rules/sdk: G702: Blocklisted import crypto/rand should not flag for crypto related code

I've seen a bunch of reports like this
```shell
[/go/src/github.com/cosmos/cosmos-sdk/crypto/xsalsa20symmetric/symmetric.go:4] - G702 (CWE-): Blocklisted import crypto/rand (Confidence: HIGH, Severity: MEDIUM)
    3: import (
  > 4: 	"crypto/rand"
    5: 	"errors"



[/go/src/github.com/cosmos/cosmos-sdk/crypto/keys/internal/ecdsa/privkey.go:6] - G702 (CWE-): Blocklisted import crypto/rand (Confidence: HIGH, Severity: MEDIUM)
    5: 	"crypto/elliptic"
  > 6: 	"crypto/rand"
    7: 	"crypto/sha256"



[/go/src/github.com/cosmos/cosmos-sdk/crypto/keys/internal/benchmarking/bench.go:4] - G702 (CWE-): Blocklisted import crypto/rand (Confidence: HIGH, Severity: MEDIUM)
    3: import (
  > 4: 	"crypto/rand"
    5: 	"io"
```

but really cryptographic code needs RNGs from crypto/rand so as to perform its duties, hence we should exempt code in such files or packages from these false positives

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

rules/sdk: G702: Blocklisted import crypto/rand should not flag for crypto related code #63

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

rules/sdk: G702: Blocklisted import crypto/rand should not flag for crypto related code #63

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions