Updated dependencies, and minor changes.

Cargo.toml

@@ -6,7 +6,7 @@
 
 [package]
 name = "binary-security-check"
-version = "1.2.11"
+version = "1.2.12"
 authors = ["Koutheir Attouchi <[email protected]>"]
 license = "MIT"
 description = "Analyzer of security features in executable binaries"
@@ -39,13 +39,13 @@ overflow-checks  = true
 [dependencies]
 docopt       = { version = "1.1" }
 thiserror    = { version = "1.0" }
-goblin       = { version = "0.7" }
+goblin       = { version = "0.8" }
 lazy_static  = { version = "1.4" }
 log          = { version = "0.4" }
 memmap       = { version = "0.7" }
-rayon        = { version = "1.7" }
-regex        = { version = "1.9" }
-scroll       = { version = "0.11" }
+rayon        = { version = "1.8" }
+regex        = { version = "1.10" }
+scroll       = { version = "0.12" }
 serde        = { version = "1.0" }
 serde_derive = { version = "1.0" }
 simplelog    = { version = "0.12" }

LICENSE.txt

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018-2023 Koutheir Attouchi.
+Copyright (c) 2018-2024 Koutheir Attouchi.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

src/archive/mod.rs

@@ -41,12 +41,14 @@ pub fn has_stack_protection(
 /// - [`__stack_chk_fail`](http://refspecs.linux-foundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/baselib---stack-chk-fail-1.html).
 /// - `__stack_chk_fail_local` is present in `libc` when it is stack-protected.
 fn member_has_stack_protection(member_name: &str, bytes: &[u8]) -> Result<bool> {
-    let obj = goblin::Object::parse(bytes).map_err(|source| Error::Goblin {
+    use goblin::Object;
+
+    let obj = Object::parse(bytes).map_err(|source| Error::Goblin {
         operation: "goblin::Object::parse",
         source,
     })?;
 
-    if let goblin::Object::Elf(elf) = obj {
+    if let Object::Elf(elf) = obj {
         // elf.is_object_file()
         debug!("Format of archive member '{}' is 'ELF'.", member_name);
         // `r` is `true` if any named function or an unspecified-type symbol is

src/elf/needed_libc.rs

@@ -125,9 +125,16 @@ impl NeededLibC {
                 path: path.as_ref().into(),
             }),
 
-            _ => Err(Error::UnexpectedBinaryFormat {
-                expected: "ELF",
-                name: path.as_ref().into(),
+            goblin::Object::PE(_) | goblin::Object::Mach(_) | goblin::Object::Archive(_) => {
+                Err(Error::UnexpectedBinaryFormat {
+                    expected: "ELF",
+                    name: path.as_ref().into(),
+                })
+            }
+
+            _ => Err(Error::UnsupportedBinaryFormat {
+                format: "Unknown".into(),
+                path: path.as_ref().into(),
             }),
         }
     }
@@ -197,7 +204,7 @@ lazy_static::lazy_static! {
 }
 
 fn init_known_libc_pattern() -> Regex {
-    RegexBuilder::new(r#"\blib(c|bionic)\b[^/]+$"#)
+    RegexBuilder::new(r"\blib(c|bionic)\b[^/]+$")
         .case_insensitive(true)
         .multi_line(false)
         .dot_matches_new_line(false)

src/main.rs

@@ -5,8 +5,9 @@
 // or distributed except according to those terms.
 
 #![doc = include_str!("../README.md")]
-/*
-#![warn(clippy::all, clippy::pedantic, clippy::restriction)]
+#![warn(unsafe_op_in_unsafe_fn)]
+#![warn(clippy::all, clippy::pedantic)]
+//#![warn(clippy::restriction)]
 #![allow(
     clippy::upper_case_acronyms,
     clippy::unnecessary_wraps,
@@ -19,9 +20,12 @@
     clippy::mod_module_files,
     clippy::expect_used,
     clippy::module_name_repetitions,
-    clippy::unwrap_in_result
+    clippy::unwrap_in_result,
+    clippy::min_ident_chars,
+    clippy::single_char_lifetime_names,
+    clippy::single_call_fn,
+    clippy::absolute_paths
 )]
-*/
 
 mod archive;
 mod cmdline;
@@ -86,6 +90,8 @@ type SuccessResults<'args> = Vec<(&'args PathBuf, ColorBuffer)>;
 type ErrorResults<'args> = Vec<(&'args PathBuf, Error)>;
 
 fn run<'args>() -> Result<(SuccessResults<'args>, ErrorResults<'args>)> {
+    use rayon::iter::Either;
+
     let icb_stdout = ColorBuffer::for_stdout();
 
     let result: (Vec<_>, Vec<_>) = ARGS
@@ -103,9 +109,9 @@ fn run<'args>() -> Result<(SuccessResults<'args>, ErrorResults<'args>)> {
         })
         .partition_map(|(path, out, result)| match result {
             // On success, retain the path and output buffer, discard the result.
-            Ok(_) => ::rayon::iter::Either::Left((path, out)),
+            Ok(()) => Either::Left((path, out)),
             // On error, retain the path and error, discard the output buffer.
-            Err(r) => ::rayon::iter::Either::Right((path, r)),
+            Err(r) => Either::Right((path, r)),
         });
 
     Ok(result)
@@ -150,33 +156,37 @@ fn init_logging() -> Result<()> {
 }
 
 fn process_file(path: &impl AsRef<Path>, color_buffer: &mut termcolor::Buffer) -> Result<()> {
+    use goblin::Object;
+
     let parser = BinaryParser::open(path.as_ref())?;
 
     let results = match parser.object() {
-        goblin::Object::Elf(_elf) => {
+        Object::Elf(_elf) => {
             debug!("Binary file format is 'ELF'.");
             elf::analyze_binary(&parser)
         }
 
-        goblin::Object::PE(_pe) => {
+        Object::PE(_pe) => {
             debug!("Binary file format is 'PE'.");
             pe::analyze_binary(&parser)
         }
 
-        goblin::Object::Mach(_mach) => {
+        Object::Mach(_mach) => {
             debug!("Binary file format is 'MACH'.");
             Err(Error::UnsupportedBinaryFormat {
                 format: "MACH".into(),
                 path: path.as_ref().into(),
             })
         }
 
-        goblin::Object::Archive(_archive) => {
+        Object::Archive(_archive) => {
             debug!("Binary file format is 'Archive'.");
             archive::analyze_binary(&parser)
         }
 
-        goblin::Object::Unknown(_magic) => Err(Error::UnknownBinaryFormat(path.as_ref().into())),
+        Object::Unknown(_magic) => Err(Error::UnknownBinaryFormat(path.as_ref().into())),
+
+        _ => Err(Error::UnknownBinaryFormat(path.as_ref().into())),
     }?;
 
     // Print results in the color buffer.

src/options/status.rs

@@ -179,6 +179,7 @@ impl ELFFortifySourceStatus {
             _pin: PhantomPinned,
         });
 
+        // SAFETY:
         // `result` is now allocated, initialized and pinned on the heap.
         // Its location is therefore stable, and we can store references to it
         // in other places.

src/parser.rs

@@ -37,6 +37,7 @@ impl BinaryParser {
             _pin: PhantomPinned,
         });
 
+        // SAFETY:
         // `result` is now allocated, initialized and pinned on the heap.
         // Its location is therefore stable, and we can store references to it
         // in other places.

src/pe/mod.rs

@@ -328,7 +328,12 @@ fn has_safe_seh_handlers(parser: &BinaryParser, pe: &goblin::pe::PE) -> Option<b
     pe.header
         .optional_header
         // If we actually have an optional header, get its load configuration table.
-        .and_then(|optional_header| *optional_header.data_directories.get_load_config_table())
+        .and_then(|optional_header| {
+            optional_header
+                .data_directories
+                .get_load_config_table()
+                .copied()
+        })
         // Continue only if the load configuration table has some bytes.
         .filter(|load_config_table| load_config_table.size > 0)
         .and_then(|load_config_table| {
@@ -341,7 +346,7 @@ fn has_safe_seh_handlers(parser: &BinaryParser, pe: &goblin::pe::PE) -> Option<b
             pe.sections
                 .iter()
                 // Find the `.rdata` section that has the bytes of this load configuration table.
-                .find(|section| {
+                .find(|&section| {
                     (section.characteristics & RDATA_CHARACTERISTICS) == RDATA_CHARACTERISTICS
                         && (load_config_table.virtual_address >= section.virtual_address)
                         && (load_config_table_end