- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/unsafe-reflection
Language: Go
Severity: Info
Category: Security
CWE: 470
In Go, unsafe reflection refers to the use of the reflect
package in combination with the unsafe
package to modify or access private or unexported fields of a struct. It allows bypassing the normal visibility rules and type safety of Go’s language design. Unsafe reflection can be useful in certain situations, but it also comes with significant risks and should be used with caution.
To prevent unsafe reflection and maintain the safety and integrity of your code, you can follow the following practices:
unsafe
Package: Minimize the use of the unsafe
package, especially when working with reflection. The unsafe
package removes the safety features of Go and can lead to unpredictable behavior. Instead, try to solve the problem using idiomatic Go constructs whenever possible.reflect
tags) to provide metadata and annotations. This approach allows you to access struct fields without relying on direct access to their memory.It is important to note that reflection has its use cases and can provide powerful functionality when used appropriately. However, due to its potential for code complexity and security vulnerabilities, it is advisable to explore alternative solutions and use reflection sparingly.
By following these best practices and understanding the risks associated with unsafe reflection, you can prevent unsafe operations and maintain the safety and integrity of your Go code.
import (
"reflect"
)
func test() {
something.MethodByName(methodName)
something.FieldByName(fieldName);
}
import (
"reflect"
)
func test() {
something.MethodByName("method")
something.FieldByName("field");
}