feat(windows): ide plugin detection

Signed-off-by: Swarit Pandey <swarit@stepsecurity.io>

Author: swarit-stepsecurity

CHANGELOG.md

@@ -16,6 +16,7 @@ See [VERSIONING.md](VERSIONING.md) for why the version starts at 1.8.1.
 - **Glob-based Windows path matching**: `detectWindows` now supports wildcard patterns in `WinPaths` for IDEs that embed version numbers in folder names (e.g., `C:\Program Files\JetBrains\GoLand 2025.1.3\`). Picks the newest installation when multiple versions are present.
 - **`product-info.json` version extraction**: Reads the JetBrains `product-info.json` file for accurate marketing version numbers (avoids registry build numbers).
 - **`.eclipseproduct` version extraction**: Reads Eclipse's `.eclipseproduct` properties file for version detection on Windows (Eclipse does not register in the Windows registry).
+- **JetBrains plugin detection** (macOS + Windows): Detects user-installed plugins for all JetBrains IDEs by reading `product-info.json` to resolve the config directory, then scanning the plugins directory. Version extracted from JAR filenames.
 
 ## [1.9.2] - 2026-04-15
 

SCAN_COVERAGE.md

@@ -73,12 +73,16 @@ This document catalogs everything Dev Machine Guard detects. Contributions to ex
 | Open Interpreter      | `~/.config/open-interpreter/config.yaml`            | OpenSource|
 | Codex                 | `~/.codex/config.toml`                              | OpenAI    |
 
-## IDE Extensions
+## IDE Extensions & Plugins
 
-| IDE         | Extensions Directory           | Format                        |
-|-------------|--------------------------------|-------------------------------|
-| VS Code     | `~/.vscode/extensions`         | `publisher.name-version`      |
-| Cursor      | `~/.cursor/extensions`         | `publisher.name-version`      |
+| IDE              | Extensions/Plugins Directory                                                  | Format                        |
+|------------------|-------------------------------------------------------------------------------|-------------------------------|
+| VS Code          | `~/.vscode/extensions`                                                        | `publisher.name-version`      |
+| Cursor           | `~/.cursor/extensions`                                                        | `publisher.name-version`      |
+| JetBrains IDEs   | macOS: `~/Library/Application Support/JetBrains/<dataDir>/plugins/`           | `<name>/lib/<name>-version.jar` |
+|                  | Windows: `%APPDATA%\JetBrains\<dataDir>\plugins\`                            |                               |
+
+JetBrains plugin detection reads `product-info.json` from the IDE install path to resolve the `dataDirectoryName` (e.g., `GoLand2025.1`), then scans user-installed plugins. Only user-installed plugins are reported (bundled plugins in the install directory are excluded).
 
 ## Node.js Package Scanning (Optional)
 

internal/detector/jetbrains.go

@@ -0,0 +1,236 @@
+package detector
+
+import (
+	"context"
+	"encoding/json"
+	"path/filepath"
+	"strings"
+
+	"github.com/step-security/dev-machine-guard/internal/executor"
+	"github.com/step-security/dev-machine-guard/internal/model"
+)
+
+// jetbrainsProductInfo holds the fields we read from product-info.json.
+type jetbrainsProductInfo struct {
+	DataDirectoryName string `json:"dataDirectoryName"`
+	ProductVendor     string `json:"productVendor"`
+}
+
+// JetBrainsPluginDetector collects user-installed plugins from JetBrains-family IDEs.
+//
+// It reads product-info.json from each detected IDE's install path to obtain
+// the dataDirectoryName and productVendor, then scans the platform-specific
+// config directory for user-installed plugins:
+//
+//   - macOS:   ~/Library/Application Support/<vendor>/<dataDirectoryName>/plugins/
+//   - Windows: %APPDATA%/<vendor>/<dataDirectoryName>/plugins/
+//
+// Also checks for custom plugin path overrides in idea.properties.
+// Plugin version is extracted from JAR filenames matching <pluginDirName>-<version>.jar.
+type JetBrainsPluginDetector struct {
+	exec executor.Executor
+}
+
+func NewJetBrainsPluginDetector(exec executor.Executor) *JetBrainsPluginDetector {
+	return &JetBrainsPluginDetector{exec: exec}
+}
+
+// Detect scans for user-installed plugins across all detected JetBrains-family IDEs.
+func (d *JetBrainsPluginDetector) Detect(_ context.Context, ides []model.IDE) []model.Extension {
+	var results []model.Extension
+
+	for _, ide := range ides {
+		pluginsDir := d.resolvePluginsDir(ide)
+		if pluginsDir == "" {
+			continue
+		}
+
+		plugins := d.collectPlugins(pluginsDir, ide.IDEType)
+		results = append(results, plugins...)
+	}
+
+	return results
+}
+
+// resolvePluginsDir reads product-info.json from the IDE's install path,
+// then returns the platform-specific user plugins path.
+// Returns "" if the IDE doesn't have product-info.json (non-JetBrains IDEs).
+//
+// Resolution order:
+//  1. Check idea.plugins.path in user's idea.properties (custom override)
+//  2. Use default: <config-base>/<vendor>/<dataDirectoryName>/plugins/
+func (d *JetBrainsPluginDetector) resolvePluginsDir(ide model.IDE) string {
+	info := d.readProductInfo(ide.InstallPath)
+	if info.DataDirectoryName == "" {
+		return ""
+	}
+
+	vendor := info.ProductVendor
+	if vendor == "" {
+		vendor = "JetBrains" // safe default for older installations
+	}
+
+	configDir := d.resolveConfigDir(vendor, info.DataDirectoryName)
+	if configDir == "" {
+		return ""
+	}
+
+	// Check for custom plugin path override in idea.properties
+	if customPath := d.readCustomPluginsPath(configDir); customPath != "" {
+		return customPath
+	}
+
+	return filepath.Join(configDir, "plugins")
+}
+
+// resolveConfigDir returns the platform-specific JetBrains config directory.
+// macOS:   ~/Library/Application Support/<vendor>/<dataDirectoryName>/
+// Windows: %APPDATA%/<vendor>/<dataDirectoryName>/ (also checks %LOCALAPPDATA%)
+func (d *JetBrainsPluginDetector) resolveConfigDir(vendor, dataDirName string) string {
+	if d.exec.GOOS() == "windows" {
+		// Most JetBrains IDEs use APPDATA; Android Studio uses LOCALAPPDATA
+		for _, envVar := range []string{"APPDATA", "LOCALAPPDATA"} {
+			base := d.exec.Getenv(envVar)
+			if base == "" {
+				continue
+			}
+			dir := filepath.Join(base, vendor, dataDirName)
+			if d.exec.DirExists(dir) {
+				return dir
+			}
+		}
+		// Fall back to APPDATA even if dir doesn't exist yet
+		appData := d.exec.Getenv("APPDATA")
+		if appData != "" {
+			return filepath.Join(appData, vendor, dataDirName)
+		}
+		return ""
+	}
+
+	homeDir := getHomeDir(d.exec)
+	return filepath.Join(homeDir, "Library", "Application Support", vendor, dataDirName)
+}
+
+// readProductInfo reads dataDirectoryName and productVendor from product-info.json.
+// On macOS: <installPath>/Contents/Resources/product-info.json
+// On Windows: <installPath>/product-info.json
+func (d *JetBrainsPluginDetector) readProductInfo(installPath string) jetbrainsProductInfo {
+	var productInfoPath string
+	if d.exec.GOOS() == "windows" {
+		productInfoPath = filepath.Join(installPath, "product-info.json")
+	} else {
+		productInfoPath = filepath.Join(installPath, "Contents", "Resources", "product-info.json")
+	}
+
+	data, err := d.exec.ReadFile(productInfoPath)
+	if err != nil {
+		return jetbrainsProductInfo{}
+	}
+
+	var info jetbrainsProductInfo
+	if err := json.Unmarshal(data, &info); err != nil {
+		return jetbrainsProductInfo{}
+	}
+	return info
+}
+
+// readCustomPluginsPath checks for idea.plugins.path override in idea.properties.
+// Returns the custom path if set, or "" if not found/overridden.
+func (d *JetBrainsPluginDetector) readCustomPluginsPath(configDir string) string {
+	propsPath := filepath.Join(configDir, "idea.properties")
+	data, err := d.exec.ReadFile(propsPath)
+	if err != nil {
+		return ""
+	}
+
+	for _, line := range strings.Split(string(data), "\n") {
+		line = strings.TrimSpace(line)
+		// Skip comments
+		if strings.HasPrefix(line, "#") || strings.HasPrefix(line, "!") {
+			continue
+		}
+		if strings.HasPrefix(line, "idea.plugins.path=") {
+			path := strings.TrimPrefix(line, "idea.plugins.path=")
+			path = strings.TrimSpace(path)
+			if path != "" {
+				return path
+			}
+		}
+	}
+
+	return ""
+}
+
+// collectPlugins lists plugin subdirectories and extracts name/version from each.
+func (d *JetBrainsPluginDetector) collectPlugins(pluginsDir, ideType string) []model.Extension {
+	if !d.exec.DirExists(pluginsDir) {
+		return nil
+	}
+
+	entries, err := d.exec.ReadDir(pluginsDir)
+	if err != nil {
+		return nil
+	}
+
+	var results []model.Extension
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			continue
+		}
+
+		pluginName := entry.Name()
+		libDir := filepath.Join(pluginsDir, pluginName, "lib")
+		version := d.parsePluginVersion(libDir, pluginName)
+
+		ext := model.Extension{
+			ID:      pluginName,
+			Name:    pluginName,
+			Version: version,
+			IDEType: ideType,
+		}
+
+		// Get install date from plugin directory mtime
+		info, err := d.exec.Stat(filepath.Join(pluginsDir, pluginName))
+		if err == nil {
+			ext.InstallDate = info.ModTime().Unix()
+		}
+
+		results = append(results, ext)
+	}
+
+	return results
+}
+
+// parsePluginVersion finds the main plugin JAR matching <pluginDirName>-<version>.jar
+// in the lib/ directory and extracts the version string.
+func (d *JetBrainsPluginDetector) parsePluginVersion(libDir, pluginDirName string) string {
+	entries, err := d.exec.ReadDir(libDir)
+	if err != nil {
+		return "unknown"
+	}
+
+	prefix := strings.ToLower(pluginDirName + "-")
+	for _, entry := range entries {
+		name := entry.Name()
+		if entry.IsDir() || !strings.HasSuffix(name, ".jar") {
+			continue
+		}
+
+		lower := strings.ToLower(name)
+		if !strings.HasPrefix(lower, prefix) {
+			continue
+		}
+
+		// Skip auxiliary JARs (e.g., IdeaVIM-2.27.2-searchableOptions.jar)
+		remainder := name[len(pluginDirName)+1 : len(name)-4] // strip prefix + "-" and ".jar"
+		if strings.Contains(remainder, "-") {
+			continue
+		}
+
+		if remainder != "" {
+			return remainder
+		}
+	}
+
+	return "unknown"
+}