Summary

It's a very common pattern in Go code that _ = foo() indicates that the error is being explicitly ignored (for whatever reason). However, gosec will still give you errors despite this:

[/home/cyphar/.local/src/github.com/openSUSE/umoci/oci/layer/unpack.go:128] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > _ = fsEval.RemoveAll(rootfsPath)

(And obviously this happens if the error is in a tuple-style return as well.)

gosec version

12400f9

Go version (output of 'go version')

go version go1.11.4 linux/amd64

Operating system / Environment

openSUSE Tumbleweed

Expected behavior

_ = foo() should result in the warning being suppressed -- since the error is not "unhandled".

Actual behavior

_ = foo() is incorrectly classified as an unhandled error (G104).