Editing Reflective programming (section)

==Security considerations==

Reflection may allow a user to create unexpected [[control flow]] paths through an application, potentially bypassing security measures. This may be exploited by attackers.<ref>{{cite report |first1=Paulo |last1=Barros |first2=René |last2=Just |first3=Suzanne |last3=Millstein |first4=Paul |last4=Vines |first5=Werner |last5=Dietl |first6=Marcelo |last6=d'Amorim |first7=Michael D. |last7=Ernst |date=August 2015 |title=Static Analysis of Implicit Control Flow: Resolving Java Reflection and Android Intents |url=https://homes.cs.washington.edu/~mernst/pubs/implicit-control-flow-tr150801.pdf |publisher=University of Washington |id=UW-CSE-15-08-01 |access-date=October 7, 2021 }}</ref> Historical [[Vulnerability (computing)|vulnerabilities]] in Java caused by unsafe reflection allowed code retrieved from potentially untrusted remote machines to break out of the Java [[Sandbox (computer security)|sandbox]] security mechanism. A large scale study of 120 Java vulnerabilities in 2013 concluded that unsafe reflection is the most common vulnerability in Java, though not the most exploited.<ref>{{cite magazine |author=Eauvidoum, Ieu |author2=disk noise |date=October 5, 2021 |title=Twenty years of Escaping the Java Sandbox |url=http://phrack.org/issues/70/7.html#article |magazine=[[Phrack]] |volume=10 |issue=46 |access-date=October 7, 2021}}</ref>