Replace unmaintained dependencies. Human readable errors.

koutheir · Feb 10, 2024 · b6690b1 · b6690b1
1 parent 8cf6307
commit b6690b1
Show file tree

Hide file tree

Showing 16 changed files with 847 additions and 457 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,7 +6,7 @@
 
 [package]
 name = "binary-security-check"
-version = "1.2.14"
+version = "1.2.15"
 authors = ["Koutheir Attouchi <[email protected]>"]
 license = "MIT"
 description = "Analyzer of security features in executable binaries"
@@ -37,17 +37,24 @@ incremental      = false
 overflow-checks  = true
 
 [dependencies]
-docopt       = { version = "1.1" }
 thiserror    = { version = "1.0" }
 goblin       = { version = "0.8" }
-lazy_static  = { version = "1.4" }
+once_cell    = { version = "1.19" }
 log          = { version = "0.4" }
-memmap       = { version = "0.7" }
+memmap2      = { version = "0.9" }
 rayon        = { version = "1.8" }
 regex        = { version = "1.10" }
 scroll       = { version = "0.12" }
-serde        = { version = "1.0" }
-serde_derive = { version = "1.0" }
-simplelog    = { version = "0.12" }
-termcolor    = { version = "1.1" }
+flexi_logger = { version = "0.27" }
+termcolor    = { version = "1.4" }
 memoffset    = { version = "0.9" }
+
+clap = { version = "4.5", features = [
+  "color",
+  "help",
+  "usage",
+  "error-context",
+  "suggestions",
+  "derive",
+  "cargo",
+] }
diff --git a/README.md b/README.md
@@ -87,29 +87,37 @@ The status of the security feature in the binary is indicated by a letter before
 
 For example, `!ASLR` means the binary does not support Address Space Layout Randomization.
 
-## Command line
+## Usage
 
 ```
-Usage:
-  binary-security-check [-v] [-c COLOR] [(-s DIR | -l FILE | -i SPEC | -n)] <file>...
-  binary-security-check (-h | --help)
-  binary-security-check --version
+Usage: binary-security-check [OPTIONS] <INPUT_FILES>...
+
+Arguments:
+  <INPUT_FILES>...
+          Binary files to analyze
 
 Options:
-  -c COLOR, --color=COLOR  Use color in standard output. Either 'auto' or
-                 'always' or 'never' [default: auto].
-  -s DIR, --sysroot=DIR  Set system root for finding the corresponding
-                 C runtime library.
-  -l FILE, --libc=FILE  Set the path of the C runtime library.
-  -i SPEC, --libc-spec=SPEC  Use an internal list of checked functions as
-                 specified by a specification.
-  -n, --no-libc  Assume that input files do not use any C runtime libraries.
-  -v, --verbose  Verbose logging.
-  -h, --help     Show this screen.
-  --version      Show version.
-
-If specified, then SPEC can be one of the following versions of the Linux
-Standard Base specifications:
+  -v, --verbose
+          Verbose logging
+  -c, --color <COLOR>
+          Use color in standard output [default: auto] [possible values: auto, always, never]
+  -l, --libc <LIBC>
+          Path of the C runtime library file
+  -s, --sysroot <SYSROOT>
+          Path of the system root for finding the corresponding C runtime library
+  -i, --libc-spec <LIBC_SPEC>
+          Use an internal list of checked functions as specified by a specification
+          [possible values: lsb1, lsb1dot1, lsb1dot2, lsb1dot3, lsb2, lsb2dot0dot1, lsb2dot1, lsb3,
+          lsb3dot1, lsb3dot2, lsb4, lsb4dot1, lsb5]
+  -n, --no-libc
+          Assume that input files do not use any C runtime libraries
+  -h, --help
+          Print help
+  -V, --version
+          Print version
+
+If --libc-spec is specified, then its value can be one of the following versions
+of the Linux Standard Base specifications:
 - lsb1: LSB 1.0.0.
 - lsb1dot1: LSB 1.1.0.
 - lsb1dot2: LSB 1.2.0.
@@ -132,7 +140,8 @@ following directories:
 - /usr/lib64/
 - /lib32/
 - /usr/lib32/
-The tools `readelf` and `ldd` can be used to help find the path of the C library
+
+The tools "readelf" and "ldd" can be used to help find the path of the C library
 needed by the analyzed files, which is given by the --libc parameter.
 ```
 

diff --git a/src/archive.rs b/src/archive.rs
@@ -11,8 +11,11 @@ use crate::options::status::DisplayInColorTerm;
 use crate::options::{BinarySecurityOption, ELFStackProtectionOption};
 use crate::parser::BinaryParser;
 
-pub fn analyze_binary(parser: &BinaryParser) -> Result<Vec<Box<dyn DisplayInColorTerm>>> {
-    let has_stack_protection = ELFStackProtectionOption.check(parser)?;
+pub(crate) fn analyze_binary(
+    parser: &BinaryParser,
+    options: &crate::cmdline::Options,
+) -> Result<Vec<Box<dyn DisplayInColorTerm>>> {
+    let has_stack_protection = ELFStackProtectionOption.check(parser, options)?;
     Ok(vec![has_stack_protection])
 }
 
@@ -22,13 +25,13 @@ pub(crate) fn has_stack_protection(
 ) -> Result<bool> {
     let bytes = parser.bytes();
     for member_name in archive.members() {
-        let buffer = archive
-            .extract(member_name, bytes)
-            .map_err(|source| Error::Goblin1 {
-                operation: "goblin::archive::Archive",
-                param1: member_name.into(),
-                source,
-            })?;
+        let buffer =
+            archive
+                .extract(member_name, bytes)
+                .map_err(|source| Error::ExtractArchiveMember {
+                    member: member_name.into(),
+                    source,
+                })?;
 
         let r = member_has_stack_protection(member_name, buffer)?;
         if r {
@@ -43,10 +46,7 @@ pub(crate) fn has_stack_protection(
 fn member_has_stack_protection(member_name: &str, bytes: &[u8]) -> Result<bool> {
     use goblin::Object;
 
-    let obj = Object::parse(bytes).map_err(|source| Error::Goblin {
-        operation: "goblin::Object::parse",
-        source,
-    })?;
+    let obj = Object::parse(bytes).map_err(|source| Error::ParseFile { source })?;
 
     if let Object::Elf(elf) = obj {
         // elf.is_object_file()

diff --git a/src/cmdline.docopt b/src/cmdline.docopt