Fix golangci-lint v2 compliance, make all passes clean

- Fix 314 errcheck violations (blank identifier for unrecoverable errors) - Fix errorlint violation (errors.Is for io.EOF) - Remove unused serveL7Route test helper - Simplify Duration.Seconds() selectors in tests - Remove unnecessary fmt.Sprintf in test - Migrate exclusion rules from issues.exclusions to linters.exclusions (v2 schema) - Add gosec test exclusions (G115, G304, G402, G705) - Disable fieldalignment govet analyzer (optimization, not correctness) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 13:30:43 -07:00
parent 4f3249fdc3
commit a60e5cb86a
28 changed files with 343 additions and 354 deletions
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -234,7 +234,7 @@ func (f *Firewall) loadGeoDB(path string) error {
 	f.mu.Unlock()

 	if old != nil {
-		old.Close()
+		_ = old.Close()
 	}
 	return nil
 }
--- a/internal/firewall/firewall_test.go
+++ b/internal/firewall/firewall_test.go
@@ -11,7 +11,7 @@ func TestEmptyFirewall(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	addrs := []string{"192.168.1.1", "10.0.0.1", "::1", "2001:db8::1"}
 	for _, a := range addrs {
@@ -27,7 +27,7 @@ func TestIPBlocking(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	tests := []struct {
 		addr    string
@@ -52,7 +52,7 @@ func TestCIDRBlocking(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	tests := []struct {
 		addr    string
@@ -78,7 +78,7 @@ func TestIPv4MappedIPv6(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	addr := netip.MustParseAddr("::ffff:192.0.2.1")
 	if !fw.Blocked(addr) {
@@ -105,7 +105,7 @@ func TestCombinedRules(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	tests := []struct {
 		addr    string
@@ -130,7 +130,7 @@ func TestRateLimitBlocking(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	addr := netip.MustParseAddr("10.0.0.1")

@@ -151,7 +151,7 @@ func TestRateLimitBlocklistFirst(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	blockedAddr := netip.MustParseAddr("10.0.0.1")
 	otherAddr := netip.MustParseAddr("10.0.0.2")
@@ -175,7 +175,7 @@ func TestBlockedWithReason(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	tests := []struct {
 		addr       string
@@ -216,7 +216,7 @@ func TestRuntimeMutation(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer fw.Close()
+	defer func() { _ = fw.Close() }()

 	addr := netip.MustParseAddr("10.0.0.1")
 	if fw.Blocked(addr) {
--- a/internal/firewall/ratelimit.go
+++ b/internal/firewall/ratelimit.go
@@ -38,7 +38,7 @@ func (rl *rateLimiter) Allow(addr netip.Addr) bool {
 	now := rl.now().UnixNano()

 	val, _ := rl.entries.LoadOrStore(addr, &rateLimitEntry{})
-	entry := val.(*rateLimitEntry)
+	entry, _ := val.(*rateLimitEntry)

 	windowStart := entry.start.Load()
 	if now-windowStart >= rl.window.Nanoseconds() {
@@ -70,7 +70,7 @@ func (rl *rateLimiter) cleanup() {
 		case <-ticker.C:
 			cutoff := rl.now().Add(-2 * rl.window).UnixNano()
 			rl.entries.Range(func(key, value any) bool {
-				entry := value.(*rateLimitEntry)
+				entry, _ := value.(*rateLimitEntry)
 				if entry.start.Load() < cutoff {
 					rl.entries.Delete(key)
 				}