Description
The manifest parser in src/extension_shield/core/manifest_parser.py correctly extracts host permissions, but the risk scoring engine in security_scorer.py treats them as a binary signal. There is no differentiation between an extension scoped to *://*.amazon.com/* (single domain) and one requesting *://*/* (all websites).
The _calculate_permissions_risk() method only checks for <all_urls> and *://*/*; all other host permission patterns receive no additional analysis. The project already includes src/extension_shield/config/sensitive_domains.json but this file is not referenced by the scoring engine.
Problem
- Extensions scoped to specific, non-sensitive domains receive inflated risk scores (false positives)
- No distinction between broad access and narrow scope
- Existing
sensitive_domains.json configuration is present in the project but underutilized by the scorer
Expected Behavior
- Broad access (
<all_urls>, *://*/*) should carry a higher risk penalty than single-domain access
- Sensitive domains (banking, email, government) should be treated differently from non-sensitive ones
- The scope context should be visible in the scan report (e.g., "This extension runs on 2 specific domains")
Description
The manifest parser in
src/extension_shield/core/manifest_parser.pycorrectly extracts host permissions, but the risk scoring engine insecurity_scorer.pytreats them as a binary signal. There is no differentiation between an extension scoped to*://*.amazon.com/*(single domain) and one requesting*://*/*(all websites).The
_calculate_permissions_risk()method only checks for<all_urls>and*://*/*; all other host permission patterns receive no additional analysis. The project already includessrc/extension_shield/config/sensitive_domains.jsonbut this file is not referenced by the scoring engine.Problem
sensitive_domains.jsonconfiguration is present in the project but underutilized by the scorerExpected Behavior
<all_urls>,*://*/*) should carry a higher risk penalty than single-domain access