I published a paper to solve the "unrestricted access" dangerous VSCode Extensions have.
The paper outlines a 3-part automated system:
1. Risk profile VS Code Extensions
2. Generate per-extension sandboxing policies automatically
3. Enforce sandboxing at runtime without disrupting existing system
The goal was an extremely low-profile system that doesn't require additional software. This could be an important asset in the increasingly dangerous and unregulated VSCode extension ecosystem.
Btw, the risk-profiling section is an evolution of my free extension scanner vscan.dev. If you any questions about vscan.dev, you can reach out at vscandevteam@gmail.com.
shadow-ninja•2h ago
The paper outlines a 3-part automated system: 1. Risk profile VS Code Extensions 2. Generate per-extension sandboxing policies automatically 3. Enforce sandboxing at runtime without disrupting existing system
The goal was an extremely low-profile system that doesn't require additional software. This could be an important asset in the increasingly dangerous and unregulated VSCode extension ecosystem.
Btw, the risk-profiling section is an evolution of my free extension scanner vscan.dev. If you any questions about vscan.dev, you can reach out at vscandevteam@gmail.com.