Track only the import from the file which is checked

Signed-off-by: Cosmin Cojocar <[email protected]>

Author: ccojocar

analyzer.go

@@ -175,7 +175,7 @@ func (gosec *Analyzer) check(pkg *packages.Package) {
 		gosec.context.Pkg = pkg.Types
 		gosec.context.PkgFiles = pkg.Syntax
 		gosec.context.Imports = NewImportTracker()
-		gosec.context.Imports.TrackPackages(gosec.context.Pkg.Imports()...)
+		gosec.context.Imports.TrackFile(file)
 		ast.Walk(gosec, file)
 		gosec.stats.NumFiles++
 		gosec.stats.NumLines += pkg.Fset.File(file.Pos()).LineCount()

import_tracker.go

@@ -36,14 +36,22 @@ func NewImportTracker() *ImportTracker {
 	}
 }
 
+// TrackFile track all the imports used by the supplied file
+func (t *ImportTracker) TrackFile(file *ast.File) {
+	for _, imp := range file.Imports {
+		path := strings.Trim(imp.Path.Value, `"`)
+		parts := strings.Split(path, "/")
+		if len(parts) > 0 {
+			name := parts[len(parts)-1]
+			t.Imported[path] = name
+		}
+	}
+}
+
 // TrackPackages tracks all the imports used by the supplied packages
 func (t *ImportTracker) TrackPackages(pkgs ...*types.Package) {
 	for _, pkg := range pkgs {
 		t.Imported[pkg.Path()] = pkg.Name()
-		// Transient imports
-		//for _, imp := range pkg.Imports() {
-		//	t.Imported[imp.Path()] = imp.Name()
-		//}
 	}
 }