File: README.md

package info (click to toggle)
rust-auditable-extract 0.3.5-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 108 kB
  • sloc: makefile: 4
file content (42 lines) | stat: -rw-r--r-- 2,106 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
Extracts the dependency tree information embedded in executables by
[`cargo auditable`](https://github.com/rust-secure-code/cargo-auditable).

This crate parses platform-specific binary formats ([ELF](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format),
[PE](https://en.wikipedia.org/wiki/Portable_Executable),
[Mach-O](https://en.wikipedia.org/wiki/Mach-O), [WASM](https://en.wikipedia.org/wiki/WebAssembly)) and obtains the compressed audit data.

Unlike other binary parsing crates, it is specifically designed to be resilient to malicious input.
It 100% safe Rust (including all dependencies) and performs no heap allocations.

## Usage

**Note:** this is a low-level crate that only implements binary parsing. It rarely should be used directly.
You probably want the higher-level [`auditable-info`](https://docs.rs/auditable-info) crate instead.

The following snippet demonstrates full extraction pipeline using this crate, including decompression
using the safe-Rust [`miniz_oxide`](http://docs.rs/miniz_oxide/) and optional JSON parsing
via [`auditable-serde`](http://docs.rs/auditable-serde/):

```rust,ignore
use std::io::{Read, BufReader};
use std::{error::Error, fs::File, str::FromStr};
!
fn main() -> Result<(), Box<dyn Error>> {
    // Read the input
    let f = File::open("target/release/hello-world")?;
    let mut f = BufReader::new(f);
    let mut input_binary = Vec::new();
    f.read_to_end(&mut input_binary)?;
    // Extract the compressed audit data
    let compressed_audit_data = auditable_extract::raw_auditable_data(&input_binary)?;
    // Decompress it with your Zlib implementation of choice. We recommend miniz_oxide
    use miniz_oxide::inflate::decompress_to_vec_zlib;
    let decompressed_data = decompress_to_vec_zlib(&compressed_audit_data)
        .map_err(|_| "Failed to decompress audit data")?;
    let decompressed_data = String::from_utf8(decompressed_data)?;
    println!("{}", decompressed_data);
    // Parse the audit data to Rust data structures
    let dependency_tree = auditable_serde::VersionInfo::from_str(&decompressed_data);
    Ok(())
}
```