goosebumps/README.md

Tool to find dangerous imports in go code

The tool checks for imports for a given go.mod file that

• uses unsafe
• uses cgo
• import /net/http/pprof

The checks are performed transitively, following dependencies.

Parameters

Usage of ./goosebumps:
  -cc
    	check for imports of cgo
  -ci
    	check for implementations of init()
  -cp
    	check for imports of net/http/pprof
  -cu
    	check for imports of unsafe
  -exempt string
    	domains exempt from the search, seperated by space (default "golang.org")
  -mod string
    	go.mod file (default "go.mod")
  -modcache string
    	location of go mod cache (default "$GOPATH/pkg/mod")