padlock-cli 0.1.0

Struct memory layout analyzer for C, C++, Rust, and Go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

// padlock-cli/src/commands/analyze.rs

use std::path::Path;

use padlock_core::findings::Report;

use crate::config::Config;

pub fn run(path: &Path, json: bool, sarif: bool) -> anyhow::Result<()> {
    let cfg = Config::for_path(path);

    // Decide whether this is a source file or a binary.
    let mut layouts = if is_source_file(path) {
        let arch = padlock_dwarf::reader::detect_arch_from_host();
        padlock_source::parse_source(path, arch)?
    } else {
        let data = std::fs::read(path)?;
        let dwarf = padlock_dwarf::reader::load(&data)?;
        let arch = padlock_dwarf::reader::detect_arch(&data)?;
        padlock_dwarf::extractor::Extractor::new(&dwarf, arch).extract_all()?
    };

    // Apply arch override if set in config
    if let Some(ref arch_name) = cfg.arch_override {
        let arch = padlock_core::arch::arch_by_name(arch_name).unwrap_or_else(|| {
            eprintln!("padlock: warning: unknown arch '{arch_name}', ignoring override");
            padlock_dwarf::reader::detect_arch_from_host()
        });
        for layout in &mut layouts {
            layout.arch = arch;
        }
    }

    // Filter ignored structs
    layouts.retain(|l| !cfg.is_ignored(&l.name));

    let report = Report::from_layouts(&layouts);

    // Apply severity filter
    let report = filter_report(report, &cfg);

    // Check fail_below threshold
    let failed = cfg.fail_below > 0
        && report
            .structs
            .iter()
            .any(|s| s.score < cfg.fail_below as f64);

    if sarif {
        println!("{}", padlock_output::to_sarif(&report)?);
    } else if json {
        println!("{}", padlock_output::to_json(&report)?);
    } else {
        print!("{}", padlock_output::render_report(&report));
    }

    if failed {
        std::process::exit(1);
    }

    Ok(())
}

fn filter_report(mut report: Report, cfg: &Config) -> Report {
    for sr in &mut report.structs {
        sr.findings.retain(|f| cfg.should_report(f.severity()));
    }
    report
}

fn is_source_file(path: &Path) -> bool {
    padlock_source::detect_language(path).is_some()
}