Skip to main content

Rust ecosystem analyzer plugin for AttackMap (axum, actix-web, rocket; sqlx/diesel/sea-orm; jsonwebtoken/argon2; reqwest).

Project description

attackmap-analyzer-rust

Rust ecosystem analyzer for AttackMap.

This analyzer extracts structured signals from Rust crates and Cargo workspaces:

  • Web frameworks — axum, actix-web, rocket (route + entrypoint extraction)
  • Databases — sqlx (Postgres / MySQL / SQLite), diesel, sea-orm, tokio-postgres, rusqlite, mongodb, redis, deadpool, AWS SDK (S3 / DynamoDB)
  • Auth crates — jsonwebtoken, argon2 / bcrypt / scrypt / password-hash, oauth2, axum-login, actix-identity, tower-sessions, tower-http auth
  • HTTP clients (external calls) — reqwest, isahc, surf, ureq
  • Secretsstd::env::var, dotenv / dotenvy, env! macro, secrecy::SecretString
  • Service hints — Cargo [package].name and [workspace].members

All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.rs:NN.

Install

pip install git+https://github.com/mlaify/attackmap-analyzer-rust.git

The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.

Usage with AttackMap

# Auto-discovered when installed:
attackmap analyze /path/to/rust/repo

# Or invoke explicitly:
attackmap analyze /path/to/rust/repo --module rust

Detection

detect() returns true when any of the following are present, ignoring target/, .git/, node_modules/, .cargo/, and vendor/:

  • A Cargo.toml or Cargo.lock at the repository root, or anywhere in the tree
  • One or more .rs files in the tree

Coverage notes

  • Warp is intentionally not covered yet — its filter-based routing makes path extraction unreliable from regex alone.
  • Tide framework presence is detected via tide:: imports; route extraction for tide's app.at("/x").get(...) chain is on the roadmap.
  • Multi-method axum chains like .route("/x", get(h).post(h2)) produce one Route per HTTP verb in the chain, all sharing the same line.
  • The actix-web attribute regex (#[get(...)]) and rocket attribute regex are intentionally identical; rocket emissions only fire when the file also mentions rocket somewhere, to avoid double-counting actix routes.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmap_analyzer_rust-0.1.0.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmap_analyzer_rust-0.1.0-py3-none-any.whl (10.2 kB view details)

Uploaded Python 3

File details

Details for the file attackmap_analyzer_rust-0.1.0.tar.gz.

File metadata

  • Download URL: attackmap_analyzer_rust-0.1.0.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmap_analyzer_rust-0.1.0.tar.gz
Algorithm Hash digest
SHA256 99106bcca98856588dee5ceac015ce4e8c63e008dde3ec4c09433817e54a57f3
MD5 513641f3bf8f40910d4d1f64ed596c86
BLAKE2b-256 a4e2c945879d8edf07c231d6aa2427975d456dc54d4576ebc9411c32aa5e1954

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_rust-0.1.0.tar.gz:

Publisher: release.yml on mlaify/attackmap-analyzer-rust

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmap_analyzer_rust-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for attackmap_analyzer_rust-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 16cce5fe68f4d640091cd921aeb1b0aedbfcaa61dab0ef7b5767aa8b3396abb3
MD5 d38518bb10e0911b9eb4f2a4d5a861e3
BLAKE2b-256 794971e3e9d0a5a9d3b7be9f35df5348a42f318a74605ffb87d206b03a12916a

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_rust-0.1.0-py3-none-any.whl:

Publisher: release.yml on mlaify/attackmap-analyzer-rust

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page