Go: Semgrep mistakes import's PackageName with a local variable

[GrosQuildu]

Describe the bug
If a local variable has the same name as an imported package, Semgrep mistakes the two. Please see the example issue below.

To Reproduce
https://semgrep.dev/playground/s/j203Y

package main

import (
	testalias "fmt"
)

func main() {
	_, fmt := testalias.Println("Hello, 世界")
	if fmt != nil {
		testalias.Println(fmt)
	}
}

rules:
  - id: python-fstring
    languages:
      - go
    severity: ERROR
    message: Potential `$FOO` nil dereference when `$BAR` is called
    patterns:
      - pattern: |
          $FOO.$BAR(...)
          ...
          if $FOO != nil { ... }

Expected behavior
I would expect no matches - the testalias.Println is called, but a completely independent fmt variable is checked againt nil.

With other name collisions Semgrep behaces as expected. See example here: https://semgrep.dev/playground/s/10e4w

package main

import "fmt"

var x = 1

func main() {
	fmt.Println(x)
	x := 2
	fmt.Println(x, "x")
}

rules:
  - id: python-fstring
    languages:
      - go
    severity: ERROR
    message: Matched $X
    patterns:
      - pattern: |
          fmt.Println($X)
          $X := ...

No matches. Semgrep figured out that the first $X in Println is different from the newly created variable.

What is the priority of the bug to you?

• P0: blocking your adoption of Semgrep or workflow
• P1: important to fix or quite annoying
• P2: regular bug that should get fixed

Use case
This bug causes false positive with Trail of Bits nil-check-after-call rule.