@trailofbits/vsix-audit 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -32
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +9 -242
- package/dist/cli.js.map +1 -1
- package/dist/formatters.d.ts +63 -0
- package/dist/formatters.d.ts.map +1 -0
- package/dist/formatters.js +268 -0
- package/dist/formatters.js.map +1 -0
- package/dist/scanner/bundler.d.ts +1 -2
- package/dist/scanner/bundler.d.ts.map +1 -1
- package/dist/scanner/bundler.js +12 -9
- package/dist/scanner/bundler.js.map +1 -1
- package/dist/scanner/cache.d.ts +10 -0
- package/dist/scanner/cache.d.ts.map +1 -1
- package/dist/scanner/cache.js +29 -1
- package/dist/scanner/cache.js.map +1 -1
- package/dist/scanner/capabilities.d.ts.map +1 -1
- package/dist/scanner/capabilities.js +26 -18
- package/dist/scanner/capabilities.js.map +1 -1
- package/dist/scanner/checks/ast.d.ts.map +1 -1
- package/dist/scanner/checks/ast.js +21 -41
- package/dist/scanner/checks/ast.js.map +1 -1
- package/dist/scanner/checks/ioc.d.ts.map +1 -1
- package/dist/scanner/checks/ioc.js +18 -8
- package/dist/scanner/checks/ioc.js.map +1 -1
- package/dist/scanner/checks/ioc.test.js +80 -0
- package/dist/scanner/checks/ioc.test.js.map +1 -1
- package/dist/scanner/checks/obfuscation.d.ts.map +1 -1
- package/dist/scanner/checks/obfuscation.js +11 -12
- package/dist/scanner/checks/obfuscation.js.map +1 -1
- package/dist/scanner/checks/package.d.ts.map +1 -1
- package/dist/scanner/checks/package.js +15 -1
- package/dist/scanner/checks/package.js.map +1 -1
- package/dist/scanner/checks/package.test.js +5 -1
- package/dist/scanner/checks/package.test.js.map +1 -1
- package/dist/scanner/checks/telemetry.d.ts +6 -0
- package/dist/scanner/checks/telemetry.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.js +470 -0
- package/dist/scanner/checks/telemetry.js.map +1 -0
- package/dist/scanner/checks/telemetry.test.d.ts +2 -0
- package/dist/scanner/checks/telemetry.test.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.test.js +583 -0
- package/dist/scanner/checks/telemetry.test.js.map +1 -0
- package/dist/scanner/checks/yara.d.ts +2 -5
- package/dist/scanner/checks/yara.d.ts.map +1 -1
- package/dist/scanner/checks/yara.js +112 -69
- package/dist/scanner/checks/yara.js.map +1 -1
- package/dist/scanner/checks/yara.test.js +1 -10
- package/dist/scanner/checks/yara.test.js.map +1 -1
- package/dist/scanner/download.d.ts +0 -5
- package/dist/scanner/download.d.ts.map +1 -1
- package/dist/scanner/download.js +94 -86
- package/dist/scanner/download.js.map +1 -1
- package/dist/scanner/download.test.js +1 -16
- package/dist/scanner/download.test.js.map +1 -1
- package/dist/scanner/index.d.ts +4 -3
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +83 -49
- package/dist/scanner/index.js.map +1 -1
- package/dist/scanner/loaders/zoo.d.ts.map +1 -1
- package/dist/scanner/loaders/zoo.js +35 -1
- package/dist/scanner/loaders/zoo.js.map +1 -1
- package/dist/scanner/types.d.ts +45 -29
- package/dist/scanner/types.d.ts.map +1 -1
- package/dist/scanner/types.js +1 -1
- package/dist/scanner/types.js.map +1 -1
- package/dist/scanner/utils.d.ts +26 -4
- package/dist/scanner/utils.d.ts.map +1 -1
- package/dist/scanner/utils.js +59 -13
- package/dist/scanner/utils.js.map +1 -1
- package/dist/scanner/vsix.d.ts +6 -0
- package/dist/scanner/vsix.d.ts.map +1 -1
- package/dist/scanner/vsix.js +60 -24
- package/dist/scanner/vsix.js.map +1 -1
- package/dist/scanner/vsix.test.js +240 -3
- package/dist/scanner/vsix.test.js.map +1 -1
- package/package.json +1 -1
- package/zoo/signatures/yara/README.md +7 -4
- package/zoo/telemetry/known-services.txt +27 -0
|
@@ -82,13 +82,45 @@ function parseWalletFile(content) {
|
|
|
82
82
|
}
|
|
83
83
|
return result;
|
|
84
84
|
}
|
|
85
|
+
/**
|
|
86
|
+
* Parse telemetry services file format: SERVICE_NAME CATEGORY DOMAIN1,DOMAIN2,...
|
|
87
|
+
* Returns a map from domain to service info for fast lookup.
|
|
88
|
+
*/
|
|
89
|
+
function parseTelemetryServices(content) {
|
|
90
|
+
const result = new Map();
|
|
91
|
+
const validCategories = new Set(["analytics", "crash-reporting", "apm"]);
|
|
92
|
+
for (const line of content.split("\n")) {
|
|
93
|
+
const trimmed = line.trim();
|
|
94
|
+
if (!trimmed || trimmed.startsWith("#"))
|
|
95
|
+
continue;
|
|
96
|
+
// Format: SERVICE_NAME CATEGORY DOMAIN1,DOMAIN2,...
|
|
97
|
+
// Use regex to split on 2+ whitespace to handle multi-word service names
|
|
98
|
+
const parts = trimmed.split(/\s{2,}/);
|
|
99
|
+
if (parts.length < 3)
|
|
100
|
+
continue;
|
|
101
|
+
const name = parts[0];
|
|
102
|
+
const category = parts[1];
|
|
103
|
+
const domainsStr = parts[2];
|
|
104
|
+
if (!name || !validCategories.has(category) || !domainsStr)
|
|
105
|
+
continue;
|
|
106
|
+
const domains = domainsStr.split(",").map((d) => d.trim().toLowerCase());
|
|
107
|
+
const serviceInfo = { name, category, domains };
|
|
108
|
+
// Map each domain to this service for fast lookup
|
|
109
|
+
for (const domain of domains) {
|
|
110
|
+
if (domain) {
|
|
111
|
+
result.set(domain, serviceInfo);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
return result;
|
|
116
|
+
}
|
|
85
117
|
let cachedZooData;
|
|
86
118
|
export async function loadZooData() {
|
|
87
119
|
if (cachedZooData) {
|
|
88
120
|
return cachedZooData;
|
|
89
121
|
}
|
|
90
122
|
const zooRoot = await findZooRoot();
|
|
91
|
-
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent,] = await Promise.all([
|
|
123
|
+
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent, telemetryContent,] = await Promise.all([
|
|
92
124
|
readFile(join(zooRoot, "blocklist", "extensions.json"), "utf8"),
|
|
93
125
|
readFile(join(zooRoot, "iocs", "hashes.txt"), "utf8"),
|
|
94
126
|
readFile(join(zooRoot, "iocs", "c2-domains.txt"), "utf8"),
|
|
@@ -96,6 +128,7 @@ export async function loadZooData() {
|
|
|
96
128
|
readFile(join(zooRoot, "iocs", "malicious-npm.txt"), "utf8"),
|
|
97
129
|
readFile(join(zooRoot, "iocs", "wallets.txt"), "utf8"),
|
|
98
130
|
readFile(join(zooRoot, "iocs", "blockchain-extensions.txt"), "utf8"),
|
|
131
|
+
readFile(join(zooRoot, "telemetry", "known-services.txt"), "utf8").catch(() => ""),
|
|
99
132
|
]);
|
|
100
133
|
const blocklistFile = JSON.parse(blocklistContent);
|
|
101
134
|
cachedZooData = {
|
|
@@ -106,6 +139,7 @@ export async function loadZooData() {
|
|
|
106
139
|
maliciousNpmPackages: parseIOCFile(npmContent, (pkg) => pkg.toLowerCase()),
|
|
107
140
|
wallets: parseWalletFile(walletsContent),
|
|
108
141
|
blockchainAllowlist: parseIOCFile(blockchainContent, (extId) => extId),
|
|
142
|
+
telemetryServices: parseTelemetryServices(telemetryContent),
|
|
109
143
|
};
|
|
110
144
|
return cachedZooData;
|
|
111
145
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,
|
|
1
|
+
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAoB,CAAC,WAAW,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IAE5F,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sDAAsD;QACtD,yEAAyE;QACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAsB,CAAC;QAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5B,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU;YAAE,SAAS;QAErE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACzE,MAAM,WAAW,GAAyB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAEtE,kDAAkD;QAClD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EACjB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACzD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,2BAA2B,CAAC,EAAE,MAAM,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,oBAAoB,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;KACnF,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAkB,CAAC;IAEpE,aAAa,GAAG;QACd,SAAS,EAAE,aAAa,CAAC,UAAU;QACnC,MAAM,EAAE,YAAY,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAC3C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD;QACD,OAAO,EAAE,YAAY,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACrF,GAAG,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC/E,oBAAoB,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC1E,OAAO,EAAE,eAAe,CAAC,cAAc,CAAC;QACxC,mBAAmB,EAAE,YAAY,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC;QACtE,iBAAiB,EAAE,sBAAsB,CAAC,gBAAgB,CAAC;KAC5D,CAAC;IAEF,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
package/dist/scanner/types.d.ts
CHANGED
|
@@ -1,51 +1,55 @@
|
|
|
1
1
|
export type Severity = "low" | "medium" | "high" | "critical";
|
|
2
2
|
export type Registry = "marketplace" | "openvsx" | "cursor";
|
|
3
|
+
export declare const MODULE_NAMES: readonly ["package", "obfuscation", "ast", "ioc", "yara", "telemetry"];
|
|
4
|
+
export type ModuleName = (typeof MODULE_NAMES)[number];
|
|
3
5
|
export interface ModuleTimings {
|
|
4
6
|
load: number;
|
|
5
|
-
package?: number;
|
|
6
|
-
obfuscation?: number;
|
|
7
|
-
ast?: number;
|
|
8
|
-
ioc?: number;
|
|
9
|
-
yara?: number;
|
|
10
7
|
total: number;
|
|
8
|
+
[module: string]: number;
|
|
11
9
|
}
|
|
12
10
|
export interface ScanOptions {
|
|
13
11
|
output: "text" | "json" | "sarif";
|
|
14
12
|
severity: Severity;
|
|
15
13
|
network: boolean;
|
|
16
|
-
modules?:
|
|
14
|
+
modules?: ModuleName[];
|
|
17
15
|
profile?: boolean;
|
|
18
16
|
}
|
|
17
|
+
export interface FindingMetadata {
|
|
18
|
+
matched?: string | undefined;
|
|
19
|
+
legitimateUses?: string[] | undefined;
|
|
20
|
+
redFlags?: string[] | undefined;
|
|
21
|
+
[key: string]: unknown;
|
|
22
|
+
}
|
|
19
23
|
export interface Finding {
|
|
20
|
-
id: string;
|
|
21
|
-
title: string;
|
|
22
|
-
description: string;
|
|
23
|
-
severity: Severity;
|
|
24
|
-
category: string;
|
|
25
|
-
location?: {
|
|
26
|
-
file: string;
|
|
27
|
-
line?: number;
|
|
28
|
-
column?: number;
|
|
24
|
+
readonly id: string;
|
|
25
|
+
readonly title: string;
|
|
26
|
+
readonly description: string;
|
|
27
|
+
readonly severity: Severity;
|
|
28
|
+
readonly category: string;
|
|
29
|
+
readonly location?: {
|
|
30
|
+
readonly file: string;
|
|
31
|
+
readonly line?: number;
|
|
32
|
+
readonly column?: number;
|
|
29
33
|
};
|
|
30
|
-
metadata?:
|
|
34
|
+
readonly metadata?: FindingMetadata;
|
|
31
35
|
}
|
|
32
36
|
export interface CheckSummary {
|
|
33
|
-
name: string;
|
|
34
|
-
enabled: boolean;
|
|
35
|
-
description: string;
|
|
36
|
-
filesExamined?: number;
|
|
37
|
-
rulesApplied?: number;
|
|
38
|
-
skipReason?: string;
|
|
37
|
+
readonly name: string;
|
|
38
|
+
readonly enabled: boolean;
|
|
39
|
+
readonly description: string;
|
|
40
|
+
readonly filesExamined?: number;
|
|
41
|
+
readonly rulesApplied?: number;
|
|
42
|
+
readonly skipReason?: string;
|
|
39
43
|
}
|
|
40
44
|
export interface ScanResult {
|
|
41
|
-
extension: {
|
|
42
|
-
id: string;
|
|
43
|
-
name: string;
|
|
44
|
-
version: string;
|
|
45
|
-
publisher: string;
|
|
45
|
+
readonly extension: {
|
|
46
|
+
readonly id: string;
|
|
47
|
+
readonly name: string;
|
|
48
|
+
readonly version: string;
|
|
49
|
+
readonly publisher: string;
|
|
46
50
|
};
|
|
47
|
-
findings: Finding[];
|
|
48
|
-
inventory: CheckSummary[];
|
|
51
|
+
readonly findings: Finding[];
|
|
52
|
+
readonly inventory: CheckSummary[];
|
|
49
53
|
metadata: {
|
|
50
54
|
scannedAt: string;
|
|
51
55
|
scanDuration: number;
|
|
@@ -81,6 +85,11 @@ export interface VsixContents {
|
|
|
81
85
|
manifest: VsixManifest;
|
|
82
86
|
files: Map<string, Buffer>;
|
|
83
87
|
basePath: string;
|
|
88
|
+
warnings?: string[];
|
|
89
|
+
/** Pre-computed UTF-8 string contents, keyed by filename */
|
|
90
|
+
stringContents?: Map<string, string>;
|
|
91
|
+
/** Shared cache for memoized per-file computations */
|
|
92
|
+
cache?: Map<string, unknown>;
|
|
84
93
|
}
|
|
85
94
|
export interface BlocklistEntry {
|
|
86
95
|
id: string;
|
|
@@ -91,6 +100,12 @@ export interface BlocklistEntry {
|
|
|
91
100
|
addedDate?: string;
|
|
92
101
|
reference?: string;
|
|
93
102
|
}
|
|
103
|
+
export type TelemetryCategory = "analytics" | "crash-reporting" | "apm";
|
|
104
|
+
export interface TelemetryServiceInfo {
|
|
105
|
+
name: string;
|
|
106
|
+
category: TelemetryCategory;
|
|
107
|
+
domains: string[];
|
|
108
|
+
}
|
|
94
109
|
export interface ZooData {
|
|
95
110
|
blocklist: BlocklistEntry[];
|
|
96
111
|
hashes: Set<string>;
|
|
@@ -99,6 +114,7 @@ export interface ZooData {
|
|
|
99
114
|
maliciousNpmPackages: Set<string>;
|
|
100
115
|
wallets: Set<string>;
|
|
101
116
|
blockchainAllowlist: Set<string>;
|
|
117
|
+
telemetryServices: Map<string, TelemetryServiceInfo>;
|
|
102
118
|
}
|
|
103
119
|
export interface BatchScanResult {
|
|
104
120
|
results: ScanResult[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,eAAO,MAAM,YAAY,wEAAyE,CAAC;AACnG,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAClB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,SAAS,EAAE;QAClB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,YAAY,EAAE,CAAC;IACnC,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,OAAO,CAAC,EAAE,aAAa,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,sDAAsD;IACtD,KAAK,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,iBAAiB,GAAG,WAAW,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAExE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}
|
package/dist/scanner/types.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export
|
|
1
|
+
export const MODULE_NAMES = ["package", "obfuscation", "ast", "ioc", "yara", "telemetry"];
|
|
2
2
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAU,CAAC"}
|
package/dist/scanner/utils.d.ts
CHANGED
|
@@ -1,14 +1,36 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Shared utility functions for scanner checks.
|
|
3
3
|
*/
|
|
4
|
+
/**
|
|
5
|
+
* Pre-compute line start offsets for binary search.
|
|
6
|
+
* Returns array where index i is the character offset
|
|
7
|
+
* of line i+1 (0-indexed array, 1-indexed lines).
|
|
8
|
+
*/
|
|
9
|
+
export declare function computeLineStarts(content: string): number[];
|
|
10
|
+
/**
|
|
11
|
+
* Convert character offset to 1-indexed line number
|
|
12
|
+
* using binary search on pre-computed line starts.
|
|
13
|
+
*/
|
|
14
|
+
export declare function offsetToLine(offset: number, lineStarts: number[]): number;
|
|
15
|
+
/**
|
|
16
|
+
* Convert character offset to 0-indexed column number.
|
|
17
|
+
*/
|
|
18
|
+
export declare function offsetToColumn(offset: number, lineStarts: number[]): number;
|
|
4
19
|
/**
|
|
5
20
|
* Find line number for a string match in content.
|
|
6
21
|
* Returns 1-indexed line number, or undefined if not found.
|
|
22
|
+
*
|
|
23
|
+
* When called multiple times on the same content, pass
|
|
24
|
+
* pre-computed lineStarts for O(log n) per call instead
|
|
25
|
+
* of O(n).
|
|
7
26
|
*/
|
|
8
|
-
export declare function findLineNumberByString(content: string, searchStr: string): number | undefined;
|
|
27
|
+
export declare function findLineNumberByString(content: string, searchStr: string, lineStarts?: number[]): number | undefined;
|
|
9
28
|
/**
|
|
10
|
-
* Find line number for a regex match by its
|
|
11
|
-
* Returns 1-indexed line number.
|
|
29
|
+
* Find line number for a regex match by its character
|
|
30
|
+
* offset. Returns 1-indexed line number.
|
|
31
|
+
*
|
|
32
|
+
* When called multiple times on the same content, pass
|
|
33
|
+
* pre-computed lineStarts for O(log n) per call.
|
|
12
34
|
*/
|
|
13
|
-
export declare function findLineNumberByIndex(content: string, index: number): number;
|
|
35
|
+
export declare function findLineNumberByIndex(content: string, index: number, lineStarts?: number[]): number;
|
|
14
36
|
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAQ3D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAazE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAI3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,MAAM,GAAG,SAAS,CAKpB;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,MAAM,CAGR"}
|
package/dist/scanner/utils.js
CHANGED
|
@@ -2,24 +2,70 @@
|
|
|
2
2
|
* Shared utility functions for scanner checks.
|
|
3
3
|
*/
|
|
4
4
|
/**
|
|
5
|
-
*
|
|
6
|
-
* Returns
|
|
5
|
+
* Pre-compute line start offsets for binary search.
|
|
6
|
+
* Returns array where index i is the character offset
|
|
7
|
+
* of line i+1 (0-indexed array, 1-indexed lines).
|
|
8
|
+
*/
|
|
9
|
+
export function computeLineStarts(content) {
|
|
10
|
+
const lineStarts = [0];
|
|
11
|
+
for (let i = 0; i < content.length; i++) {
|
|
12
|
+
if (content[i] === "\n") {
|
|
13
|
+
lineStarts.push(i + 1);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return lineStarts;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Convert character offset to 1-indexed line number
|
|
20
|
+
* using binary search on pre-computed line starts.
|
|
7
21
|
*/
|
|
8
|
-
export function
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
22
|
+
export function offsetToLine(offset, lineStarts) {
|
|
23
|
+
let low = 0;
|
|
24
|
+
let high = lineStarts.length - 1;
|
|
25
|
+
while (low < high) {
|
|
26
|
+
const mid = Math.ceil((low + high) / 2);
|
|
27
|
+
const midStart = lineStarts[mid];
|
|
28
|
+
if (midStart !== undefined && midStart <= offset) {
|
|
29
|
+
low = mid;
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
high = mid - 1;
|
|
13
33
|
}
|
|
14
34
|
}
|
|
15
|
-
return
|
|
35
|
+
return low + 1;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Convert character offset to 0-indexed column number.
|
|
39
|
+
*/
|
|
40
|
+
export function offsetToColumn(offset, lineStarts) {
|
|
41
|
+
const line = offsetToLine(offset, lineStarts);
|
|
42
|
+
const lineStart = lineStarts[line - 1] ?? 0;
|
|
43
|
+
return offset - lineStart;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Find line number for a string match in content.
|
|
47
|
+
* Returns 1-indexed line number, or undefined if not found.
|
|
48
|
+
*
|
|
49
|
+
* When called multiple times on the same content, pass
|
|
50
|
+
* pre-computed lineStarts for O(log n) per call instead
|
|
51
|
+
* of O(n).
|
|
52
|
+
*/
|
|
53
|
+
export function findLineNumberByString(content, searchStr, lineStarts) {
|
|
54
|
+
const idx = content.indexOf(searchStr);
|
|
55
|
+
if (idx === -1)
|
|
56
|
+
return undefined;
|
|
57
|
+
const starts = lineStarts ?? computeLineStarts(content);
|
|
58
|
+
return offsetToLine(idx, starts);
|
|
16
59
|
}
|
|
17
60
|
/**
|
|
18
|
-
* Find line number for a regex match by its
|
|
19
|
-
* Returns 1-indexed line number.
|
|
61
|
+
* Find line number for a regex match by its character
|
|
62
|
+
* offset. Returns 1-indexed line number.
|
|
63
|
+
*
|
|
64
|
+
* When called multiple times on the same content, pass
|
|
65
|
+
* pre-computed lineStarts for O(log n) per call.
|
|
20
66
|
*/
|
|
21
|
-
export function findLineNumberByIndex(content, index) {
|
|
22
|
-
const
|
|
23
|
-
return
|
|
67
|
+
export function findLineNumberByIndex(content, index, lineStarts) {
|
|
68
|
+
const starts = lineStarts ?? computeLineStarts(content);
|
|
69
|
+
return offsetToLine(index, starts);
|
|
24
70
|
}
|
|
25
71
|
//# sourceMappingURL=utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc,EAAE,UAAoB;IAC/D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;IACjC,OAAO,GAAG,GAAG,IAAI,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,IAAI,MAAM,EAAE,CAAC;YACjD,GAAG,GAAG,GAAG,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,UAAoB;IACjE,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC5C,OAAO,MAAM,GAAG,SAAS,CAAC;AAC5B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,SAAiB,EACjB,UAAqB;IAErB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,MAAM,GAAG,UAAU,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,KAAa,EACb,UAAqB;IAErB,MAAM,MAAM,GAAG,UAAU,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACrC,CAAC"}
|
package/dist/scanner/vsix.d.ts
CHANGED
|
@@ -1,4 +1,10 @@
|
|
|
1
1
|
import type { VsixContents } from "./types.js";
|
|
2
|
+
/** Maximum uncompressed size for a single entry (500 MB). */
|
|
3
|
+
export declare const MAX_ENTRY_SIZE: number;
|
|
4
|
+
/** Maximum total extracted size across all entries (1 GB). */
|
|
5
|
+
export declare const MAX_TOTAL_SIZE: number;
|
|
6
|
+
/** Maximum compression ratio before flagging as suspicious. */
|
|
7
|
+
export declare const MAX_COMPRESSION_RATIO = 100;
|
|
2
8
|
export declare function extractVsix(vsixPath: string): Promise<VsixContents>;
|
|
3
9
|
export declare function loadDirectory(dirPath: string): Promise<VsixContents>;
|
|
4
10
|
export declare function loadExtension(target: string): Promise<VsixContents>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vsix.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"vsix.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;AAO7D,6DAA6D;AAC7D,eAAO,MAAM,cAAc,QAAoB,CAAC;AAEhD,8DAA8D;AAC9D,eAAO,MAAM,cAAc,QAAqB,CAAC;AAEjD,+DAA+D;AAC/D,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAgJzC,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAwEzE;AAoCD,wBAAsB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAqC1E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAUzE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAErD"}
|
package/dist/scanner/vsix.js
CHANGED
|
@@ -6,11 +6,19 @@ const VSIX_EXTENSION_PREFIX = "extension/";
|
|
|
6
6
|
const LOCAL_FILE_HEADER = 0x04034b50;
|
|
7
7
|
const CENTRAL_DIR_HEADER = 0x02014b50;
|
|
8
8
|
const END_OF_CENTRAL_DIR = 0x06054b50;
|
|
9
|
+
/** Maximum uncompressed size for a single entry (500 MB). */
|
|
10
|
+
export const MAX_ENTRY_SIZE = 500 * 1024 * 1024;
|
|
11
|
+
/** Maximum total extracted size across all entries (1 GB). */
|
|
12
|
+
export const MAX_TOTAL_SIZE = 1024 * 1024 * 1024;
|
|
13
|
+
/** Maximum compression ratio before flagging as suspicious. */
|
|
14
|
+
export const MAX_COMPRESSION_RATIO = 100;
|
|
9
15
|
/**
|
|
10
16
|
* Validate that a ZIP entry path is safe (no path traversal).
|
|
11
17
|
* Prevents zip slip attacks by rejecting paths with ".." segments.
|
|
12
18
|
*/
|
|
13
19
|
function isPathSafe(path) {
|
|
20
|
+
if (path.includes("\\"))
|
|
21
|
+
return false;
|
|
14
22
|
const normalized = path.split("/").filter((p) => p !== ".");
|
|
15
23
|
return !normalized.some((segment) => segment === ".." || segment.startsWith(".."));
|
|
16
24
|
}
|
|
@@ -114,13 +122,33 @@ export async function extractVsix(vsixPath) {
|
|
|
114
122
|
const buffer = await readFile(vsixPath);
|
|
115
123
|
const entries = parseZipEntries(buffer);
|
|
116
124
|
const files = new Map();
|
|
125
|
+
const warnings = [];
|
|
117
126
|
let manifest;
|
|
127
|
+
let totalExtractedSize = 0;
|
|
118
128
|
for (const entry of entries) {
|
|
119
|
-
// Validate path before processing to prevent zip slip attacks
|
|
120
129
|
if (!isPathSafe(entry.name)) {
|
|
121
130
|
throw new Error(`Invalid VSIX: path traversal detected in "${entry.name}"`);
|
|
122
131
|
}
|
|
132
|
+
if (entry.uncompressedSize > MAX_ENTRY_SIZE) {
|
|
133
|
+
warnings.push(`Skipped "${entry.name}": declared size ` +
|
|
134
|
+
`${entry.uncompressedSize} exceeds ` +
|
|
135
|
+
`${MAX_ENTRY_SIZE} byte limit`);
|
|
136
|
+
continue;
|
|
137
|
+
}
|
|
138
|
+
if (entry.compressedSize > 0 &&
|
|
139
|
+
entry.uncompressedSize / entry.compressedSize > MAX_COMPRESSION_RATIO) {
|
|
140
|
+
warnings.push(`Skipped "${entry.name}": compression ratio ` +
|
|
141
|
+
`${Math.round(entry.uncompressedSize / entry.compressedSize)}:1 ` +
|
|
142
|
+
`exceeds ${MAX_COMPRESSION_RATIO}:1 limit`);
|
|
143
|
+
continue;
|
|
144
|
+
}
|
|
145
|
+
if (totalExtractedSize + entry.uncompressedSize > MAX_TOTAL_SIZE) {
|
|
146
|
+
warnings.push(`Skipped "${entry.name}": total extracted size would ` +
|
|
147
|
+
`exceed ${MAX_TOTAL_SIZE} byte limit`);
|
|
148
|
+
continue;
|
|
149
|
+
}
|
|
123
150
|
const content = extractEntry(buffer, entry);
|
|
151
|
+
totalExtractedSize += entry.uncompressedSize;
|
|
124
152
|
let relativePath = entry.name;
|
|
125
153
|
if (relativePath.startsWith(VSIX_EXTENSION_PREFIX)) {
|
|
126
154
|
relativePath = relativePath.slice(VSIX_EXTENSION_PREFIX.length);
|
|
@@ -130,30 +158,8 @@ export async function extractVsix(vsixPath) {
|
|
|
130
158
|
manifest = JSON.parse(content.toString("utf8"));
|
|
131
159
|
}
|
|
132
160
|
}
|
|
133
|
-
// Handle non-standard prefixes (e.g., "publisher.name-version/" instead of "extension/")
|
|
134
161
|
if (!manifest) {
|
|
135
|
-
|
|
136
|
-
const match = path.match(/^([^/]+)\/package\.json$/);
|
|
137
|
-
if (match) {
|
|
138
|
-
const prefix = match[1] + "/";
|
|
139
|
-
// Re-normalize all paths with detected prefix
|
|
140
|
-
const normalized = new Map();
|
|
141
|
-
for (const [p, c] of files) {
|
|
142
|
-
if (p.startsWith(prefix)) {
|
|
143
|
-
normalized.set(p.slice(prefix.length), c);
|
|
144
|
-
}
|
|
145
|
-
else {
|
|
146
|
-
normalized.set(p, c);
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
files.clear();
|
|
150
|
-
for (const [p, c] of normalized) {
|
|
151
|
-
files.set(p, c);
|
|
152
|
-
}
|
|
153
|
-
manifest = JSON.parse(content.toString("utf8"));
|
|
154
|
-
break;
|
|
155
|
-
}
|
|
156
|
-
}
|
|
162
|
+
manifest = findManifestWithNonStandardPrefix(files);
|
|
157
163
|
}
|
|
158
164
|
if (!manifest) {
|
|
159
165
|
throw new Error("Invalid VSIX: missing package.json");
|
|
@@ -162,8 +168,38 @@ export async function extractVsix(vsixPath) {
|
|
|
162
168
|
manifest,
|
|
163
169
|
files,
|
|
164
170
|
basePath: vsixPath,
|
|
171
|
+
...(warnings.length > 0 ? { warnings } : {}),
|
|
165
172
|
};
|
|
166
173
|
}
|
|
174
|
+
/**
|
|
175
|
+
* Find package.json under a non-standard prefix
|
|
176
|
+
* (e.g. "publisher.name-version/" instead of "extension/")
|
|
177
|
+
* and re-normalize all paths.
|
|
178
|
+
*/
|
|
179
|
+
function findManifestWithNonStandardPrefix(files) {
|
|
180
|
+
for (const [path, content] of files) {
|
|
181
|
+
const match = path.match(/^([^/]+)\/package\.json$/);
|
|
182
|
+
if (!match) {
|
|
183
|
+
continue;
|
|
184
|
+
}
|
|
185
|
+
const prefix = match[1] + "/";
|
|
186
|
+
const normalized = new Map();
|
|
187
|
+
for (const [p, c] of files) {
|
|
188
|
+
if (p.startsWith(prefix)) {
|
|
189
|
+
normalized.set(p.slice(prefix.length), c);
|
|
190
|
+
}
|
|
191
|
+
else {
|
|
192
|
+
normalized.set(p, c);
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
files.clear();
|
|
196
|
+
for (const [p, c] of normalized) {
|
|
197
|
+
files.set(p, c);
|
|
198
|
+
}
|
|
199
|
+
return JSON.parse(content.toString("utf8"));
|
|
200
|
+
}
|
|
201
|
+
return undefined;
|
|
202
|
+
}
|
|
167
203
|
export async function loadDirectory(dirPath) {
|
|
168
204
|
const files = new Map();
|
|
169
205
|
async function walkDir(dir) {
|
package/dist/scanner/vsix.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vsix.js","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAC3C,MAAM,iBAAiB,GAAG,UAAU,CAAC;AACrC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AACtC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACrF,CAAC;AAkBD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,IAAI,MAAM,GAAG,QAAQ,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC;QAEpF,yCAAyC;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,cAAc;gBACd,gBAAgB;gBAChB,iBAAiB;gBACjB,iBAAiB;aAClB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,EAAE,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;IAC9D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEzC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,sBAAsB,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,gBAAgB,CAAC;QAEnE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,KAAe;IACnD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;IAElG,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"vsix.js","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAC3C,MAAM,iBAAiB,GAAG,UAAU,CAAC;AACrC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AACtC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC,6DAA6D;AAC7D,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD,8DAA8D;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAEjD,+DAA+D;AAC/D,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAEzC;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACrF,CAAC;AAkBD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,IAAI,MAAM,GAAG,QAAQ,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC;QAEpF,yCAAyC;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,cAAc;gBACd,gBAAgB;gBAChB,iBAAiB;gBACjB,iBAAiB;aAClB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,EAAE,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;IAC9D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEzC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,sBAAsB,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,gBAAgB,CAAC;QAEnE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,KAAe;IACnD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;IAElG,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACxC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,QAAkC,CAAC;IACvC,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAE3B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,KAAK,CAAC,gBAAgB,GAAG,cAAc,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,mBAAmB;gBACvC,GAAG,KAAK,CAAC,gBAAgB,WAAW;gBACpC,GAAG,cAAc,aAAa,CACjC,CAAC;YACF,SAAS;QACX,CAAC;QAED,IACE,KAAK,CAAC,cAAc,GAAG,CAAC;YACxB,KAAK,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,GAAG,qBAAqB,EACrE,CAAC;YACD,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,uBAAuB;gBAC3C,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,CAAC,KAAK;gBACjE,WAAW,qBAAqB,UAAU,CAC7C,CAAC;YACF,SAAS;QACX,CAAC;QAED,IAAI,kBAAkB,GAAG,KAAK,CAAC,gBAAgB,GAAG,cAAc,EAAE,CAAC;YACjE,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,gCAAgC;gBACpD,UAAU,cAAc,aAAa,CACxC,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5C,kBAAkB,IAAI,KAAK,CAAC,gBAAgB,CAAC;QAE7C,IAAI,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;QAC9B,IAAI,YAAY,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACnD,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAEjC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YACpC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,iCAAiC,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,QAAQ;QAClB,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,iCAAiC,CAAC,KAA0B;IACnE,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAC9B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;YAChC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IAC9D,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAExC,KAAK,UAAU,OAAO,CAAC,GAAW;QAChC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAEvC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC3D,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvB,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACjD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IAE7E,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,OAAO;KAClB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC;IAEjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,qCAAqC,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC"}
|