fix lint issues in url agent source

dgageot · dgageot · commit e36e54ba1dab · 2026-04-30T11:05:01.000+02:00
- combine consecutive string params in ssrfDialControl (gocritic paramTypeCombine)

- rename local 'url' that shadowed the imported net/url package (gocritic importShadow)

- align table-driven test comments per gofmt/gci

Assisted-By: docker-agent
diff --git a/pkg/config/sources.go b/pkg/config/sources.go
@@ -429,7 +429,7 @@ func ssrfCheckRedirect(req *http.Request, via []*http.Request) error {
 // ssrfDialControl is invoked by net.Dialer after DNS resolution but before the
 // TCP handshake. It rejects addresses that are not safe to fetch from over
 // the public internet.
-func ssrfDialControl(_ string, address string, _ syscall.RawConn) error {
+func ssrfDialControl(_, address string, _ syscall.RawConn) error {
 	host, _, err := net.SplitHostPort(address)
 	if err != nil {
 		return fmt.Errorf("parsing dial address %q: %w", address, err)
diff --git a/pkg/config/sources_test.go b/pkg/config/sources_test.go
@@ -329,12 +329,12 @@ func TestURLSource_Read_RejectsLocalAddresses(t *testing.T) {
 	// though the TLS handshake will never complete, because the dial is
 	// aborted before any bytes are sent.
 	tests := []string{
-		"https://127.0.0.1/agent.yaml",            // loopback
-		"https://[::1]/agent.yaml",                // IPv6 loopback
-		"https://10.0.0.1/agent.yaml",             // RFC1918
-		"https://192.168.1.1/agent.yaml",          // RFC1918
-		"https://169.254.169.254/agent.yaml",      // AWS/GCP/Azure metadata
-		"https://0.0.0.0/agent.yaml",              // unspecified
+		"https://127.0.0.1/agent.yaml",       // loopback
+		"https://[::1]/agent.yaml",           // IPv6 loopback
+		"https://10.0.0.1/agent.yaml",        // RFC1918
+		"https://192.168.1.1/agent.yaml",     // RFC1918
+		"https://169.254.169.254/agent.yaml", // AWS/GCP/Azure metadata
+		"https://0.0.0.0/agent.yaml",         // unspecified
 	}
 	for _, rawURL := range tests {
 		t.Run(rawURL, func(t *testing.T) {
@@ -396,7 +396,7 @@ func TestSSRFCheckRedirect(t *testing.T) {
 	tests := []struct {
 		name    string
 		target  string
-		via     int // length of the via slice
+		via     int    // length of the via slice
 		wantErr string // empty means no error
 	}{
 		{"https redirect allowed", "https://example.com/agent.yaml", 1, ""},
@@ -441,13 +441,13 @@ func TestURLSource_Read_RejectsHTTPRedirect(t *testing.T) {
 	// and assert that the production fetch path errors out for an https
 	// origin pointing at a non-trusted CA. Either way, the request must
 	// not silently follow to http://.
-	url := httpsSrv.URL + "/agent.yaml"
+	agentURL := httpsSrv.URL + "/agent.yaml"
 	urlCacheDir := getURLCacheDir()
-	urlHash := hashURL(url)
+	urlHash := hashURL(agentURL)
 	_ = os.Remove(filepath.Join(urlCacheDir, urlHash))
 	_ = os.Remove(filepath.Join(urlCacheDir, urlHash+".etag"))
 
-	_, err := NewURLSource(url, nil).Read(t.Context())
+	_, err := NewURLSource(agentURL, nil).Read(t.Context())
 	require.Error(t, err)
 }
 
