flatbuffers/src at 8afb68f074b95b748425a5649728eb9fba3bc50b - flatbuffers - Gitea: Git with a cup of tea

BigfootDev/flatbuffers

mirror of https://github.com/google/flatbuffers.git synced 2026-06-01 19:58:15 +00:00

Files

History

Kevin Zhao 8afb68f074 codegen: escape string default values to prevent code injection (#8964 )

String default values parsed from .fbs schemas are un-escaped by the IDL
parser (e.g., \x22 becomes a raw " byte), but code generators embed these
raw values directly into generated source code string literals. This allows
specially crafted .fbs files to break out of string literals and inject
arbitrary code into generated C++, Rust, TypeScript, and Swift source.

Fix by adding EscapeCodeGenString() helper that re-escapes string content
before embedding, and applying it to all 7 affected injection points across
5 code generators (C++, Rust, TypeScript, Swift, FBS).

Resolves the TODO comments in idl_gen_cpp.cpp and idl_gen_rust.cpp.

2026-03-18 22:01:23 -04:00

..

annotated_binary_text_gen.cpp

Use the Google Style for clang-format without exceptions (#8706 )

2025-09-23 21:19:33 -07:00

annotated_binary_text_gen.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

bfbs_gen_lua.cpp

Feature: lua now file_ident aware (#8850 )

2026-02-04 13:05:08 +00:00

bfbs_gen_lua.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

bfbs_gen_nim.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

bfbs_gen_nim.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

bfbs_gen.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

bfbs_namer.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

binary_annotator.cpp

Use the Google Style for clang-format without exceptions (#8706 )

2025-09-23 21:19:33 -07:00

binary_annotator.h

bulk code format fix (#8707 )

2025-09-23 21:50:27 -07:00

BUILD.bazel

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

code_generators.cpp

Use the Google Style for clang-format without exceptions (#8706 )

2025-09-23 21:19:33 -07:00

file_manager.cpp

Run clang-format -i **/*.cpp (#8865 )

2025-12-19 10:42:57 -08:00

file_name_manager.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

flatc_main.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

flatc.cpp

disallow circular struct references (#8851 )

2026-02-04 15:15:05 +00:00

flathash.cpp

Use the Google Style for clang-format without exceptions (#8706 )

2025-09-23 21:19:33 -07:00

idl_gen_binary.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_binary.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_cpp.cpp

codegen: escape string default values to prevent code injection (#8964 )

2026-03-18 22:01:23 -04:00

idl_gen_cpp.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_csharp.cpp

[C#] Add GetBytes methods for fixed arrays (#8633 )

2026-02-04 23:13:32 +00:00

idl_gen_csharp.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_dart.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

idl_gen_dart.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_fbs.cpp

codegen: escape string default values to prevent code injection (#8964 )

2026-03-18 22:01:23 -04:00

idl_gen_fbs.h

inject no long for FBS generation to remove logs in flattests (#7926 )

2023-04-28 13:40:38 -07:00

idl_gen_go.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

idl_gen_go.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_grpc.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_java.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

idl_gen_java.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_json_schema.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_json_schema.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_kotlin_kmp.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

idl_gen_kotlin.cpp

[C++] Check for case insensitive keywords (#8420 )

2026-01-20 16:06:07 -08:00

idl_gen_kotlin.h

Add Kotlin multiplatform support (#7969 )

2023-05-26 11:00:33 -07:00

idl_gen_lobster.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_lobster.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_php.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_php.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_python.cpp

fix: Added return value to non type-prefixed create vector function (#8945 )

2026-03-05 02:09:09 +00:00

idl_gen_python.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_rust.cpp

codegen: escape string default values to prevent code injection (#8964 )

2026-03-18 22:01:23 -04:00

idl_gen_rust.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_swift.cpp

codegen: escape string default values to prevent code injection (#8964 )

2026-03-18 22:01:23 -04:00

idl_gen_swift.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_gen_text.cpp

Implement --file-names-only (#8788 )

2025-12-03 04:37:06 +00:00

idl_gen_text.h

Final refactor for bfsb_generator* and text generator (#7806 )

2023-01-31 09:35:34 -08:00

idl_gen_ts.cpp

codegen: escape string default values to prevent code injection (#8964 )

2026-03-18 22:01:23 -04:00

idl_gen_ts.h

Refactor languages to use CodeGenerator interface. (#7797 )

2023-01-25 09:05:48 -08:00

idl_namer.h

[gRPC] Update the code generator for Python to produce typed handlers (#8326 )

2024-06-18 16:02:57 -07:00

idl_parser.cpp

fix: infinite loop in proto reserved range parser (CWE-835) (#8966 )

2026-03-11 22:23:32 -04:00

namer.h

[gRPC] Update the code generator for Python to produce typed handlers (#8326 )

2024-06-18 16:02:57 -07:00

reflection.cpp

add verification that type_vec.size == vec.size() (#8853 )

2025-12-21 21:55:54 +00:00

util.cpp

Use the Google Style for clang-format without exceptions (#8706 )

2025-09-23 21:19:33 -07:00