Say we have a type to encapsulate sensitive information, which can only be accessed by calling its SecretValue
method:
type Secret struct {
secret string
}
func (s *Secret) SecretValue() string {
return s.secret
}
We wish to prevent the sensitive info secret
from leaking into logs. Specifically, we want to ensure that the string
returned by SecretValue()
is never later passed as an argument to any method that can write to stdout, stderr, or a file -- that is, methods like fmt.Printf
, fmt.Println
, fmt.Errorf
, etc.
Is it possible, either by static analysis of the code, or by using reflection at runtime, to enforce such a policy? If so, how, at a high-level, would this be achieved?
Is it even possible to enumerate "all methods in the standard library that can possible write to stdout, stderr, or a file"? If so, how?