Tool to find dangerous imports in go code

The tool checks for imports for a given go.mod file that

use unsafe
use cgo
implement init()
import /net/http/pprof

The checks are performed transitively, following dependencies.

Parameters

Usage of goosebumps:
  -cc
        check for imports of cgo
  -ci
        check for implementations of init()
  -cp
        check for imports of net/http/pprof
  -cu
        check for imports of unsafe
  -d string
        directory with go.mod file (default ".")
  -exempt string
        domains exempt from the search, seperated by space (default "golang.org")
  -modcache string
        location of go mod cache (default "/home/oec/pkg/mod")
  -r    recursively search for go.mod files