Expand description
§permission-auditor
Audit a list of Chrome / Manifest V3 extension permissions against a
curated risk database and produce a per-extension AuditReport:
- a risk level (
Low/Medium/High/Critical) for each permission, plus a short plain-English description of what it grants, - recognition for host-access patterns (
<all_urls>, scheme wildcards, scoped match-patterns) and broad-vs-scoped classification, - an overall verdict for the whole extension, with the count of each severity and the single highest permission driving it.
This is a more comprehensive companion to
ext-permission-risk:
it covers the full MV3 permission surface, adds a Critical tier for the
truly dangerous combinations (arbitrary host access + code injection),
and returns a structured report rather than a single lookup.
Pure Rust, zero dependencies, #![forbid(unsafe_code)], fully tested.
This is the audit engine behind the zovo.one Chrome-extension privacy & security scanner.
§Quick example
use permission_auditor::{audit, RiskLevel};
let report = audit(&[
"activeTab",
"storage",
"tabs",
"<all_urls>",
"scripting",
"cookies",
]);
// activeTab and storage are Low; tabs is Medium; <all_urls> is Critical;
// scripting + cookies are High. The broad-host + code combo escalates to
// Critical — this is the canonical surveillance capability set.
assert_eq!(report.overall, RiskLevel::Critical);
assert!(report.critical_count >= 1);
assert!(report.high_count >= 2);
assert_eq!(report.findings.len(), 6);
assert!(report.findings.iter().any(|f| f.token == "<all_urls>"));Structs§
- Audit
Report - A complete audit of one extension’s permission list.
- Finding
- A single audited permission: the token, the resolved risk level, a description, and where the classification came from.
- Permission
Entry - A single database row: the manifest token exactly as it appears in a manifest, its risk tier, and a plain-English description.
Enums§
- Finding
Kind - Whether a finding came from the curated named-token database or was synthesised for a host match-pattern / unknown token.
- Host
Scope - The scope of a host-access match pattern.
- Risk
Level - The four-tier risk classification used by the audit.
Constants§
- RISK_
DATABASE - The full curated MV3 permission risk database.
Functions§
- audit
- Audit a list of manifest permission tokens and return a structured
AuditReport. - audit_
with_ manifest_ version - Like
auditbut also takes the manifest version, which is surfaced on the report. A missing/unknown version is treated permissively (no downgrades), since MV2 extensions are still in the wild and we’d rather over-report than miss awebRequest-blocking grant. - classify_
host_ pattern - Classify a token into one of the host-pattern scopes.
- find_
permission - Look up a single permission token in the database.
- is_
host_ access_ pattern - Heuristic: does
tokenlook like a Manifest V3 host match-pattern (scheme://host/path) or a special broad-access token, rather than a named permission token?