[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Code Coverage Calculator

Version 0.8.9 View in Chrome Web Store

Last scanned: about 4 hours ago

Extension Details

Rating: 4.5 ★ (13 ratings)

Users: 2,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a solid 4.5-star rating from 13 reviews and serves 2,000 users, indicating reasonable user satisfaction. However, the lack of visible author and developer information raises transparency concerns. The specific focus on Salesforce platforms suggests legitimate business use, as code coverage calculation is a standard development practice in Salesforce environments.

Concerns:

The extension targets Salesforce domains exclusively, which could access sensitive business data and proprietary code. While the storage permission is necessary for functionality, it allows data persistence that could potentially retain sensitive information. The use of Manifest V2 presents security limitations compared to the more restrictive V3 standard. The missing developer information makes it difficult to verify the extension's legitimacy and accountability.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to Salesforce development work to isolate potential risks from your main browsing environment. Verify the extension's legitimacy through your organization's IT security team before use, especially given the access to Salesforce environments. Monitor what data the extension stores locally and consider regular cleanup. Look for alternative extensions that use Manifest V3 and provide clearer developer identification. If this extension is critical for your workflow, ensure your Salesforce environment has appropriate access controls and monitoring in place.

Findings

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "Code Coverage Calculator",
  "icons": {
    "16": "img/icons/16.png",
    "48": "img/icons/48.png",
    "128": "img/icons/128.png"
  },
  "author": "Sumit Bhatt",
  "version": "0.8.9",
  "background": {
    "scripts": [
      "js/background.js"
    ],
    "persistent": false
  },
  "update_url": "http://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Dncdifkcipeniikkbckejmnbbcofdheig%26uc",
  "description": "Shows the code coverage of opened tab interactively without going to developer console",
  "permissions": [
    "storage"
  ],
  "browser_action": {
    "default_icon": "img/codecoveragecalculator.png",
    "default_popup": "view/popup.html"
  },
  "content_scripts": [
    {
      "js": [
        "js/jquery.js",
        "js/forcetk.js",
        "js/tinycon.js",
        "js/contentscript.js"
      ],
      "matches": [
        "https://*.salesforce.com/*",
        "https://*.force.com/*"
      ]
    }
  ],
  "manifest_version": 2
}

by ✦ Astarte

http://bit.ly/sforce_ajax_proxy	https://na1.salesforce.com/
https://login.salesforce.com/	http://www.salesforce.com/us/developer/docs/api_rest/Content/dome_query.htm
http://tommoor.com	https://github.com/mrdoob/three.js/issues/1305
http://clients2.google.com/service/update2/crx?response=updatecheck&x=id%3Dncdifkcipeniikkbckejmnbbcofdheig%26uc

Code Coverage Calculator

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (7 total):

Raw Manifest

Detections

Manifest Findings