1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
#![forbid(unsafe_code)] //! Know the exact crate versions used to build your Rust executable. //! Audit binaries for known bugs or security vulnerabilities in production, //! at scale, with zero bookkeeping. //! //! This works by embedding data about the dependency tree in JSON format //! into a dedicated linker section of the compiled executable. //! //! ## Usage //! //! Add the following to your `Cargo.toml`: //! //! ```toml //! build = "build.rs" //! //! [dependencies] //! auditable = "0.1" //! //! [build-dependencies] //! auditable-build = "0.1" //! ``` //! //! Create a `build.rs` file next to `Cargo.toml` with the following contents: //! ```rust,ignore //! fn main() { //! auditable_build::collect_dependency_list(); //! } //! ``` //! //! Add the following to the beginning your `main.rs` (or any other file): //! //! ```rust,ignore //! static COMPRESSED_DEPENDENCY_LIST: &[u8] = auditable::inject_dependency_list!(); //! ``` //! //! Put the following in some reachable location in the code, e.g. in `fn main()`: //! ```rust,ignore //! // Actually use the data to work around a bug in rustc: //! // https://github.com/rust-lang/rust/issues/47384 //! // On nightly you can use `test::black_box` instead of `println!` //! println!("{}", COMPRESSED_DEPENDENCY_LIST[0]); //! ``` //! //! ## Recovering the info //! //! The data can be extracted later using the [`auditable-extract`](https://docs.rs/auditable-extract/) crate //! or via a command-line tool. //! //! See the [README](https://github.com/Shnatsel/rust-audit#rust-audit) for instruction //! on recovering the info and other frequently asked questions. /// Embeds the dependency tree into a dedicated linker section in the compiled executable. /// /// Requires a build script with a call to `auditable_build::collect_dependency_list()` to work. #[macro_export] macro_rules! inject_dependency_list { () => ({ #[used] #[cfg_attr(target_os = "linux", link_section = ".rust-deps-v0")] #[cfg_attr(target_os = "windows", link_section = "rdep-v0")] #[cfg_attr(target_os = "macos", link_section = "__TEXT,rust-deps-v0")] // All other platforms are not explicitly supported yet and thus don't get any auditable info // It's better to compile on unsupported platforms without audit info than to break compilation static AUDITABLE_VERSION_INFO: [u8; include_bytes!(env!("RUST_AUDIT_DEPENDENCY_FILE_LOCATION")) .len()] = *include_bytes!(env!("RUST_AUDIT_DEPENDENCY_FILE_LOCATION")); &AUDITABLE_VERSION_INFO }); }