Why is this an issue?
This rule raises an issue when reflection is used to change the visibility of a class, method or field, and when it is used to directly update a
field value. Altering or bypassing the accessibility of classes, methods, or fields violates the encapsulation principle and could lead to run-time
errors.
Noncompliant code example
public void makeItPublic(String methodName) throws NoSuchMethodException {
this.getClass().getMethod(methodName).setAccessible(true); // Noncompliant
}
public void setItAnyway(String fieldName, int value) {
this.getClass().getDeclaredField(fieldName).setInt(this, value); // Noncompliant; bypasses controls in setter
}
Resources
- CERT, SEC05-J. - Do not use reflection to increase accessibility of classes,
methods, or fields