From 05a47ad92db66cb92903405805041dfae06a0c37 Mon Sep 17 00:00:00 2001
From: Emmanuel T Odeke <emmanuel@orijtech.com>
Date: Fri, 21 Oct 2022 22:36:08 -0700
Subject: [PATCH] rules/sdk: allow packages with */crypto/* to import unsafe

Cryptographic packages require crypto/rand and other seemingly
unsafe packages. This change removes those false positives by
checking that segments of the package's path contain "crypto" and if
so allow these "unsafe" packages.

Fixes #63
---
 rules/sdk/blocklist.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/rules/sdk/blocklist.go b/rules/sdk/blocklist.go
index 977987e..b1dc209 100644
--- a/rules/sdk/blocklist.go
+++ b/rules/sdk/blocklist.go
@@ -16,6 +16,7 @@ package sdk
 
 import (
 	"go/ast"
+	"path/filepath"
 	"strings"
 
 	"github.com/cosmos/gosec/v2"
@@ -48,6 +49,17 @@ func forbiddenFromBlockedImports(ctx *gosec.Context) bool {
 		// data for randomizing data.
 		return false
 	default:
+		pkgPath, err := gosec.GetPkgAbsPath(pkg)
+		if err != nil {
+			return true
+		}
+
+		splits := strings.Split(pkgPath, string(filepath.Separator))
+		for _, split := range splits {
+			if split == "crypto" {
+				return false
+			}
+		}
 		// Everything else is forbidden from unsafe imports.
 		return true
 	}