Lib.rs

Parser implementations | Development toolsRustSec
#panic-message #binary-parser #security #version #show #up #compiled

quitters

List dependencies of a Rust binary by parsing panic messages

by Sergey "Shnatsel" Davidoff, Tony Arcieri and 78 contributors

1 unstable release

0.1.0 Oct 23, 2022

#2685 in Parser implementations

Download history 8517/week @ 2024-03-14 7699/week @ 2024-03-21 6814/week @ 2024-03-28 7716/week @ 2024-04-04 7170/week @ 2024-04-11 7121/week @ 2024-04-18 7586/week @ 2024-04-25 7872/week @ 2024-05-02 7909/week @ 2024-05-09 7614/week @ 2024-05-16 7433/week @ 2024-05-23 7281/week @ 2024-05-30 7998/week @ 2024-06-06 7875/week @ 2024-06-13 7852/week @ 2024-06-20 6708/week @ 2024-06-27

31,847 downloads per month
Used in cargo-audit

MIT/Apache

9KB
68 lines

Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.

Caveats

  • If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
  • C code such as openssl-src never shows up, because it can't panic.
  • Only crates installed from a registry are discovered. Crates from local workspace or git don't show up.

Alternatives

cargo auditable embeds the complete dependency information into binaries, which can then be recovered using auditable-info. It should be used instead of quitters whenever possible, unless you're specifically after panics.

Dependencies

~2.8–4MB
~68K SLoC