add lint fix

weiliu2 · weiliu2 · commit c6afa590e2f5 · 2026-02-23T00:14:31.000+13:00
diff --git a/pkg/privatecluster/tool_installer.go b/pkg/privatecluster/tool_installer.go
@@ -59,7 +59,7 @@ func (t *ToolInstaller) InstallKubelogin(ctx context.Context) error {
 	if _, err := utils.RunCommandWithOutputContext(ctx, "cp", binaryPath, "/usr/local/bin/kubelogin"); err != nil {
 		return fmt.Errorf("failed to install kubelogin: %w", err)
 	}
-	_ = os.Chmod("/usr/local/bin/kubelogin", 0755)
+	_ = os.Chmod("/usr/local/bin/kubelogin", 0755) // #nosec G302 -- binary must be executable
 
 	t.logger.Infof("kubelogin v%s installed", kubeloginVersion)
 	return nil
@@ -79,7 +79,7 @@ func (t *ToolInstaller) InstallKubectl(ctx context.Context, kubernetesVersion st
 	if _, err := utils.RunCommandWithOutputContext(ctx, "curl", "-L", "-o", "/usr/local/bin/kubectl", url); err != nil {
 		return fmt.Errorf("failed to download kubectl: %w", err)
 	}
-	_ = os.Chmod("/usr/local/bin/kubectl", 0755)
+	_ = os.Chmod("/usr/local/bin/kubectl", 0755) // #nosec G302 -- binary must be executable
 
 	t.logger.Infof("kubectl v%s installed", kubernetesVersion)
 	return nil
diff --git a/pkg/privatecluster/utils.go b/pkg/privatecluster/utils.go
@@ -55,7 +55,7 @@ func ReadFileContent(path string) (string, error) {
 
 // WriteFileContent writes content to a file with specified permissions.
 func WriteFileContent(path, content string, perm os.FileMode) error {
-	return os.WriteFile(path, []byte(content), perm) // #nosec G306 -- perm is from trusted internal code
+	return os.WriteFile(path, []byte(content), perm) // #nosec G306 G703 -- perm and path are from trusted internal code
 }
 
 // AddHostsEntry adds an entry to /etc/hosts if it doesn't exist.
@@ -125,7 +125,7 @@ func FixSSHKeyOwnership(keyPath string) error {
 
 	for _, path := range []string{keyPath, keyPath + ".pub"} {
 		if utils.FileExists(path) {
-			cmd := exec.Command("chown", fmt.Sprintf("%s:%s", u.Uid, u.Gid), path) // #nosec G204 -- chown with uid/gid
+			cmd := exec.Command("chown", fmt.Sprintf("%s:%s", u.Uid, u.Gid), path) // #nosec G204 G702 -- chown with uid/gid from user.Lookup
 			if err := cmd.Run(); err != nil {
 				return fmt.Errorf("failed to change ownership of %s: %w", path, err)
 			}
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -34,14 +34,14 @@ func RunCommandWithOutput(name string, args ...string) (string, error) {
 
 // RunCommandWithOutputContext executes a command with context and returns its combined output.
 func RunCommandWithOutputContext(ctx context.Context, name string, args ...string) (string, error) {
-	cmd := exec.CommandContext(ctx, name, args...)
+	cmd := exec.CommandContext(ctx, name, args...) // #nosec G204 -- same pattern as RunCommandWithOutput
 	output, err := cmd.CombinedOutput()
 	return string(output), err
 }
 
 // RunCommandSilentContext executes a command with context and returns only whether it succeeded.
 func RunCommandSilentContext(ctx context.Context, name string, args ...string) bool {
-	cmd := exec.CommandContext(ctx, name, args...)
+	cmd := exec.CommandContext(ctx, name, args...) // #nosec G204 -- same pattern as RunSystemCommand
 	return cmd.Run() == nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func ReadFileContent(path string) (string, error) {`
`55`	`55`
`56`	`56`	`// WriteFileContent writes content to a file with specified permissions.`
`57`	`57`	`func WriteFileContent(path, content string, perm os.FileMode) error {`
`58`		`- return os.WriteFile(path, []byte(content), perm) // #nosec G306 -- perm is from trusted internal code`
	`58`	`+ return os.WriteFile(path, []byte(content), perm) // #nosec G306 G703 -- perm and path are from trusted internal code`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`// AddHostsEntry adds an entry to /etc/hosts if it doesn't exist.`
`@@ -125,7 +125,7 @@ func FixSSHKeyOwnership(keyPath string) error {`
`125`	`125`
`126`	`126`	`for _, path := range []string{keyPath, keyPath + ".pub"} {`
`127`	`127`	`if utils.FileExists(path) {`
`128`		`- cmd := exec.Command("chown", fmt.Sprintf("%s:%s", u.Uid, u.Gid), path) // #nosec G204 -- chown with uid/gid`
	`128`	`+ cmd := exec.Command("chown", fmt.Sprintf("%s:%s", u.Uid, u.Gid), path) // #nosec G204 G702 -- chown with uid/gid from user.Lookup`
`129`	`129`	`if err := cmd.Run(); err != nil {`
`130`	`130`	`return fmt.Errorf("failed to change ownership of %s: %w", path, err)`
`131`	`131`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,14 +34,14 @@ func RunCommandWithOutput(name string, args ...string) (string, error) {`
`34`	`34`
`35`	`35`	`// RunCommandWithOutputContext executes a command with context and returns its combined output.`
`36`	`36`	`func RunCommandWithOutputContext(ctx context.Context, name string, args ...string) (string, error) {`
`37`		`- cmd := exec.CommandContext(ctx, name, args...)`
	`37`	`+ cmd := exec.CommandContext(ctx, name, args...) // #nosec G204 -- same pattern as RunCommandWithOutput`
`38`	`38`	`output, err := cmd.CombinedOutput()`
`39`	`39`	`return string(output), err`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`// RunCommandSilentContext executes a command with context and returns only whether it succeeded.`
`43`	`43`	`func RunCommandSilentContext(ctx context.Context, name string, args ...string) bool {`
`44`		`- cmd := exec.CommandContext(ctx, name, args...)`
	`44`	`+ cmd := exec.CommandContext(ctx, name, args...) // #nosec G204 -- same pattern as RunSystemCommand`
`45`	`45`	`return cmd.Run() == nil`
`46`	`46`	`}`
`47`	`47`