IDE security

IDE and editor extension security

Editor extensions run inside the developer's machine with the same privileges as the editor itself. That makes a poisoned VS Code, JetBrains, or Eclipse plugin one of the shortest paths to source code, tokens, and CI.

In shortIDE extensions execute with full developer privileges, so they can run shell commands, read credential files, and load native code; Extuno analyzes them with static bytecode and JS scanning, an isolated dynamic sandbox, and AI source review.

Why are IDE extensions a high-value target?

An editor extension is not a sandboxed web page. It loads into the editor process and inherits whatever the developer can do: read the working tree, the home directory, environment variables, SSH keys, cloud credential files, and the tokens that authenticate pushes and deploys. A single malicious plugin can run on every project the developer opens.

The three editor families Extuno scans behave differently under the hood. VS Code extensions are JavaScript running in a Node extension host. JetBrains plugins and Eclipse plugins are JVM bytecode that can call any Java API, spawn processes, and load native libraries. Detection has to read all three.

What can a malicious editor plugin actually do?

The dangerous capabilities are mundane editor features used against the developer. Command and process execution lets a plugin run a shell payload on activation or when a contributed command fires. Credential theft reads .env, ~/.aws/credentials, ~/.ssh/id_rsa, .npmrc, and IDE secret stores, then exfiltrates them over HTTP. Native code load (a bundled .node addon or a JVM URLClassLoader pulling a remote class) smuggles code past a reviewer reading only the visible source.

Extuno surfaces these as evidence-backed findings, not a bare score. Every finding names the file, the line, the dangerous call, and the recommended action. The same families appear in our malicious database of recorded campaigns.

How does static analysis read three different formats?

Static analysis reads the package without running it. For VS Code, that means scanning the JavaScript and the package.json manifest with the full rule set: more than 1100 static rules and over 1000 secret detectors. For JetBrains and Eclipse, Extuno unpacks the inner JARs and scans the JVM bytecode constant pool for dangerous API signatures: Runtime.exec and ProcessBuilder, URLClassLoader.addURL, ScriptEngine, and references to credential file paths or cloud key environment names.

The scanner never executes the plugin, so static review is itself RCE-safe. A credential read combined with a network sink in the same file is flagged as confirmed exfiltration; see the per-ecosystem detection rules for the exact signatures.

What does the dynamic sandbox add?

Static signals prove capability; the dynamic sandbox proves behavior. Extuno loads the extension inside an isolated, network-segmented microVM and observes what it does at activation and when its commands and startup hooks fire. For JVM plugins it runs an instrumented Java loader; for VS Code and Node-based plugins it runs an instrumented Node host.

The sandbox seeds a decoy home directory with fake credential files and a decoy token environment, so only fake data can ever leave the boundary. It captures the exact endpoints contacted, the data sent in each request body, the API calls made, and screenshots where a UI renders. A read of the decoy credentials followed by an outbound request is recorded as a confirmed theft, with the destination and payload attached to the finding.

How does AI review and version-diffing fit in?

AI code analysis reads the full source and explains what each suspicious construct does, decodes lightly obfuscated assembled URLs and credential values, and correlates behavior across versions. It is advisory: it never overrides the static or dynamic verdict, so it adds context without inflating the band.

The headline defense is version-diffing. A plugin that was clean for months can ship a poisoned update through its marketplace channel. Extuno compares each new version against the prior one and raises a high-signal alert when an update introduces a new exfiltration endpoint, new process execution, new native code load, or a band escalation. Pair this with marketplace monitoring to catch the change at update time rather than after the breach.

How do I put IDE extension scanning into a workflow?

Start with the extensions and plugins your team already has installed, then add a monitor so each new version is re-scanned automatically when it changes. For packaged plugins shipped from your own build, run a scan in CI: Extuno emits SARIF for inline annotations, JSON for tooling, and a pass/fail gate keyed on severity or category so a credential leak or install-time exec blocks the build.

Read the ecosystem guides for the specifics of each format and verdict policy: VS CodeOpen VSX, JetBrains, and Eclipse. The same evidence model and static plus dynamic layers apply to all three.

Bytecode signal flagged in a JetBrains plugin
EXT-JB-CRED-EXFIL  (high)
  class: com.acme.helper.Updater
  reads: System.getenv("AWS_SECRET_ACCESS_KEY")
  sink:  java.net.http.HttpClient.send -> https://cdn-metrics.example
  action: remove plugin; rotate AWS keys

Frequently asked questions

Which IDE ecosystems does Extuno scan?

Extuno scans VS Code extensions, JetBrains plugins, and Eclipse plugins as first-class targets, alongside Chrome, Firefox, Discord client mods, npm, PyPI, WordPress, Composer, and Maven. That is twelve ecosystems total, each with static and dynamic analysis.

Does Extuno run the plugin to analyze it?

Static analysis reads the package without executing it, so it is RCE-safe. Dynamic analysis runs the plugin inside an isolated, network-segmented microVM with a decoy home directory, so only fake credential data can ever leave the boundary.

Can it detect a plugin that turns malicious in an update?

Yes. Version-diffing compares each new version against the prior one and raises an alert when an update introduces a new exfiltration endpoint, new process execution, new native code load, or a band escalation. This is the supply-chain signal the platform is built around.

What does a finding include?

Every finding carries evidence: the file, the line, the dangerous call or captured request, why it is dangerous, and a recommended action. Dynamic findings also include the contacted endpoint and the data sent in the request body.

Can I gate a build on plugin findings?

Yes. Scans produce SARIF and JSON output plus a pass/fail gate keyed on severity or category, so a credential leak or install-time command execution can block a CI build.

Related