[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Code Coverage Calculator

Version 0.8.9 View in Chrome Web Store

Last scanned: about 19 hours ago

Extension Details

Rating: 4.4 ★ (12 ratings)

Users: 1,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a decent rating of 4.4 stars from 12 reviews, indicating positive user experiences. However, the small user base of only 1,000 users suggests limited adoption and testing. The lack of visible author and developer information raises some transparency concerns, making it difficult to assess the developer's credibility or track record.

Concerns:

The extension targets Salesforce environments specifically (salesforce.com and force.com domains), which are enterprise platforms containing sensitive business data. While the storage permission is relatively benign for a code coverage tool that likely needs to save calculation results, the combination of Salesforce access and data storage capabilities requires attention. The use of Manifest V2 indicates the extension hasn't been updated to current security standards, which could expose users to deprecated security practices.

Recommendations:

Given the medium risk level and Salesforce integration, consider running this extension in a separate Chrome profile dedicated to development work, especially if you handle sensitive production Salesforce data. Monitor the extension's behavior and ensure it only accesses development or sandbox Salesforce environments rather than production instances. Look for alternative extensions that use Manifest V3 if available, or contact the developer about upgrade plans. Regularly review what data the extension stores locally and clear it when no longer needed.

Findings

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "Code Coverage Calculator",
  "icons": {
    "16": "img/icons/16.png",
    "48": "img/icons/48.png",
    "128": "img/icons/128.png"
  },
  "author": "Sumit Bhatt",
  "version": "0.8.9",
  "background": {
    "scripts": [
      "js/background.js"
    ],
    "persistent": false
  },
  "update_url": "http://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Dncdifkcipeniikkbckejmnbbcofdheig%26uc",
  "description": "Shows the code coverage of opened tab interactively without going to developer console",
  "permissions": [
    "storage"
  ],
  "browser_action": {
    "default_icon": "img/codecoveragecalculator.png",
    "default_popup": "view/popup.html"
  },
  "content_scripts": [
    {
      "js": [
        "js/jquery.js",
        "js/forcetk.js",
        "js/tinycon.js",
        "js/contentscript.js"
      ],
      "matches": [
        "https://*.salesforce.com/*",
        "https://*.force.com/*"
      ]
    }
  ],
  "manifest_version": 2
}

by ✦ Astarte

http://bit.ly/sforce_ajax_proxy	https://na1.salesforce.com/
https://login.salesforce.com/	http://www.salesforce.com/us/developer/docs/api_rest/Content/dome_query.htm
http://tommoor.com	https://github.com/mrdoob/three.js/issues/1305
http://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Dncdifkcipeniikkbckejmnbbcofdheig%26uc

Code Coverage Calculator

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (7 total):

Raw Manifest

Detections

Manifest Findings