Is There a Shortcut to Heuristic Detection Based on Panic Messages? | 6min snip from Rustacean Station

Rustacean Station cover image

cargo-auditable with Sergey Davidoff

Rustacean Station

CHAPTER

Is There a Shortcut to Heuristic Detection Based on Panic Messages?

The way rust bindings work is there are two separate crates. One is the rust code for interfacing with open SSL. The other is just the open SSL source code in C. So because of this split, the version of open SSL code being used is visible to cargo. It ends up in cargo lock. And with cargo auditable, it also ends up in the final compile binary. Unfortunately, most other packages that bind C code do not do that. There is no separation between the source code to the rust bindings. I am hoping to change that soon and publicize using that convention. Maybe some popular libraries actually follow that convention yet.

00:00

Transcript

Play full episode

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

App store banner

Play store banner