Is DLT-Logs safe?

Findings

Unverified Publisher

Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.

medium

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

Purpose and Intention

The DLT-Logs extension is designed to open, view, and analyze DLT diagnostic log and trace files within VSCode. It provides features like lifecycle detection, filtering, time synchronization, and exporting of log data. The code manages document providers for DLT and ADLT files, registers various commands for interacting with logs, and integrates with the VSCode UI (tree views, status bar, etc.).

API Calls and Extension Behavior

VSCode API Usage:
- Registers file system providers for custom schemes (dlt-logs, adlt), allowing the extension to open and manage DLT/ADLT files.
- Registers many commands (e.g., open file, export, filter management, search, etc.) for user interaction.
- Uses output channels, status bar items, tree views, and quick pick dialogs for UI integration.
- Uses globalState to persist extension version and some user settings (e.g., last used remote authority).
- Opens external URLs for documentation, changelog, and sponsorship via vscode.env.openExternal.
Network Activity:
- The extension can open remote ADLT files via a user-specified WebSocket address (e.g., ws://<ip>:<port>). However, this is initiated by the user and is part of the extension's core functionality.
- No evidence of unsolicited or hidden network requests.
Telemetry:
- Uses @vscode/extension-telemetry to send telemetry events (e.g., activation, file open events). The telemetry key is stored in base64 and decoded at runtime, but this is a minor obfuscation to avoid bots, not a security concern.
- Example:
```
const strKE = 'ZjJlMDA4NTQtNmU5NC00ZDVlLTkxNDAtOGFiNmIzNTllODBi';
const strK = Buffer.from(strKE, 'base64').toString();
reporter = new extension_telemetry_1.default(strK);
reporter?.sendTelemetryEvent('activate');
```
- Telemetry is limited to extension lifecycle and usage events, not user content or sensitive data.
Filesystem Activity:
- Reads and writes configuration via VSCode's configuration API.
- Registers file system providers for reading/writing DLT/ADLT files.
- No evidence of arbitrary file system access or exfiltration.
Process Execution:
- Can open a VSCode terminal for the user to run the adlt binary, but does not execute arbitrary processes on its own.
Obfuscation:
- The only obfuscation is the base64 encoding of the telemetry key, which is a minor and transparent measure.
- No string encryption, control flow flattening, or other obfuscation techniques.
Potential Backdoors, Data Exfiltration, or Code Execution:
- No evidence of backdoors, hidden code execution, or data exfiltration.
- All network and file operations are user-initiated and within the extension's stated purpose.

Summary:

The code is consistent with the stated purpose of a DLT log viewer and analyzer. All network, filesystem, and telemetry operations are transparent and expected for this type of extension. There is no evidence of malicious behavior or significant obfuscation.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

low

vscode.MarkdownString

vscode

/extension/out/adltDocumentProvider.js

low

vscode.TextEditorDecorationType

vscode

/extension/out/adltDocumentProvider.js

low

vscode.EventEmitter

vscode

/extension/out/adltDocumentProvider.js

All API calls are available for Enterprise users

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

GitHubOauth2

/extension/CHANGELOG.md

Unverified

GitHubOauth2

/extension/CHANGELOG.md

Unverified

GitHubOauth2

/extension/CHANGELOG.md

Unverified

All secrets are available for Enterprise users

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

GHSA-3h5v-q93c-6h6q

ws affected by a DoS when handling a request with many HTTP headers

CVSS:

GHSA-x3cc-x39p-42qx

fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

CVSS:

All vulnerabilities are available for Enterprise users

External communication

Any identifiers we detected that may indicate external communication from the item's code

https://github.com/mbehr1/dlt-logs/blob/master/CHANGELOG.md

extension/out/extension.js

https://github.com/sponsors/mbehr1

extension/out/extension.js

All external communications are available for Enterprise users

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

@commitlint/cli

Version:

Unknown

@commitlint/config-conventional

Version:

Unknown

@semantic-release/changelog

Version:

Unknown

All dependencies are available for Enterprise users

Licenses & Compliance

Licenses

Creative Commons Attribution Non Commercial Share Alike 4.0 International

View License

"Attribution-NonCommercial-ShareAlike 4.0 International\n\n=======================================================================\n\nCreative Commons Corporation (\u0022Creative Commons\u0022) is not...