Skip to content
/ UntrustIDE Public

A framework for identifying vulnerabilities in VS Code extensions

License

MIT license
16 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

s3c2/UntrustIDE

BranchesTags

Repository files navigation

UntrustIDE

UntrustIDE is our work on exploiting weaknesses in VS Code extensions.

We identified a total of 716 dangerous data flows in extensions.

We verified 21 extension vulnerabilities with PoC exploits for code injection, impacting more than 6 million installations.

Extension developers and GitHub were notified of our results.

Research paper for our work

UntrustIDE: Exploiting Weaknesses in VS Code Extensions @ NDSS Symposium 2024

If you think academic papers are too long and dense, here is a slimmed down blog post:
Weaknesses in VS Code Extensions

What is in this repo?

This is a modified copy of the vscode-codeql-starter repository.

The repo includes

  • Example queries to identify sources and sinks, visit queries/source-and-sink
  • A set of CodeQL rules for identifying VS Code extension vulnerabilities, visit queries/dataflow.
    For more on how the dataflow queries work, visit dataflow docs
  • sample CodeQL databases at sample-data to test the queries on
  • The ql folder contains libraries in order for the CodeQL queries to function properly

Requirements

Install Visual Studio Code, download here

To run these queries, set up the VS Code extension for CodeQL.
If the CLI interface is preferred, install CodeQL and set up the CodeQL CLI.

Have a VS Code extension source code, sample data is provided in subdirectory sample-data

Quickstart

Building CodeQL Databases

Sample databases are provided: sample-data.

If you wish to run it on other extensions, download the source code and build the source code into CodeQL databases by running the following command in the source code directory. (CodeQL CLI required)
codeql database create <database-output-directory> --language=javascript

Running Queries With the VS Code CodeQL extension

  1. Open this repo in VS Code, this will ensure all required libraries of CodeQL are accessible for the queries to execute successfully.

  2. Load database
    Select From a folder and choose from the databases provided in sample-data
    load-database

  3. Select database (the checkmark indicates database is selected)
    select-database

  4. In VS Code, right-click on query file or open a query file and right-click. Select option CodeQL: Run Query on Selected Database to run the query.
    run-query

Results will display in VS Code.

About

A framework for identifying vulnerabilities in VS Code extensions

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

16 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

v1.0.0 Latest
Nov 17, 2023

Packages

No packages published

Languages