ndaal-binsec 3.2.5

Binary (in)security scanner for ELF/PE/Mach-O with native, strictly-validated SARIF 2.1.0 and Markdown output (ndaal fork of binsec)
Documentation
use binsec::{BinResult, Detector, Format};
use clap::Parser;
use std::path::PathBuf;

#[derive(Parser)]
#[command(version, about, long_about = None)]
struct Args {
    binary: PathBuf,

    /// Write the JSON report to PATH (or stdout when PATH is `-`).
    /// Takes precedence over --format.
    #[arg(short, long, value_name = "PATH")]
    json: Option<String>,

    /// Output format for stdout: table (default), json, sarif (validated
    /// SARIF 2.1.0), or markdown (rendered from the SARIF report).
    #[arg(short, long, value_enum, default_value = "table")]
    format: Format,

    /// Skip auto-generation of report.sarif and report.md.
    #[arg(long)]
    no_report: bool,

    /// Directory for the auto-generated report.sarif / report.md files
    /// (default: current directory).
    #[arg(long, value_name = "DIR")]
    output_dir: Option<PathBuf>,
}

fn main() {
    let cli_args: Args = Args::parse();
    if let Err(e) = run(cli_args) {
        eprintln!("{e}");
    }
}

fn run(args: Args) -> BinResult<()> {
    let detector = Detector::run(args.binary)?;
    if !args.no_report {
        let output_dir: PathBuf = args.output_dir.unwrap_or_else(|| PathBuf::from("."));
        detector.write_reports(&output_dir)?;
    }
    detector.output(args.json, args.format)?;
    Ok(())
}