search

MaulingMonkey / jni-bindgen

Generate Rust JVM FFI wrappers around APIs defined by .jar or .class files, because maintaining your own hand-written bindings is an exercise in boredom, soundness bugs, and pain.
Apache License 2.0
79 stars 9 forks source link

Introduce parameterized Rust / Rust Comment writers. #35

Open MaulingMonkey opened 5 years ago

MaulingMonkey commented 5 years ago

Currently, a maliciously crafted .jar can probably inject naughty code into the generated bindings. A proper parameterized API for writing code would do a lot to tighten up this security gap.

Of course, if you're using a maliciously crafted .jar, you're probably already pretty screwed on the security front - but if you're only running the outputs in a nicely constrained sandbox or other security context, I'd like to avoid contributing to any means of badware escaping said sandbox or security context.

MaulingMonkey commented 4 years ago

This could use the #[doc] attribute, especially in the context of macro codegen.