New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High level wrapper for parsing binaries #77
Conversation
… dependency resolution kicks in and adds serde as a dependency
@pinkforest you wanted to use this, so let me know if this fits your use cases. It still needs docs but other than that should be good to go. |
I'll keep refining it in-tree, but I still do want feedback on this. |
@@ -1,8 +1,8 @@ | |||
[workspace] | |||
|
|||
members = [ | |||
"audit-info", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thought this was going to be auditable-info
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted a clean separation between the high-level crate and the low-level ones, but maybe this will just create confusion with the rust-audit-info
binary.
We could still switch if you think auditable-info
is better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think auditable-info
is best around those considerations re: confusion.
@@ -0,0 +1,21 @@ | |||
[package] | |||
name = "audit-info" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we are to change to auditable-info
in case or another have to change here as well
btw what we'll be doing with the public API as I think whilst the raw_ etc. fn's are a okay for MVP we can probably design something more sugary that doesn't care about raw data |
The Perhaps I should indeed make it return |
Hm. Maybe I need to explain what I would expect from a high level auditable-info API - The high level API should be kept with consumer in mind and it should be easy to consume e.g. provide Consumer should not need to care about messing with dependency tree structure and stuff like that or even care about whether the data structure is JSON or something else - that is implementation detail to auditable. I can understand it for the low-level API but if we are to provide high-level API then it should be something like this: Maybe one could use JSON Path ? but then that ties into a data format which is supposed to be implementation detail info = auditable::Info::from(T); // T generic can be `File` | `OssString` | ..
info.path('json_path') Above would assume |
Based on the experience with integrating it into cargo-audit and Trivy, the API of just exposing the format directly appears to be the right level of abstraction. The scanners then convert it into their native data structures, which are fairly close to the JSON format. And since the format is stable, just exposing the format is the most API-stable thing we can do. |
I believe you are correct about this not really being a high-level API, but I don't have any use cases for a high-level API, so I cannot design an API that will actually be useful that way. So for now I'm leaving it at the level of abstraction that is useful in |
Yeah I think we need consumer use-cases in order to design that - if any. correct |
Performs the parsing in a single function call instead of requiring assembling the pieces yourself and also doing your own error handling.
Resolves #50