Lib.rs

Parser implementations | Development toolsRustSec
#panic-message #binary-parser #security #version #show #list #compiled

quitters

List dependencies of a Rust binary by parsing panic messages

by Sergey "Shnatsel" Davidoff, Tony Arcieri and 83 contributors

1 unstable release

0.1.0 Oct 23, 2022

#2479 in Parser implementations

Download history 9832/week @ 2024-11-17 10421/week @ 2024-11-24 10920/week @ 2024-12-01 13600/week @ 2024-12-08 17328/week @ 2024-12-15 13719/week @ 2024-12-22 15179/week @ 2024-12-29 23102/week @ 2025-01-05 26531/week @ 2025-01-12 29514/week @ 2025-01-19 30168/week @ 2025-01-26 31311/week @ 2025-02-02 30269/week @ 2025-02-09 30399/week @ 2025-02-16 32051/week @ 2025-02-23 30888/week @ 2025-03-02

126,494 downloads per month
Used in 2 crates (via rustsec)

MIT/Apache

9KB
68 lines

Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.

Caveats

  • If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
  • C code such as openssl-src never shows up, because it can't panic.
  • Only crates installed from a registry are discovered. Crates from local workspace or git don't show up.

Alternatives

cargo auditable embeds the complete dependency information into binaries, which can then be recovered using auditable-info. It should be used instead of quitters whenever possible, unless you're specifically after panics.

Dependencies

~2.8–4MB
~68K SLoC