Improper Control of Dynamically-Managed Code Resources
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-913: Improper Control of Dynamically-Managed Code Resources |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using reflect.MakeFunc in Go allows creation of functions at runtime, bypassing normal type safety checks. If user input can influence the generated code, this could introduce severe security risks.
Impact#
An attacker may exploit this to execute arbitrary code or perform unauthorized actions within your application, potentially leading to data breaches, privilege escalation, or full system compromise.