Extracts the dependency tree information embedded in executables by the
auditable
crate.
This crate handles all binary format parsing for you and is designed to be resilient to malicious input.
It is 100% safe Rust (including dependencies) and does not perform any heap allocations.
Usage
The following snippet demonstrates full extraction pipeline, including decompression
using the safe-Rust miniz_oxide
and optional JSON parsing
via auditable-serde
:
use std::io::{Read, BufReader};
use std::{error::Error, fs::File, str::FromStr};
fn main() -> Result<(), Box<dyn Error>> {
let f = File::open("target/release/hello-auditable")?;
let mut f = BufReader::new(f);
let mut input_binary = Vec::new();
f.read_to_end(&mut input_binary)?;
let compressed_audit_data = auditable_extract::raw_auditable_data(&input_binary)?;
use miniz_oxide::inflate::decompress_to_vec_zlib;
let decompressed_data = decompress_to_vec_zlib(&compressed_audit_data)
.map_err(|_| "Failed to decompress audit data")?;
let decompressed_data = String::from_utf8(decompressed_data)?;
println!("{}", decompressed_data);
let dependency_tree = auditable_serde::VersionInfo::from_str(&decompressed_data);
Ok(())
}