Check if package make syscalls

Open anjmao opened this issue 3 years ago • 1 comments

I was thinking about making tool to check if package makes any syscalls. There are many simple util libraries for parsing, collections helpers etc. Such libraries should not make any syscalls for network or file access.

What do you think about adding this optional check to gosec for static syscalls analysis.

gosec -include=Gxxx github.com/badoux/checkmail

Example output

syscall.SOCK_STREAM made by net.DialTimeout in checkmail.go:106

Oct 14 '22 11:10 anjmao

This sounds interesting. I think that is valuable for auditing code. I will be happy to receive such a contribution.

Oct 14 '22 11:10 ccojocar