admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-03 15:23:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8eaaeb611151f1da3583ec50100a7be09ce9bc5
aquasecurity-trivy/pkg/dependency/parser/rust/binary/parse.go
DmitriyLewen b885d3a369 fix: use context for analyzers (#9538)
2025-10-14 05:13:48 +00:00

83 lines
2.2 KiB
Go
Raw Blame History

// Detects dependencies from Rust binaries built with https://github.com/rust-secure-code/cargo-auditable
package binary
import (
"context"
rustaudit "github.com/rust-secure-code/go-rustaudit"
"github.com/samber/lo"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/dependency"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
xio "github.com/aquasecurity/trivy/pkg/x/io"
)
var (
ErrUnrecognizedExe = xerrors.New("unrecognized executable format")
ErrNonRustBinary = xerrors.New("non Rust auditable binary")
)
// convertError detects rustaudit.ErrUnknownFileFormat and convert to
// ErrUnrecognizedExe and convert rustaudit.ErrNoRustDepInfo to ErrNonRustBinary
func convertError(err error) error {
if err == rustaudit.ErrUnknownFileFormat {
return ErrUnrecognizedExe
}
if err == rustaudit.ErrNoRustDepInfo {
return ErrNonRustBinary
}
return err
}
type Parser struct{}
func NewParser() *Parser {
return &Parser{}
}
// Parse scans files to try to report Rust crates and version injected into Rust binaries
// via https://github.com/rust-secure-code/cargo-auditable
func (p *Parser) Parse(_ context.Context, r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
info, err := rustaudit.GetDependencyInfo(r)
if err != nil {
return nil, nil, convertError(err)
}
var pkgs []ftypes.Package
var deps []ftypes.Dependency
for _, pkg := range info.Packages {
if pkg.Kind != rustaudit.Runtime {
continue
}
pkgID := packageID(pkg.Name, pkg.Version)
pkgs = append(pkgs, ftypes.Package{
ID: pkgID,
Name: pkg.Name,
Version: pkg.Version,
Relationship: lo.Ternary(pkg.Root, ftypes.RelationshipRoot, ftypes.RelationshipUnknown), // TODO: Determine the direct dependencies by checking the dependencies of the root crate
})
var childDeps []string
for _, dep_idx := range pkg.Dependencies {
dep := info.Packages[dep_idx]
if dep.Kind == rustaudit.Runtime {
childDeps = append(childDeps, packageID(dep.Name, dep.Version))
}
}
if len(childDeps) > 0 {
deps = append(deps, ftypes.Dependency{
ID: pkgID,
DependsOn: childDeps,
})
}
}
return pkgs, deps, nil
}
func packageID(name, version string) string {
return dependency.ID(ftypes.RustBinary, name, version)
}
Reference in New Issue View Git Blame Copy Permalink