@trailofbits/vsix-audit 0.1.3 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -3
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +9 -242
- package/dist/cli.js.map +1 -1
- package/dist/formatters.d.ts +63 -0
- package/dist/formatters.d.ts.map +1 -0
- package/dist/formatters.js +268 -0
- package/dist/formatters.js.map +1 -0
- package/dist/scanner/bundler.d.ts +1 -2
- package/dist/scanner/bundler.d.ts.map +1 -1
- package/dist/scanner/bundler.js +12 -9
- package/dist/scanner/bundler.js.map +1 -1
- package/dist/scanner/cache.d.ts +10 -0
- package/dist/scanner/cache.d.ts.map +1 -1
- package/dist/scanner/cache.js +29 -1
- package/dist/scanner/cache.js.map +1 -1
- package/dist/scanner/capabilities.d.ts.map +1 -1
- package/dist/scanner/capabilities.js +26 -18
- package/dist/scanner/capabilities.js.map +1 -1
- package/dist/scanner/checks/ast.d.ts.map +1 -1
- package/dist/scanner/checks/ast.js +21 -41
- package/dist/scanner/checks/ast.js.map +1 -1
- package/dist/scanner/checks/ioc.d.ts +1 -0
- package/dist/scanner/checks/ioc.d.ts.map +1 -1
- package/dist/scanner/checks/ioc.js +60 -8
- package/dist/scanner/checks/ioc.js.map +1 -1
- package/dist/scanner/checks/ioc.test.js +175 -1
- package/dist/scanner/checks/ioc.test.js.map +1 -1
- package/dist/scanner/checks/obfuscation.d.ts.map +1 -1
- package/dist/scanner/checks/obfuscation.js +11 -12
- package/dist/scanner/checks/obfuscation.js.map +1 -1
- package/dist/scanner/checks/package.d.ts.map +1 -1
- package/dist/scanner/checks/package.js +15 -1
- package/dist/scanner/checks/package.js.map +1 -1
- package/dist/scanner/checks/package.test.js +5 -1
- package/dist/scanner/checks/package.test.js.map +1 -1
- package/dist/scanner/checks/telemetry.d.ts.map +1 -1
- package/dist/scanner/checks/telemetry.js +12 -29
- package/dist/scanner/checks/telemetry.js.map +1 -1
- package/dist/scanner/checks/telemetry.test.js +1 -0
- package/dist/scanner/checks/telemetry.test.js.map +1 -1
- package/dist/scanner/checks/yara.d.ts +2 -5
- package/dist/scanner/checks/yara.d.ts.map +1 -1
- package/dist/scanner/checks/yara.js +131 -68
- package/dist/scanner/checks/yara.js.map +1 -1
- package/dist/scanner/checks/yara.test.js +40 -10
- package/dist/scanner/checks/yara.test.js.map +1 -1
- package/dist/scanner/download.d.ts +0 -5
- package/dist/scanner/download.d.ts.map +1 -1
- package/dist/scanner/download.js +94 -86
- package/dist/scanner/download.js.map +1 -1
- package/dist/scanner/download.test.js +1 -16
- package/dist/scanner/download.test.js.map +1 -1
- package/dist/scanner/index.d.ts +4 -3
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +79 -58
- package/dist/scanner/index.js.map +1 -1
- package/dist/scanner/loaders/zoo.d.ts.map +1 -1
- package/dist/scanner/loaders/zoo.js +3 -1
- package/dist/scanner/loaders/zoo.js.map +1 -1
- package/dist/scanner/types.d.ts +39 -30
- package/dist/scanner/types.d.ts.map +1 -1
- package/dist/scanner/types.js +1 -1
- package/dist/scanner/types.js.map +1 -1
- package/dist/scanner/utils.d.ts +26 -4
- package/dist/scanner/utils.d.ts.map +1 -1
- package/dist/scanner/utils.js +59 -13
- package/dist/scanner/utils.js.map +1 -1
- package/dist/scanner/vsix.d.ts +6 -0
- package/dist/scanner/vsix.d.ts.map +1 -1
- package/dist/scanner/vsix.js +60 -24
- package/dist/scanner/vsix.js.map +1 -1
- package/dist/scanner/vsix.test.js +240 -3
- package/dist/scanner/vsix.test.js.map +1 -1
- package/package.json +1 -1
- package/zoo/blocklist/extensions.json +609 -3
- package/zoo/iocs/c2-domains.txt +10 -0
- package/zoo/iocs/c2-ips.txt +7 -0
- package/zoo/iocs/github-c2.txt +11 -0
- package/zoo/iocs/hashes.txt +6 -0
- package/zoo/iocs/wallets.txt +2 -5
- package/zoo/signatures/yara/blockchain_c2_extended.yar +57 -0
- package/zoo/signatures/yara/native_addon_loader.yar +71 -0
- package/zoo/signatures/yara/persistence_macos.yar +118 -0
- package/zoo/signatures/yara/rmm_tool_delivery.yar +106 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zoo.d.ts","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAA2D,OAAO,EAAE,MAAM,aAAa,CAAC;AAuIpG,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"zoo.d.ts","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAA2D,OAAO,EAAE,MAAM,aAAa,CAAC;AAuIpG,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CA8CpD"}
|
|
@@ -120,7 +120,7 @@ export async function loadZooData() {
|
|
|
120
120
|
return cachedZooData;
|
|
121
121
|
}
|
|
122
122
|
const zooRoot = await findZooRoot();
|
|
123
|
-
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent, telemetryContent,] = await Promise.all([
|
|
123
|
+
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent, telemetryContent, githubC2Content,] = await Promise.all([
|
|
124
124
|
readFile(join(zooRoot, "blocklist", "extensions.json"), "utf8"),
|
|
125
125
|
readFile(join(zooRoot, "iocs", "hashes.txt"), "utf8"),
|
|
126
126
|
readFile(join(zooRoot, "iocs", "c2-domains.txt"), "utf8"),
|
|
@@ -129,6 +129,7 @@ export async function loadZooData() {
|
|
|
129
129
|
readFile(join(zooRoot, "iocs", "wallets.txt"), "utf8"),
|
|
130
130
|
readFile(join(zooRoot, "iocs", "blockchain-extensions.txt"), "utf8"),
|
|
131
131
|
readFile(join(zooRoot, "telemetry", "known-services.txt"), "utf8").catch(() => ""),
|
|
132
|
+
readFile(join(zooRoot, "iocs", "github-c2.txt"), "utf8").catch(() => ""),
|
|
132
133
|
]);
|
|
133
134
|
const blocklistFile = JSON.parse(blocklistContent);
|
|
134
135
|
cachedZooData = {
|
|
@@ -140,6 +141,7 @@ export async function loadZooData() {
|
|
|
140
141
|
wallets: parseWalletFile(walletsContent),
|
|
141
142
|
blockchainAllowlist: parseIOCFile(blockchainContent, (extId) => extId),
|
|
142
143
|
telemetryServices: parseTelemetryServices(telemetryContent),
|
|
144
|
+
githubC2Accounts: parseIOCFile(githubC2Content, (username) => username.toLowerCase()),
|
|
143
145
|
};
|
|
144
146
|
return cachedZooData;
|
|
145
147
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAoB,CAAC,WAAW,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IAE5F,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sDAAsD;QACtD,yEAAyE;QACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAsB,CAAC;QAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5B,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU;YAAE,SAAS;QAErE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACzE,MAAM,WAAW,GAAyB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAEtE,kDAAkD;QAClD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAoB,CAAC,WAAW,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IAE5F,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sDAAsD;QACtD,yEAAyE;QACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAsB,CAAC;QAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5B,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU;YAAE,SAAS;QAErE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACzE,MAAM,WAAW,GAAyB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAEtE,kDAAkD;QAClD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EAChB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACzD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,2BAA2B,CAAC,EAAE,MAAM,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,oBAAoB,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAClF,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;KACzE,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAkB,CAAC;IAEpE,aAAa,GAAG;QACd,SAAS,EAAE,aAAa,CAAC,UAAU;QACnC,MAAM,EAAE,YAAY,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAC3C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD;QACD,OAAO,EAAE,YAAY,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACrF,GAAG,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC/E,oBAAoB,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC1E,OAAO,EAAE,eAAe,CAAC,cAAc,CAAC;QACxC,mBAAmB,EAAE,YAAY,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC;QACtE,iBAAiB,EAAE,sBAAsB,CAAC,gBAAgB,CAAC;QAC3D,gBAAgB,EAAE,YAAY,CAAC,eAAe,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;KACtF,CAAC;IAEF,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
package/dist/scanner/types.d.ts
CHANGED
|
@@ -1,52 +1,55 @@
|
|
|
1
1
|
export type Severity = "low" | "medium" | "high" | "critical";
|
|
2
2
|
export type Registry = "marketplace" | "openvsx" | "cursor";
|
|
3
|
+
export declare const MODULE_NAMES: readonly ["package", "obfuscation", "ast", "ioc", "yara", "telemetry"];
|
|
4
|
+
export type ModuleName = (typeof MODULE_NAMES)[number];
|
|
3
5
|
export interface ModuleTimings {
|
|
4
6
|
load: number;
|
|
5
|
-
package?: number;
|
|
6
|
-
obfuscation?: number;
|
|
7
|
-
ast?: number;
|
|
8
|
-
ioc?: number;
|
|
9
|
-
yara?: number;
|
|
10
|
-
telemetry?: number;
|
|
11
7
|
total: number;
|
|
8
|
+
[module: string]: number;
|
|
12
9
|
}
|
|
13
10
|
export interface ScanOptions {
|
|
14
11
|
output: "text" | "json" | "sarif";
|
|
15
12
|
severity: Severity;
|
|
16
13
|
network: boolean;
|
|
17
|
-
modules?:
|
|
14
|
+
modules?: ModuleName[];
|
|
18
15
|
profile?: boolean;
|
|
19
16
|
}
|
|
17
|
+
export interface FindingMetadata {
|
|
18
|
+
matched?: string | undefined;
|
|
19
|
+
legitimateUses?: string[] | undefined;
|
|
20
|
+
redFlags?: string[] | undefined;
|
|
21
|
+
[key: string]: unknown;
|
|
22
|
+
}
|
|
20
23
|
export interface Finding {
|
|
21
|
-
id: string;
|
|
22
|
-
title: string;
|
|
23
|
-
description: string;
|
|
24
|
-
severity: Severity;
|
|
25
|
-
category: string;
|
|
26
|
-
location?: {
|
|
27
|
-
file: string;
|
|
28
|
-
line?: number;
|
|
29
|
-
column?: number;
|
|
24
|
+
readonly id: string;
|
|
25
|
+
readonly title: string;
|
|
26
|
+
readonly description: string;
|
|
27
|
+
readonly severity: Severity;
|
|
28
|
+
readonly category: string;
|
|
29
|
+
readonly location?: {
|
|
30
|
+
readonly file: string;
|
|
31
|
+
readonly line?: number;
|
|
32
|
+
readonly column?: number;
|
|
30
33
|
};
|
|
31
|
-
metadata?:
|
|
34
|
+
readonly metadata?: FindingMetadata;
|
|
32
35
|
}
|
|
33
36
|
export interface CheckSummary {
|
|
34
|
-
name: string;
|
|
35
|
-
enabled: boolean;
|
|
36
|
-
description: string;
|
|
37
|
-
filesExamined?: number;
|
|
38
|
-
rulesApplied?: number;
|
|
39
|
-
skipReason?: string;
|
|
37
|
+
readonly name: string;
|
|
38
|
+
readonly enabled: boolean;
|
|
39
|
+
readonly description: string;
|
|
40
|
+
readonly filesExamined?: number;
|
|
41
|
+
readonly rulesApplied?: number;
|
|
42
|
+
readonly skipReason?: string;
|
|
40
43
|
}
|
|
41
44
|
export interface ScanResult {
|
|
42
|
-
extension: {
|
|
43
|
-
id: string;
|
|
44
|
-
name: string;
|
|
45
|
-
version: string;
|
|
46
|
-
publisher: string;
|
|
45
|
+
readonly extension: {
|
|
46
|
+
readonly id: string;
|
|
47
|
+
readonly name: string;
|
|
48
|
+
readonly version: string;
|
|
49
|
+
readonly publisher: string;
|
|
47
50
|
};
|
|
48
|
-
findings: Finding[];
|
|
49
|
-
inventory: CheckSummary[];
|
|
51
|
+
readonly findings: Finding[];
|
|
52
|
+
readonly inventory: CheckSummary[];
|
|
50
53
|
metadata: {
|
|
51
54
|
scannedAt: string;
|
|
52
55
|
scanDuration: number;
|
|
@@ -82,6 +85,11 @@ export interface VsixContents {
|
|
|
82
85
|
manifest: VsixManifest;
|
|
83
86
|
files: Map<string, Buffer>;
|
|
84
87
|
basePath: string;
|
|
88
|
+
warnings?: string[];
|
|
89
|
+
/** Pre-computed UTF-8 string contents, keyed by filename */
|
|
90
|
+
stringContents?: Map<string, string>;
|
|
91
|
+
/** Shared cache for memoized per-file computations */
|
|
92
|
+
cache?: Map<string, unknown>;
|
|
85
93
|
}
|
|
86
94
|
export interface BlocklistEntry {
|
|
87
95
|
id: string;
|
|
@@ -107,6 +115,7 @@ export interface ZooData {
|
|
|
107
115
|
wallets: Set<string>;
|
|
108
116
|
blockchainAllowlist: Set<string>;
|
|
109
117
|
telemetryServices: Map<string, TelemetryServiceInfo>;
|
|
118
|
+
githubC2Accounts: Set<string>;
|
|
110
119
|
}
|
|
111
120
|
export interface BatchScanResult {
|
|
112
121
|
results: ScanResult[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,eAAO,MAAM,YAAY,wEAAyE,CAAC;AACnG,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAClB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,SAAS,EAAE;QAClB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,YAAY,EAAE,CAAC;IACnC,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,OAAO,CAAC,EAAE,aAAa,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,sDAAsD;IACtD,KAAK,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,iBAAiB,GAAG,WAAW,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAExE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACrD,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}
|
package/dist/scanner/types.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export
|
|
1
|
+
export const MODULE_NAMES = ["package", "obfuscation", "ast", "ioc", "yara", "telemetry"];
|
|
2
2
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAU,CAAC"}
|
package/dist/scanner/utils.d.ts
CHANGED
|
@@ -1,14 +1,36 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Shared utility functions for scanner checks.
|
|
3
3
|
*/
|
|
4
|
+
/**
|
|
5
|
+
* Pre-compute line start offsets for binary search.
|
|
6
|
+
* Returns array where index i is the character offset
|
|
7
|
+
* of line i+1 (0-indexed array, 1-indexed lines).
|
|
8
|
+
*/
|
|
9
|
+
export declare function computeLineStarts(content: string): number[];
|
|
10
|
+
/**
|
|
11
|
+
* Convert character offset to 1-indexed line number
|
|
12
|
+
* using binary search on pre-computed line starts.
|
|
13
|
+
*/
|
|
14
|
+
export declare function offsetToLine(offset: number, lineStarts: number[]): number;
|
|
15
|
+
/**
|
|
16
|
+
* Convert character offset to 0-indexed column number.
|
|
17
|
+
*/
|
|
18
|
+
export declare function offsetToColumn(offset: number, lineStarts: number[]): number;
|
|
4
19
|
/**
|
|
5
20
|
* Find line number for a string match in content.
|
|
6
21
|
* Returns 1-indexed line number, or undefined if not found.
|
|
22
|
+
*
|
|
23
|
+
* When called multiple times on the same content, pass
|
|
24
|
+
* pre-computed lineStarts for O(log n) per call instead
|
|
25
|
+
* of O(n).
|
|
7
26
|
*/
|
|
8
|
-
export declare function findLineNumberByString(content: string, searchStr: string): number | undefined;
|
|
27
|
+
export declare function findLineNumberByString(content: string, searchStr: string, lineStarts?: number[]): number | undefined;
|
|
9
28
|
/**
|
|
10
|
-
* Find line number for a regex match by its
|
|
11
|
-
* Returns 1-indexed line number.
|
|
29
|
+
* Find line number for a regex match by its character
|
|
30
|
+
* offset. Returns 1-indexed line number.
|
|
31
|
+
*
|
|
32
|
+
* When called multiple times on the same content, pass
|
|
33
|
+
* pre-computed lineStarts for O(log n) per call.
|
|
12
34
|
*/
|
|
13
|
-
export declare function findLineNumberByIndex(content: string, index: number): number;
|
|
35
|
+
export declare function findLineNumberByIndex(content: string, index: number, lineStarts?: number[]): number;
|
|
14
36
|
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAQ3D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAazE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAI3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,MAAM,GAAG,SAAS,CAKpB;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,MAAM,CAGR"}
|
package/dist/scanner/utils.js
CHANGED
|
@@ -2,24 +2,70 @@
|
|
|
2
2
|
* Shared utility functions for scanner checks.
|
|
3
3
|
*/
|
|
4
4
|
/**
|
|
5
|
-
*
|
|
6
|
-
* Returns
|
|
5
|
+
* Pre-compute line start offsets for binary search.
|
|
6
|
+
* Returns array where index i is the character offset
|
|
7
|
+
* of line i+1 (0-indexed array, 1-indexed lines).
|
|
8
|
+
*/
|
|
9
|
+
export function computeLineStarts(content) {
|
|
10
|
+
const lineStarts = [0];
|
|
11
|
+
for (let i = 0; i < content.length; i++) {
|
|
12
|
+
if (content[i] === "\n") {
|
|
13
|
+
lineStarts.push(i + 1);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return lineStarts;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Convert character offset to 1-indexed line number
|
|
20
|
+
* using binary search on pre-computed line starts.
|
|
7
21
|
*/
|
|
8
|
-
export function
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
22
|
+
export function offsetToLine(offset, lineStarts) {
|
|
23
|
+
let low = 0;
|
|
24
|
+
let high = lineStarts.length - 1;
|
|
25
|
+
while (low < high) {
|
|
26
|
+
const mid = Math.ceil((low + high) / 2);
|
|
27
|
+
const midStart = lineStarts[mid];
|
|
28
|
+
if (midStart !== undefined && midStart <= offset) {
|
|
29
|
+
low = mid;
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
high = mid - 1;
|
|
13
33
|
}
|
|
14
34
|
}
|
|
15
|
-
return
|
|
35
|
+
return low + 1;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Convert character offset to 0-indexed column number.
|
|
39
|
+
*/
|
|
40
|
+
export function offsetToColumn(offset, lineStarts) {
|
|
41
|
+
const line = offsetToLine(offset, lineStarts);
|
|
42
|
+
const lineStart = lineStarts[line - 1] ?? 0;
|
|
43
|
+
return offset - lineStart;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Find line number for a string match in content.
|
|
47
|
+
* Returns 1-indexed line number, or undefined if not found.
|
|
48
|
+
*
|
|
49
|
+
* When called multiple times on the same content, pass
|
|
50
|
+
* pre-computed lineStarts for O(log n) per call instead
|
|
51
|
+
* of O(n).
|
|
52
|
+
*/
|
|
53
|
+
export function findLineNumberByString(content, searchStr, lineStarts) {
|
|
54
|
+
const idx = content.indexOf(searchStr);
|
|
55
|
+
if (idx === -1)
|
|
56
|
+
return undefined;
|
|
57
|
+
const starts = lineStarts ?? computeLineStarts(content);
|
|
58
|
+
return offsetToLine(idx, starts);
|
|
16
59
|
}
|
|
17
60
|
/**
|
|
18
|
-
* Find line number for a regex match by its
|
|
19
|
-
* Returns 1-indexed line number.
|
|
61
|
+
* Find line number for a regex match by its character
|
|
62
|
+
* offset. Returns 1-indexed line number.
|
|
63
|
+
*
|
|
64
|
+
* When called multiple times on the same content, pass
|
|
65
|
+
* pre-computed lineStarts for O(log n) per call.
|
|
20
66
|
*/
|
|
21
|
-
export function findLineNumberByIndex(content, index) {
|
|
22
|
-
const
|
|
23
|
-
return
|
|
67
|
+
export function findLineNumberByIndex(content, index, lineStarts) {
|
|
68
|
+
const starts = lineStarts ?? computeLineStarts(content);
|
|
69
|
+
return offsetToLine(index, starts);
|
|
24
70
|
}
|
|
25
71
|
//# sourceMappingURL=utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc,EAAE,UAAoB;IAC/D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;IACjC,OAAO,GAAG,GAAG,IAAI,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,IAAI,MAAM,EAAE,CAAC;YACjD,GAAG,GAAG,GAAG,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,UAAoB;IACjE,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC5C,OAAO,MAAM,GAAG,SAAS,CAAC;AAC5B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,SAAiB,EACjB,UAAqB;IAErB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,MAAM,GAAG,UAAU,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,KAAa,EACb,UAAqB;IAErB,MAAM,MAAM,GAAG,UAAU,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACrC,CAAC"}
|
package/dist/scanner/vsix.d.ts
CHANGED
|
@@ -1,4 +1,10 @@
|
|
|
1
1
|
import type { VsixContents } from "./types.js";
|
|
2
|
+
/** Maximum uncompressed size for a single entry (500 MB). */
|
|
3
|
+
export declare const MAX_ENTRY_SIZE: number;
|
|
4
|
+
/** Maximum total extracted size across all entries (1 GB). */
|
|
5
|
+
export declare const MAX_TOTAL_SIZE: number;
|
|
6
|
+
/** Maximum compression ratio before flagging as suspicious. */
|
|
7
|
+
export declare const MAX_COMPRESSION_RATIO = 100;
|
|
2
8
|
export declare function extractVsix(vsixPath: string): Promise<VsixContents>;
|
|
3
9
|
export declare function loadDirectory(dirPath: string): Promise<VsixContents>;
|
|
4
10
|
export declare function loadExtension(target: string): Promise<VsixContents>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vsix.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"vsix.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;AAO7D,6DAA6D;AAC7D,eAAO,MAAM,cAAc,QAAoB,CAAC;AAEhD,8DAA8D;AAC9D,eAAO,MAAM,cAAc,QAAqB,CAAC;AAEjD,+DAA+D;AAC/D,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAgJzC,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAwEzE;AAoCD,wBAAsB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAqC1E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAUzE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAErD"}
|
package/dist/scanner/vsix.js
CHANGED
|
@@ -6,11 +6,19 @@ const VSIX_EXTENSION_PREFIX = "extension/";
|
|
|
6
6
|
const LOCAL_FILE_HEADER = 0x04034b50;
|
|
7
7
|
const CENTRAL_DIR_HEADER = 0x02014b50;
|
|
8
8
|
const END_OF_CENTRAL_DIR = 0x06054b50;
|
|
9
|
+
/** Maximum uncompressed size for a single entry (500 MB). */
|
|
10
|
+
export const MAX_ENTRY_SIZE = 500 * 1024 * 1024;
|
|
11
|
+
/** Maximum total extracted size across all entries (1 GB). */
|
|
12
|
+
export const MAX_TOTAL_SIZE = 1024 * 1024 * 1024;
|
|
13
|
+
/** Maximum compression ratio before flagging as suspicious. */
|
|
14
|
+
export const MAX_COMPRESSION_RATIO = 100;
|
|
9
15
|
/**
|
|
10
16
|
* Validate that a ZIP entry path is safe (no path traversal).
|
|
11
17
|
* Prevents zip slip attacks by rejecting paths with ".." segments.
|
|
12
18
|
*/
|
|
13
19
|
function isPathSafe(path) {
|
|
20
|
+
if (path.includes("\\"))
|
|
21
|
+
return false;
|
|
14
22
|
const normalized = path.split("/").filter((p) => p !== ".");
|
|
15
23
|
return !normalized.some((segment) => segment === ".." || segment.startsWith(".."));
|
|
16
24
|
}
|
|
@@ -114,13 +122,33 @@ export async function extractVsix(vsixPath) {
|
|
|
114
122
|
const buffer = await readFile(vsixPath);
|
|
115
123
|
const entries = parseZipEntries(buffer);
|
|
116
124
|
const files = new Map();
|
|
125
|
+
const warnings = [];
|
|
117
126
|
let manifest;
|
|
127
|
+
let totalExtractedSize = 0;
|
|
118
128
|
for (const entry of entries) {
|
|
119
|
-
// Validate path before processing to prevent zip slip attacks
|
|
120
129
|
if (!isPathSafe(entry.name)) {
|
|
121
130
|
throw new Error(`Invalid VSIX: path traversal detected in "${entry.name}"`);
|
|
122
131
|
}
|
|
132
|
+
if (entry.uncompressedSize > MAX_ENTRY_SIZE) {
|
|
133
|
+
warnings.push(`Skipped "${entry.name}": declared size ` +
|
|
134
|
+
`${entry.uncompressedSize} exceeds ` +
|
|
135
|
+
`${MAX_ENTRY_SIZE} byte limit`);
|
|
136
|
+
continue;
|
|
137
|
+
}
|
|
138
|
+
if (entry.compressedSize > 0 &&
|
|
139
|
+
entry.uncompressedSize / entry.compressedSize > MAX_COMPRESSION_RATIO) {
|
|
140
|
+
warnings.push(`Skipped "${entry.name}": compression ratio ` +
|
|
141
|
+
`${Math.round(entry.uncompressedSize / entry.compressedSize)}:1 ` +
|
|
142
|
+
`exceeds ${MAX_COMPRESSION_RATIO}:1 limit`);
|
|
143
|
+
continue;
|
|
144
|
+
}
|
|
145
|
+
if (totalExtractedSize + entry.uncompressedSize > MAX_TOTAL_SIZE) {
|
|
146
|
+
warnings.push(`Skipped "${entry.name}": total extracted size would ` +
|
|
147
|
+
`exceed ${MAX_TOTAL_SIZE} byte limit`);
|
|
148
|
+
continue;
|
|
149
|
+
}
|
|
123
150
|
const content = extractEntry(buffer, entry);
|
|
151
|
+
totalExtractedSize += entry.uncompressedSize;
|
|
124
152
|
let relativePath = entry.name;
|
|
125
153
|
if (relativePath.startsWith(VSIX_EXTENSION_PREFIX)) {
|
|
126
154
|
relativePath = relativePath.slice(VSIX_EXTENSION_PREFIX.length);
|
|
@@ -130,30 +158,8 @@ export async function extractVsix(vsixPath) {
|
|
|
130
158
|
manifest = JSON.parse(content.toString("utf8"));
|
|
131
159
|
}
|
|
132
160
|
}
|
|
133
|
-
// Handle non-standard prefixes (e.g., "publisher.name-version/" instead of "extension/")
|
|
134
161
|
if (!manifest) {
|
|
135
|
-
|
|
136
|
-
const match = path.match(/^([^/]+)\/package\.json$/);
|
|
137
|
-
if (match) {
|
|
138
|
-
const prefix = match[1] + "/";
|
|
139
|
-
// Re-normalize all paths with detected prefix
|
|
140
|
-
const normalized = new Map();
|
|
141
|
-
for (const [p, c] of files) {
|
|
142
|
-
if (p.startsWith(prefix)) {
|
|
143
|
-
normalized.set(p.slice(prefix.length), c);
|
|
144
|
-
}
|
|
145
|
-
else {
|
|
146
|
-
normalized.set(p, c);
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
files.clear();
|
|
150
|
-
for (const [p, c] of normalized) {
|
|
151
|
-
files.set(p, c);
|
|
152
|
-
}
|
|
153
|
-
manifest = JSON.parse(content.toString("utf8"));
|
|
154
|
-
break;
|
|
155
|
-
}
|
|
156
|
-
}
|
|
162
|
+
manifest = findManifestWithNonStandardPrefix(files);
|
|
157
163
|
}
|
|
158
164
|
if (!manifest) {
|
|
159
165
|
throw new Error("Invalid VSIX: missing package.json");
|
|
@@ -162,8 +168,38 @@ export async function extractVsix(vsixPath) {
|
|
|
162
168
|
manifest,
|
|
163
169
|
files,
|
|
164
170
|
basePath: vsixPath,
|
|
171
|
+
...(warnings.length > 0 ? { warnings } : {}),
|
|
165
172
|
};
|
|
166
173
|
}
|
|
174
|
+
/**
|
|
175
|
+
* Find package.json under a non-standard prefix
|
|
176
|
+
* (e.g. "publisher.name-version/" instead of "extension/")
|
|
177
|
+
* and re-normalize all paths.
|
|
178
|
+
*/
|
|
179
|
+
function findManifestWithNonStandardPrefix(files) {
|
|
180
|
+
for (const [path, content] of files) {
|
|
181
|
+
const match = path.match(/^([^/]+)\/package\.json$/);
|
|
182
|
+
if (!match) {
|
|
183
|
+
continue;
|
|
184
|
+
}
|
|
185
|
+
const prefix = match[1] + "/";
|
|
186
|
+
const normalized = new Map();
|
|
187
|
+
for (const [p, c] of files) {
|
|
188
|
+
if (p.startsWith(prefix)) {
|
|
189
|
+
normalized.set(p.slice(prefix.length), c);
|
|
190
|
+
}
|
|
191
|
+
else {
|
|
192
|
+
normalized.set(p, c);
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
files.clear();
|
|
196
|
+
for (const [p, c] of normalized) {
|
|
197
|
+
files.set(p, c);
|
|
198
|
+
}
|
|
199
|
+
return JSON.parse(content.toString("utf8"));
|
|
200
|
+
}
|
|
201
|
+
return undefined;
|
|
202
|
+
}
|
|
167
203
|
export async function loadDirectory(dirPath) {
|
|
168
204
|
const files = new Map();
|
|
169
205
|
async function walkDir(dir) {
|
package/dist/scanner/vsix.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vsix.js","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAC3C,MAAM,iBAAiB,GAAG,UAAU,CAAC;AACrC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AACtC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACrF,CAAC;AAkBD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,IAAI,MAAM,GAAG,QAAQ,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC;QAEpF,yCAAyC;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,cAAc;gBACd,gBAAgB;gBAChB,iBAAiB;gBACjB,iBAAiB;aAClB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,EAAE,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;IAC9D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEzC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,sBAAsB,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,gBAAgB,CAAC;QAEnE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,KAAe;IACnD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;IAElG,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"vsix.js","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAC3C,MAAM,iBAAiB,GAAG,UAAU,CAAC;AACrC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AACtC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC,6DAA6D;AAC7D,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD,8DAA8D;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAEjD,+DAA+D;AAC/D,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAEzC;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACrF,CAAC;AAkBD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,IAAI,MAAM,GAAG,QAAQ,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC;QAEpF,yCAAyC;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,cAAc;gBACd,gBAAgB;gBAChB,iBAAiB;gBACjB,iBAAiB;aAClB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,EAAE,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;IAC9D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEzC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,sBAAsB,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,gBAAgB,CAAC;QAEnE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,KAAe;IACnD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;IAElG,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACxC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,QAAkC,CAAC;IACvC,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAE3B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,KAAK,CAAC,gBAAgB,GAAG,cAAc,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,mBAAmB;gBACvC,GAAG,KAAK,CAAC,gBAAgB,WAAW;gBACpC,GAAG,cAAc,aAAa,CACjC,CAAC;YACF,SAAS;QACX,CAAC;QAED,IACE,KAAK,CAAC,cAAc,GAAG,CAAC;YACxB,KAAK,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,GAAG,qBAAqB,EACrE,CAAC;YACD,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,uBAAuB;gBAC3C,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,CAAC,KAAK;gBACjE,WAAW,qBAAqB,UAAU,CAC7C,CAAC;YACF,SAAS;QACX,CAAC;QAED,IAAI,kBAAkB,GAAG,KAAK,CAAC,gBAAgB,GAAG,cAAc,EAAE,CAAC;YACjE,QAAQ,CAAC,IAAI,CACX,YAAY,KAAK,CAAC,IAAI,gCAAgC;gBACpD,UAAU,cAAc,aAAa,CACxC,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5C,kBAAkB,IAAI,KAAK,CAAC,gBAAgB,CAAC;QAE7C,IAAI,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;QAC9B,IAAI,YAAY,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACnD,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAEjC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YACpC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,iCAAiC,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,QAAQ;QAClB,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,iCAAiC,CAAC,KAA0B;IACnE,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAC9B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;YAChC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IAC9D,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAExC,KAAK,UAAU,OAAO,CAAC,GAAW;QAChC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAEvC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC3D,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvB,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACjD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IAE7E,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,OAAO;KAClB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC;IAEjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,qCAAqC,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC"}
|