From 20f2a98ce842af400ba1d9c1e8a78a697d186506 Mon Sep 17 00:00:00 2001
From: Grant Murphy <grantcmurphy@gmail.com>
Date: Mon, 7 Nov 2016 09:27:29 -0800
Subject: [PATCH] Ensure initialization only imports are ignored

Blacklisted imports should not report failures when a module is imported
for side-effects only using the blank identifier.

Closes #59
---
 rules/blacklist.go      |  2 +-
 rules/blacklist_test.go | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 rules/blacklist_test.go

diff --git a/rules/blacklist.go b/rules/blacklist.go
index 3fd5e69..f3ceb39 100644
--- a/rules/blacklist.go
+++ b/rules/blacklist.go
@@ -27,7 +27,7 @@ type BlacklistImport struct {
 
 func (r *BlacklistImport) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) {
 	if node, ok := n.(*ast.ImportSpec); ok {
-		if r.Path == node.Path.Value {
+		if r.Path == node.Path.Value && node.Name.String() != "_" {
 			return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil
 		}
 	}
diff --git a/rules/blacklist_test.go b/rules/blacklist_test.go
new file mode 100644
index 0000000..f2e6853
--- /dev/null
+++ b/rules/blacklist_test.go
@@ -0,0 +1,38 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package rules
+
+import (
+	gas "github.com/GoASTScanner/gas/core"
+	"testing"
+)
+
+const initOnlyImportSrc = `
+package main
+import (
+	_ "crypto/md5"
+	"fmt"
+)
+func main() {
+	for _, arg := range os.Args {
+		fmt.Println(arg)
+	}
+}`
+
+func TestInitOnlyImport(t *testing.T) {
+	config := map[string]interface{}{"ignoreNosec": false}
+	analyzer := gas.NewAnalyzer(config, nil)
+	analyzer.AddRule(NewBlacklist_crypto_md5(config))
+	issues := gasTestRunner(initOnlyImportSrc, analyzer)
+	checkTestResults(t, issues, 0, "")
+}