10 releases

0.3.5 Oct 14, 2024
0.3.4 May 8, 2024
0.3.2 Oct 2, 2022
0.3.1 Aug 6, 2022
0.1.0 Sep 7, 2020

#1029 in Encoding

Download history 11130/week @ 2024-08-20 9211/week @ 2024-08-27 9524/week @ 2024-09-03 9022/week @ 2024-09-10 9088/week @ 2024-09-17 9762/week @ 2024-09-24 10435/week @ 2024-10-01 12357/week @ 2024-10-08 13124/week @ 2024-10-15 11024/week @ 2024-10-22 13843/week @ 2024-10-29 11069/week @ 2024-11-05 10869/week @ 2024-11-12 11545/week @ 2024-11-19 11389/week @ 2024-11-26 10364/week @ 2024-12-03

45,655 downloads per month
Used in 4 crates (via auditable-info)

MIT/Apache

9KB
97 lines

Extracts the dependency tree information embedded in executables by cargo auditable.

This crate parses platform-specific binary formats (ELF, PE, Mach-O, WASM) and obtains the compressed audit data.

Unlike other binary parsing crates, it is specifically designed to be resilient to malicious input. It 100% safe Rust (including all dependencies) and performs no heap allocations.

Usage

Note: this is a low-level crate that only implements binary parsing. It rarely should be used directly. You probably want the higher-level auditable-info crate instead.

The following snippet demonstrates full extraction pipeline using this crate, including decompression using the safe-Rust miniz_oxide and optional JSON parsing via auditable-serde:

use std::io::{Read, BufReader};
use std::{error::Error, fs::File, str::FromStr};
!
fn main() -> Result<(), Box<dyn Error>> {
    // Read the input
    let f = File::open("target/release/hello-world")?;
    let mut f = BufReader::new(f);
    let mut input_binary = Vec::new();
    f.read_to_end(&mut input_binary)?;
    // Extract the compressed audit data
    let compressed_audit_data = auditable_extract::raw_auditable_data(&input_binary)?;
    // Decompress it with your Zlib implementation of choice. We recommend miniz_oxide
    use miniz_oxide::inflate::decompress_to_vec_zlib;
    let decompressed_data = decompress_to_vec_zlib(&compressed_audit_data)
        .map_err(|_| "Failed to decompress audit data")?;
    let decompressed_data = String::from_utf8(decompressed_data)?;
    println!("{}", decompressed_data);
    // Parse the audit data to Rust data structures
    let dependency_tree = auditable_serde::VersionInfo::from_str(&decompressed_data);
    Ok(())
}

Dependencies

~94–435KB