1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

#![forbid(unsafe_code)]

//! Know the exact crate versions used to build your Rust executable.
//! Audit binaries for known bugs or security vulnerabilities in production,
//! at scale, with zero bookkeeping.
//!
//! This works by embedding data about the dependency tree in JSON format
//! into a dedicated linker section of the compiled executable.
//!
//! ## Usage
//!
//! Add the following to your `Cargo.toml`:
//!
//! ```toml
//! build = "build.rs"
//!
//! [dependencies]
//! auditable = "0.1"
//!
//! [build-dependencies]
//! auditable-build = "0.1"
//! ```
//!
//! Create a `build.rs` file next to `Cargo.toml` with the following contents:
//! ```rust,ignore
//! fn main() {
//!     auditable_build::collect_dependency_list();
//! }
//! ```
//!
//! Add the following to the beginning your `main.rs` (or any other file):
//!
//! ```rust,ignore
//! static COMPRESSED_DEPENDENCY_LIST: &[u8] = auditable::inject_dependency_list!();
//! ```
//!
//! Put the following in some reachable location in the code, e.g. in `fn main()`:
//! ```rust,ignore
//!     // Actually use the data to work around a bug in rustc:
//!     // https://github.com/rust-lang/rust/issues/47384
//!     // On nightly you can use `test::black_box` instead of `println!`
//!     println!("{}", COMPRESSED_DEPENDENCY_LIST[0]);
//! ```
//!
//! ## Recovering the info
//!
//! The data can be extracted later using the [`auditable-extract`](https://docs.rs/auditable-extract/) crate
//! or via a command-line tool.
//!
//! See the [README](https://github.com/Shnatsel/rust-audit#rust-audit) for instruction
//! on recovering the info and other frequently asked questions.

/// Embeds the dependency tree into a dedicated linker section in the compiled executable.
///
/// Requires a build script with a call to `auditable_build::collect_dependency_list()` to work.
#[macro_export]
macro_rules! inject_dependency_list {
    () => ({
        #[used]
        #[cfg_attr(target_os = "linux", link_section = ".dep-v0")]
        #[cfg_attr(target_os = "windows", link_section = ".dep-v0")]
        #[cfg_attr(target_os = "macos", link_section = "__TEXT,.dep-v0")]
        // All other platforms are not explicitly supported yet and thus don't get any auditable info
        // It's better to compile on unsupported platforms without audit info than to break compilation
        static AUDITABLE_VERSION_INFO: [u8; include_bytes!(env!("RUST_AUDIT_DEPENDENCY_FILE_LOCATION"))
        .len()] = *include_bytes!(env!("RUST_AUDIT_DEPENDENCY_FILE_LOCATION"));
        &AUDITABLE_VERSION_INFO
    });
}