10 releases (4 breaking)
| 0.5.2 | Oct 24, 2022 |
|---|---|
| 0.5.1 | Oct 2, 2022 |
| 0.5.0 | Aug 8, 2022 |
| 0.4.0 | Aug 6, 2022 |
| 0.1.0 | Sep 7, 2020 |
#174 in Encoding
31,696 downloads per month
Used in 4 crates
28KB
481 lines
Parses and serializes the JSON dependency tree embedded in executables by the
cargo auditable.
This crate defines the data structures that a serialized to/from JSON
and implements the serialization/deserialization routines via serde.
It also provides optional conversions from cargo metadata
and to Cargo.lock formats.
The [VersionInfo] struct is where all the magic happens, see the docs on it for more info.
Basic usage
Note: this is a low-level crate that only implements JSON parsing. It rarely should be used directly.
You probably want the higher-level auditable-info crate instead.
The following snippet demonstrates full extraction pipeline, including
platform-specific executable handling via
auditable-extract and decompression
using the safe-Rust miniz_oxide:
use std::io::{Read, BufReader};
use std::{error::Error, fs::File, str::FromStr};
fn main() -> Result<(), Box<dyn Error>> {
// Read the input
let f = File::open("target/release/hello-world")?;
let mut f = BufReader::new(f);
let mut input_binary = Vec::new();
f.read_to_end(&mut input_binary)?;
// Extract the compressed audit data
let compressed_audit_data = auditable_extract::raw_auditable_data(&input_binary)?;
// Decompress it with your Zlib implementation of choice. We recommend miniz_oxide
use miniz_oxide::inflate::decompress_to_vec_zlib;
let decompressed_data = decompress_to_vec_zlib(&compressed_audit_data)
.map_err(|_| "Failed to decompress audit data")?;
let decompressed_data = String::from_utf8(decompressed_data)?;
println!("{}", decompressed_data);
// Parse the audit data to Rust data structures
let dependency_tree = auditable_serde::VersionInfo::from_str(&decompressed_data);
Ok(())
}
Dependencies
~1.1–2.2MB
~53K SLoC