From 058f4a614f3a7b9abd462a20e5a383d948021e95 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 12:21:38 +0000 Subject: [PATCH 1/2] chore(deps): update dependency golangci-lint to v2.10.1 --- .github/workflows/build-x86-image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml index 48fff3da94e..77bc8b71b22 100644 --- a/.github/workflows/build-x86-image.yaml +++ b/.github/workflows/build-x86-image.yaml @@ -24,7 +24,7 @@ env: # renovate: datasource=github-releases depName=kind packageName=kubernetes-sigs/kind KIND_VERSION: v0.31.0 # renovate: datasource=github-releases depName=golangci-lint packageName=golangci/golangci-lint - GOLANGCI_LINT_VERSION: v2.8.0 + GOLANGCI_LINT_VERSION: v2.10.1 # renovate: datasource=github-releases depName=helm packageName=helm/helm HELM_VERSION: v4.1.1 # renovate: datasource=github-releases depName=submariner packageName=submariner-io/submariner From de94ee00c091eb67373e6b97cfa05682e03edfef Mon Sep 17 00:00:00 2001 From: Mengxin Liu Date: Sat, 21 Feb 2026 13:05:40 +0000 Subject: [PATCH 2/2] fix(lint): resolve golangci-lint v2.10.1 issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add #nosec G117 for BGP password field (legitimate user-configured value) - Add #nosec G602 for fixed-size array accesses in subnet route reconciliation - Add #nosec G702/G704 for trusted internal command/network operations in ovn-leader-checker - Add #nosec G115 for safe int→uintptr conversion on 64-bit Linux - Replace WriteString(fmt.Sprintf(...)) with fmt.Fprintf(...) (perfsprint auto-fix) - Add golangci.yml exclusion for revive stdlib package name conflict warnings Signed-off-by: Mengxin Liu Co-Authored-By: Claude Sonnet 4.6 --- .golangci.yml | 3 +++ pkg/apis/kubeovn/v1/vpc-nat-gateway.go | 2 +- pkg/controller/subnet.go | 6 +++--- pkg/ovn_ic_controller/ovn_ic_controller.go | 4 ++-- pkg/ovn_leader_checker/ovn.go | 7 +++---- pkg/ovs/util.go | 2 +- pkg/tproxy/tproxy_tcp_linux.go | 2 +- test/e2e/iptables-eip-qos/e2e_test.go | 18 +++++++++--------- 8 files changed, 23 insertions(+), 21 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 69454c14ed4..038ee99609b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -40,6 +40,9 @@ linters: - linters: - revive text: avoid meaningless package names + - linters: + - revive + text: avoid package names that conflict with Go standard library package names # Exclude gosec from running on tests files. - linters: - gosec diff --git a/pkg/apis/kubeovn/v1/vpc-nat-gateway.go b/pkg/apis/kubeovn/v1/vpc-nat-gateway.go index 9341d777789..2cc4c904f83 100644 --- a/pkg/apis/kubeovn/v1/vpc-nat-gateway.go +++ b/pkg/apis/kubeovn/v1/vpc-nat-gateway.go @@ -65,7 +65,7 @@ type VpcBgpSpeaker struct { Neighbors []string `json:"neighbors"` HoldTime metav1.Duration `json:"holdTime"` RouterID string `json:"routerId"` - Password string `json:"password"` + Password string `json:"password"` // #nosec G117 EnableGracefulRestart bool `json:"enableGracefulRestart"` ExtraArgs []string `json:"extraArgs"` } diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go index f323f29df06..0d2d743207f 100644 --- a/pkg/controller/subnet.go +++ b/pkg/controller/subnet.go @@ -1468,7 +1468,7 @@ func (c *Controller) reconcileEcmpCentralizedSubnetRouteInDefaultVpc(subnet *kub v4CIDR, v6CIDR := util.SplitStringIP(subnet.Spec.CIDRBlock) cidrs := [2]string{v4CIDR, v6CIDR} for i, cidr := range cidrs { - if len(nodeIPs[i]) == 0 || cidr == "" { + if len(nodeIPs[i]) == 0 || cidr == "" { // #nosec G602 continue } klog.Infof("delete old distributed policy route for subnet %s", subnet.Name) @@ -1476,8 +1476,8 @@ func (c *Controller) reconcileEcmpCentralizedSubnetRouteInDefaultVpc(subnet *kub klog.Errorf("failed to delete policy route for overlay subnet %s, %v", subnet.Name, err) return err } - klog.Infof("subnet %s configure ecmp policy route, nexthops %v", subnet.Name, nodeIPs[i]) - if err := c.updatePolicyRouteForCentralizedSubnet(subnet.Name, cidr, nodeIPs[i], nameIPMaps[i]); err != nil { + klog.Infof("subnet %s configure ecmp policy route, nexthops %v", subnet.Name, nodeIPs[i]) // #nosec G602 + if err := c.updatePolicyRouteForCentralizedSubnet(subnet.Name, cidr, nodeIPs[i], nameIPMaps[i]); err != nil { // #nosec G602 klog.Errorf("failed to add ecmp policy route for centralized subnet %s: %v", subnet.Name, err) return err } diff --git a/pkg/ovn_ic_controller/ovn_ic_controller.go b/pkg/ovn_ic_controller/ovn_ic_controller.go index c57cf2714ff..d112c997282 100644 --- a/pkg/ovn_ic_controller/ovn_ic_controller.go +++ b/pkg/ovn_ic_controller/ovn_ic_controller.go @@ -486,10 +486,10 @@ func genHostAddress(host, port string) (hostAddress string) { var builder strings.Builder i := 0 for i < len(hostList)-1 { - builder.WriteString(fmt.Sprintf("tcp:[%s]:%s,", hostList[i], port)) + fmt.Fprintf(&builder, "tcp:[%s]:%s,", hostList[i], port) i++ } - builder.WriteString(fmt.Sprintf("tcp:[%s]:%s", hostList[i], port)) + fmt.Fprintf(&builder, "tcp:[%s]:%s", hostList[i], port) hostAddress = builder.String() } return hostAddress diff --git a/pkg/ovn_leader_checker/ovn.go b/pkg/ovn_leader_checker/ovn.go index 9fb9648572a..be9817b2d26 100755 --- a/pkg/ovn_leader_checker/ovn.go +++ b/pkg/ovn_leader_checker/ovn.go @@ -245,7 +245,7 @@ func stealLock() { args = slices.Insert(args, 0, ovs.CmdSSLArgs()...) } - output, err := exec.Command("ovsdb-client", args...).CombinedOutput() // #nosec G204 + output, err := exec.Command("ovsdb-client", args...).CombinedOutput() // #nosec G204 G702 if err != nil { klog.Errorf("stealLock err %v", err) return @@ -267,7 +267,7 @@ func checkNorthdSvcExist(cfg *Configuration, namespace, svcName string) bool { func checkNorthdEpAvailable(ip string) bool { address := util.JoinHostPort(ip, util.NBRaftPort) - conn, err := net.DialTimeout("tcp", address, northdDialTimeout) + conn, err := net.DialTimeout("tcp", address, northdDialTimeout) // #nosec G704 if err != nil { klog.Errorf("failed to connect to northd leader %s, err: %v", ip, err) failCount++ @@ -529,8 +529,7 @@ func updateTS() error { fmt.Sprintf(`external_ids:subnet="%s"`, subnet), fmt.Sprintf(`external_ids:vendor="%s"`, util.CniTypeName), ) - // #nosec G204 - cmd = exec.Command("ovn-ic-nbctl", args...) + cmd = exec.Command("ovn-ic-nbctl", args...) // #nosec G204 G702 output, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("output: %s, err: %w", output, err) diff --git a/pkg/ovs/util.go b/pkg/ovs/util.go index 1273ef700c2..51e7b3a1125 100644 --- a/pkg/ovs/util.go +++ b/pkg/ovs/util.go @@ -164,7 +164,7 @@ func formatDHCPOptions(options map[string]string) string { if k == "dns_server" { v = strings.ReplaceAll(v, ",", ";") } - sb.WriteString(fmt.Sprintf("%s=%s", k, v)) + fmt.Fprintf(&sb, "%s=%s", k, v) } return sb.String() } diff --git a/pkg/tproxy/tproxy_tcp_linux.go b/pkg/tproxy/tproxy_tcp_linux.go index 255c4e9c223..9e306f770ea 100644 --- a/pkg/tproxy/tproxy_tcp_linux.go +++ b/pkg/tproxy/tproxy_tcp_linux.go @@ -220,7 +220,7 @@ func dialTCP(device string, laddr, raddr *net.TCPAddr, dontAssumeRemote, isnonbl return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket connect: %w", err)} } - fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String()) + fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String()) // #nosec G115 defer func() { if err := fdFile.Close(); err != nil { klog.Errorf("fdFile %v Close err: %v", fdFile, err) diff --git a/test/e2e/iptables-eip-qos/e2e_test.go b/test/e2e/iptables-eip-qos/e2e_test.go index 80aee47b5b7..61f0bff500e 100644 --- a/test/e2e/iptables-eip-qos/e2e_test.go +++ b/test/e2e/iptables-eip-qos/e2e_test.go @@ -1034,17 +1034,17 @@ type bandwidthValidationResult struct { func formatBandwidthSummary(result bandwidthValidationResult, testType, direction string) string { var sb strings.Builder sb.WriteString("\n╔═══════════════════════════════════════════════════════════════════════════════╗\n") - sb.WriteString(fmt.Sprintf("║ QoS Bandwidth Test Summary - %s (%s)\n", testType, direction)) + fmt.Fprintf(&sb, "║ QoS Bandwidth Test Summary - %s (%s)\n", testType, direction) sb.WriteString("╠═══════════════════════════════════════════════════════════════════════════════╣\n") - sb.WriteString(fmt.Sprintf("║ QoS Limit: %.2f Mbps\n", result.LimitMbps)) + fmt.Fprintf(&sb, "║ QoS Limit: %.2f Mbps\n", result.LimitMbps) if result.MaxExpected > 0 { - sb.WriteString(fmt.Sprintf("║ Expected Range: %.2f ~ %.2f Mbps (%.0f%% ~ %.0f%% of limit)\n", + fmt.Fprintf(&sb, "║ Expected Range: %.2f ~ %.2f Mbps (%.0f%% ~ %.0f%% of limit)\n", result.MinExpected, result.MaxExpected, - bandwidthToleranceLow*100, bandwidthToleranceHigh*100)) + bandwidthToleranceLow*100, bandwidthToleranceHigh*100) } else { - sb.WriteString(fmt.Sprintf("║ Expected: > %.2f Mbps (QoS disabled, should exceed %.0f%% of limit)\n", - result.MinExpected, bandwidthToleranceHigh*100)) + fmt.Fprintf(&sb, "║ Expected: > %.2f Mbps (QoS disabled, should exceed %.0f%% of limit)\n", + result.MinExpected, bandwidthToleranceHigh*100) } sb.WriteString("║ Measured Values: ") @@ -1052,14 +1052,14 @@ func formatBandwidthSummary(result bandwidthValidationResult, testType, directio if i > 0 { sb.WriteString(", ") } - sb.WriteString(fmt.Sprintf("%.2f", bw)) + fmt.Fprintf(&sb, "%.2f", bw) } sb.WriteString(" Mbps\n") if result.Passed { - sb.WriteString(fmt.Sprintf("║ Best Match: %.2f Mbps ✓ PASS\n", result.BestMatch)) + fmt.Fprintf(&sb, "║ Best Match: %.2f Mbps ✓ PASS\n", result.BestMatch) } else { - sb.WriteString(fmt.Sprintf("║ Best Match: %.2f Mbps ✗ FAIL\n", result.BestMatch)) + fmt.Fprintf(&sb, "║ Best Match: %.2f Mbps ✗ FAIL\n", result.BestMatch) } sb.WriteString("╚═══════════════════════════════════════════════════════════════════════════════╝\n")