You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When math/rand is imported by a file in a package which is different than the file importing crypto/rand (and also calls rand.Read), a G404 is throw incorrectly - I believe.
I've been able to reproduce this. Will need to look into it some more. As a work around you could consider annotating your code with #nosec to avoid the false positive.
Summary
When
math/rand
is imported by a file in a package which is different than the file importingcrypto/rand
(and also callsrand.Read
), a G404 is throw incorrectly - I believe.Steps to reproduce the behavior
Contrived example:
init.go:
main.go:
gosec version
latest via
go get -u
Go version (output of 'go version')
go version go1.12.1 darwin/amd64
Operating system / Environment
macOS Mojave
Expected behavior
No errors.
Actual behavior
The text was updated successfully, but these errors were encountered: