2023-06-20 12:28:42 +02:00
|
|
|
# Tool to find dangerous imports in go code
|
|
|
|
|
|
|
|
The tool checks for imports for a given `go.mod` file that
|
|
|
|
|
|
|
|
- uses `unsafe`
|
|
|
|
- uses cgo
|
|
|
|
- import `/net/http/pprof`
|
|
|
|
|
|
|
|
The checks are performed transitively, following dependencies.
|
|
|
|
|
|
|
|
|
|
|
|
# Parameters
|
|
|
|
|
|
|
|
```
|
|
|
|
Usage of ./goosebumps:
|
|
|
|
-cc
|
|
|
|
check for imports of cgo
|
|
|
|
-ci
|
|
|
|
check for implementations of init()
|
|
|
|
-cp
|
|
|
|
check for imports of net/http/pprof
|
|
|
|
-cu
|
|
|
|
check for imports of unsafe
|
|
|
|
-exempt string
|
|
|
|
domains exempt from the search, seperated by space (default "golang.org")
|
|
|
|
-mod string
|
|
|
|
go.mod file (default "go.mod")
|
|
|
|
-modcache string
|
|
|
|
location of go mod cache (default "$GOROOT/pkg/mod")
|
|
|
|
```
|