False Negative: Patterns are unable to match imports when alias is redeclared

[1nv8rzim]

Describe the bug
When attempting to match a function call from an imported package; if the name of the import is aliased to an existing symbol, rules are unable match it.

As an example, I will be using os.system as the pattern I want to match; however, any combination of [module].[function](...) work with my example.

A pattern like os.system(...) is able to match the following:

import os as a
a.system("ls")

Instead if the variable a is already declared, it is unable to match the pattern:

a = None
import os as a
a.system("ls")

Likewise, if you try and build more advanced pattern (like the below) to try and detect cases like the above, the pattern is still not able to match:

$ALIAS = ...
...
import os as $ALIAS
...
$ALIAS.system(...)

To Reproduce
Here is an example of using os.system() in python and rules I feel like should match the example I provided:
https://semgrep.dev/playground/s/5rzLj

Expected behavior
Redeclaration of a variable should not ruin patterns.

os.system(...) should be able to match both:

import os as a
a.system("ls")

and

a = None
import os as a
a.system("ls")

What is the priority of the bug to you?

• P0: blocking your adoption of Semgrep or workflow
• P1: important to fix or quite annoying
• P2: regular bug that should get fixed

Environment
I have tested cli and semgrep.dev which both have this issue.

Use case
Properly match imported functions when an alias to their import has already been used.