sdk/golang/Standard Library/GoReflect

GoReflect

reflect package. reflect.ValueOf() and reflect.New() with user-controlled type strings enable dynamic code execution — a finding for unsafe reflection rules.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.New()Creates new zero value of type

Sinks

— dangerous functions taint must not reach

.New()Sink

Signature

New(typ Type) Value

Creates new zero value of type. Unsafe when type is derived from user input.

tracks:0

Other Methods

.ValueOf()Neutral

Signature

ValueOf(i any) Value

Returns Value wrapping i. Taint propagates through reflect operations.

Fully-Qualified Names

FQN	Field
reflect	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoReflect

← PreviousGoPrinter

Next →GoRegexp