README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Tool to find dangerous imports in go code

The tool checks for imports for a given `go.mod` file that

- use `unsafe`
- use cgo
- import `/net/http/pprof`

The checks are performed transitively, following dependencies. 


# Parameters

```
Usage of goosebumps:
  -cc
    	check for imports of cgo
  -ci
    	check for implementations of init()
  -cp
    	check for imports of net/http/pprof
  -cu
    	check for imports of unsafe
  -d string
    	directory with go.mod file (default ".")
  -exempt string
    	domains exempt from the search, seperated by space (default "golang.org")
  -modcache string
    	location of go mod cache (default "/home/oec/pkg/mod")
  -r	recursively search for go.mod files
```