Lib.rs

Parser implementations | Development toolsRustSec
#panic-message #binary-parser #security #version #show #compiled #list

quitters

List dependencies of a Rust binary by parsing panic messages

by Sergey "Shnatsel" Davidoff, Tony Arcieri and 81 contributors

1 unstable release

0.1.0 Oct 23, 2022

#2557 in Parser implementations

Download history 8937/week @ 2024-07-24 8324/week @ 2024-07-31 8288/week @ 2024-08-07 9930/week @ 2024-08-14 9664/week @ 2024-08-21 8427/week @ 2024-08-28 8585/week @ 2024-09-04 8271/week @ 2024-09-11 8393/week @ 2024-09-18 9322/week @ 2024-09-25 9328/week @ 2024-10-02 12067/week @ 2024-10-09 11167/week @ 2024-10-16 9628/week @ 2024-10-23 12397/week @ 2024-10-30 9300/week @ 2024-11-06

45,124 downloads per month
Used in cargo-audit

MIT/Apache

9KB
68 lines

Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.

Caveats

  • If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
  • C code such as openssl-src never shows up, because it can't panic.
  • Only crates installed from a registry are discovered. Crates from local workspace or git don't show up.

Alternatives

cargo auditable embeds the complete dependency information into binaries, which can then be recovered using auditable-info. It should be used instead of quitters whenever possible, unless you're specifically after panics.

Dependencies

~2.8–4MB
~69K SLoC