Crates.io | auditable-extract |
lib.rs | auditable-extract |
version | 0.3.5 |
source | src |
created_at | 2020-09-06 23:18:07.393595 |
updated_at | 2024-10-14 15:51:19.981834 |
description | Extract the dependency trees embedded in binaries by `cargo auditable` |
homepage | |
repository | https://github.com/rust-secure-code/cargo-auditable |
max_upload_size | |
id | 285541 |
size | 9,142 |
Extracts the dependency tree information embedded in executables by
cargo auditable
.
This crate parses platform-specific binary formats (ELF, PE, Mach-O, WASM) and obtains the compressed audit data.
Unlike other binary parsing crates, it is specifically designed to be resilient to malicious input. It 100% safe Rust (including all dependencies) and performs no heap allocations.
Note: this is a low-level crate that only implements binary parsing. It rarely should be used directly.
You probably want the higher-level auditable-info
crate instead.
The following snippet demonstrates full extraction pipeline using this crate, including decompression
using the safe-Rust miniz_oxide
and optional JSON parsing
via auditable-serde
:
use std::io::{Read, BufReader};
use std::{error::Error, fs::File, str::FromStr};
!
fn main() -> Result<(), Box<dyn Error>> {
// Read the input
let f = File::open("target/release/hello-world")?;
let mut f = BufReader::new(f);
let mut input_binary = Vec::new();
f.read_to_end(&mut input_binary)?;
// Extract the compressed audit data
let compressed_audit_data = auditable_extract::raw_auditable_data(&input_binary)?;
// Decompress it with your Zlib implementation of choice. We recommend miniz_oxide
use miniz_oxide::inflate::decompress_to_vec_zlib;
let decompressed_data = decompress_to_vec_zlib(&compressed_audit_data)
.map_err(|_| "Failed to decompress audit data")?;
let decompressed_data = String::from_utf8(decompressed_data)?;
println!("{}", decompressed_data);
// Parse the audit data to Rust data structures
let dependency_tree = auditable_serde::VersionInfo::from_str(&decompressed_data);
Ok(())
}