diff --git a/helpers.go b/helpers.go index 437d032..bd6aff7 100644 --- a/helpers.go +++ b/helpers.go @@ -37,9 +37,9 @@ import ( // // node, matched := MatchCallByPackage(n, ctx, "math/rand", "Read") func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) { - importedName, found := GetImportedName(pkg, c) + importedName, found := GetAliasedName(pkg, c) if !found { - importedName, found = GetAliasedName(pkg, c) + importedName, found = GetImportedName(pkg, c) if !found { return nil, false } diff --git a/testutils/source.go b/testutils/source.go index e1124a4..3db02e2 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -3180,6 +3180,22 @@ func main() { bad := rand.Intn(10) println(bad) }`}, 1, gosec.NewConfig()}, + {[]string{` +package main + +import ( + "crypto/rand" + "math/big" + rnd "math/rand" +) + +func main() { + good, _ := rand.Int(rand.Reader, big.NewInt(int64(2))) + println(good) + bad := rnd.Intn(2) + println(bad) +} +`}, 1, gosec.NewConfig()}, } // SampleCodeG501 - Blocklisted import MD5