Crate crate_untar

This library allows inspecting content of Cargo/crates.io packages without writing any temporary files to disk, and mostly without holding the files in memory either.

It’s a streaming parser for gzipped tarballs (the .crate files). Additionally, it can perform correctness checks to detect malformed packages (such as duplicate tar paths, paths ambiguous on case-insensitive file systems, symlinks pointing outside of the crate).

use crate_untar::*;

// you'll need other libraries to download the .crate file and verify its cecksum
let mut archive = Unarchiver::new(std::fs::File::open("example.crate")?)?;
let mut tarball = TarballParser::new(&mut archive, "example", "1.0.0")?;

for res in tarball.entries() {
    let (path, file) = res?;
    // filter by path or file.len() if you need
    if path.extension() != Some("rs".as_ref()) {
        continue;
    }

    // process the file here if you want
    // The file implements io::Read too
    let vec = file.into_vec()?;
}

let parsed = tarball.finalize()?;

println!("{:#?}", parsed.cargo_toml);
println!("{:#?}", parsed.cargo_toml_orig);
println!("{:#?}", parsed.cargo_lock);
println!("{:#?}", parsed.cargo_vcs_info);

Modules

types

Deserialized Cargo types

Structs

TarFile

TarballParser

Streaming reader for .crate files. Parses special Cargo files like .cargo_vcs_info.json

Unarchiver

Merely ungzips the tar archive

Enums

Error

InvalidPathKind

Parsed

Event in TarballParser::next()

Functions

join_rel_path

Helper function like base.join(rel_path), but normalizes “..”, and doesn’t allow absolute paths (still allows escaping to parent directories)