Evaluating the Language-Based Security for Plugin Development in VScode development
This repo is for evaluating the language-Based Security for Plugin Development. The developing environment is based on VScode and employs JavaScipt mainly.
- Developing VScode extensions that try to access files, network, other parts of the application that plugin user does not expect.
- Exploring the CVE that take advantage of similar capability- based accesses and implementing them as VScode extension exploits.
- Analysis of which of these can be addressed by languages that support capability-based module systems like Wyvern.