Lib.rs

Parser implementations | Development toolsRustSec
#panic-message #binary-parser #security #version #show #compiled #list

quitters

List dependencies of a Rust binary by parsing panic messages

by Sergey "Shnatsel" Davidoff, Tony Arcieri and 83 contributors

1 unstable release

0.1.0 Oct 23, 2022

#2447 in Parser implementations

Download history 12397/week @ 2024-10-30 9252/week @ 2024-11-06 9823/week @ 2024-11-13 10621/week @ 2024-11-20 10699/week @ 2024-11-27 11151/week @ 2024-12-04 15537/week @ 2024-12-11 16477/week @ 2024-12-18 13336/week @ 2024-12-25 18205/week @ 2025-01-01 24847/week @ 2025-01-08 28714/week @ 2025-01-15 29445/week @ 2025-01-22 31104/week @ 2025-01-29 30767/week @ 2025-02-05 26022/week @ 2025-02-12

122,382 downloads per month
Used in 2 crates (via rustsec)

MIT/Apache

9KB
68 lines

Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.

Caveats

  • If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
  • C code such as openssl-src never shows up, because it can't panic.
  • Only crates installed from a registry are discovered. Crates from local workspace or git don't show up.

Alternatives

cargo auditable embeds the complete dependency information into binaries, which can then be recovered using auditable-info. It should be used instead of quitters whenever possible, unless you're specifically after panics.

Dependencies

~2.8–4MB
~68K SLoC