Skip to content

VS Code Extension for Inline Security Warnings #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dagangtj wants to merge 1 commit into
base: main
Choose a base branch
from
Open

VS Code Extension for Inline Security Warnings #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions vscode-extension/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
node_modules
out
.vscode-test
*.vsix
10 changes: 10 additions & 0 deletions vscode-extension/.vscodeignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
.vscode/**
.vscode-test/**
src/**
.gitignore
.yarnrc
vsc-extension-quickstart.md
**/tsconfig.json
**/.eslintrc.json
**/*.map
**/*.ts
72 changes: 72 additions & 0 deletions vscode-extension/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# ISNAD VS Code Extension

Real-time security scanning for AI agent code with inline warnings.

## Features

- **Real-time scanning**: Detects security issues as you type or save
- **Inline warnings**: Shows diagnostics directly in the editor
- **Hover tooltips**: Detailed information on hover
- **Risk levels**: Critical, High, Medium, Low severity indicators
- **Workspace scanning**: Scan entire workspace with one command
- **Configurable sensitivity**: Adjust scan sensitivity to your needs

## Installation

1. Install from VS Code Marketplace (coming soon)
2. Or install from VSIX:
```bash
code --install-extension isnad-vscode-0.1.0.vsix
```

## Usage

### Automatic Scanning

The extension automatically scans:
- JavaScript/TypeScript files
- Python files
- On file open, save, or change (configurable)

### Manual Commands

- `ISNAD: Scan Current File` - Scan the active file
- `ISNAD: Scan Workspace` - Scan all files in workspace

### Configuration

```json
{
"isnad.enabled": true,
"isnad.sensitivity": "medium",
"isnad.scanOnSave": true,
"isnad.scanOnType": false
}
```

## Security Patterns Detected

- **Code Execution**: eval(), exec(), spawn()
- **Data Exfiltration**: Dynamic fetches, webhooks
- **Credential Access**: Environment variables, sensitive files
- **File System Abuse**: System directory writes
- **Network**: Raw sockets, DNS exfiltration
- **Obfuscation**: Hex strings, char codes
- **Security Bypass**: TLS rejection disabled

## Status Bar

Shows current file's security status:
- 🔴 Critical risk
- 🟠 High risk
- 🟡 Medium risk
- 🟢 Low risk
- ✅ Clean

## Contributing

See [ISNAD repository](https://github.com/counterspec/isnad) for contribution guidelines.

## License

MIT
Loading