetch a remote
VSIX, extract it in a hardened sandbox, and run the existing IDE scanner
pipeline against it. No npm dependencies.

Sources:
- VS Code Marketplace (publisher.gallery.vsassets.io direct download)
- OpenVSX (open-vsx.org official API)
- Direct .vsix HTTPS URLs

Defenses:
- HTTPS-only, TLS verified, manual redirect with per-source host whitelist
- 30s total timeout via AbortController
- 50MB compressed cap, 500MB uncompressed, 100x expansion ratio
- Zero-dep ZIP extractor: zip-slip, absolute paths, drive letters, NUL bytes,
  symlinks (Unix mode 0xA000), depth limits, ZIP64 rejected, encrypted rejected
- SHA-256 streamed during fetch, surfaced in meta.source
- Temp dir cleanup in all paths (try/finally)

Files:
- scanners/lib/vsix-fetch.mjs (HTTPS fetcher, host whitelist, streaming SHA-256)
- scanners/lib/zip-extract.mjs (zero-dep parser with hardening caps)
- knowledge/marketplace-api-notes.md (endpoint reference)
- 3 test files (48 tests added: vsix-fetch, zip-extract, ide-extension-url)

Tests: 1296 → 1344 (all green).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 17:16:26 +02:00

126 lines
4.6 KiB
JavaScript
Raw Blame History

// vsix-fetch.test.mjs — Unit tests for URL detection + body capping.
import { describe, it } from 'node:test';
import assert from 'node:assert/strict';
import { detectUrlType, __testing } from '../../scanners/lib/vsix-fetch.mjs';
const { isAllowedHost, readBodyCapped, MAX_VSIX_BYTES } = __testing;
describe('detectUrlType', () => {
it('detects VS Code Marketplace URL', () => {
const out = detectUrlType('https://marketplace.visualstudio.com/items?itemName=ms-python.python');
assert.equal(out.type, 'marketplace');
assert.equal(out.publisher, 'ms-python');
assert.equal(out.name, 'python');
});
it('returns unknown for marketplace URL without itemName', () => {
const out = detectUrlType('https://marketplace.visualstudio.com/items');
assert.equal(out.type, 'unknown');
});
it('returns unknown for marketplace itemName without dot', () => {
const out = detectUrlType('https://marketplace.visualstudio.com/items?itemName=foobar');
assert.equal(out.type, 'unknown');
});
it('detects OpenVSX URL with version', () => {
const out = detectUrlType('https://open-vsx.org/extension/anthropic/claude-code/1.2.3');
assert.equal(out.type, 'openvsx');
assert.equal(out.publisher, 'anthropic');
assert.equal(out.name, 'claude-code');
assert.equal(out.version, '1.2.3');
});
it('detects OpenVSX URL without version', () => {
const out = detectUrlType('https://open-vsx.org/extension/anthropic/claude-code');
assert.equal(out.type, 'openvsx');
assert.equal(out.publisher, 'anthropic');
assert.equal(out.name, 'claude-code');
assert.equal(out.version, null);
});
it('detects direct .vsix download', () => {
const out = detectUrlType('https://example.com/path/extension.vsix');
assert.equal(out.type, 'vsix');
});
it('detects GitHub URL as github (unsupported)', () => {
const out = detectUrlType('https://github.com/anthropic/claude-code');
assert.equal(out.type, 'github');
});
it('rejects plain HTTP', () => {
const out = detectUrlType('http://marketplace.visualstudio.com/items?itemName=ms-python.python');
assert.equal(out.type, 'unknown');
});
it('returns unknown for malformed URL', () => {
const out = detectUrlType('not a url');
assert.equal(out.type, 'unknown');
});
it('returns unknown for unrelated HTTPS URL', () => {
const out = detectUrlType('https://example.com/somefile.zip');
assert.equal(out.type, 'unknown');
});
});
describe('isAllowedHost', () => {
it('allows marketplace gallery cdn for marketplace fetches', () => {
assert.equal(isAllowedHost('foo.gallerycdn.vsassets.io', 'marketplace'), true);
assert.equal(isAllowedHost('marketplace.visualstudio.com', 'marketplace'), true);
});
it('rejects unrelated host for marketplace fetches', () => {
assert.equal(isAllowedHost('evil.example.com', 'marketplace'), false);
});
it('allows openvsx blob storage', () => {
assert.equal(isAllowedHost('open-vsx.org', 'openvsx'), true);
assert.equal(isAllowedHost('openvsxorg.blob.core.windows.net', 'openvsx'), true);
});
it('rejects unrelated host for openvsx fetches', () => {
assert.equal(isAllowedHost('evil.example.com', 'openvsx'), false);
});
});
describe('readBodyCapped', () => {
function makeStreamResponse(chunks) {
const stream = new ReadableStream({
start(controller) {
for (const chunk of chunks) controller.enqueue(chunk);
controller.close();
},
});
return new Response(stream);
}
it('reads small body fully and computes SHA-256', async () => {
const data = new TextEncoder().encode('hello world');
const res = makeStreamResponse([data]);
const ctrl = new AbortController();
const out = await readBodyCapped(res, ctrl);
assert.equal(out.size, 11);
assert.equal(out.buffer.toString('utf8'), 'hello world');
// sha256("hello world")
assert.equal(out.sha256, 'b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9');
});
it('aborts when body exceeds MAX_VSIX_BYTES', async () => {
// Stream a small chunk repeated such that total > cap.
const chunkSize = 1024 * 1024;
const chunk = new Uint8Array(chunkSize);
const totalChunks = Math.ceil(MAX_VSIX_BYTES / chunkSize) + 2; // overshoot
const stream = new ReadableStream({
async start(controller) {
for (let i = 0; i < totalChunks; i++) controller.enqueue(chunk);
controller.close();
},
});
const res = new Response(stream);
const ctrl = new AbortController();
await assert.rejects(() => readBodyCapped(res, ctrl), /exceeds maximum size/);
});
});
Reference in a new issue View git blame Copy permalink