chore: add gosec to audit code security

32024ba8 · MengxinLiu · oilbeater · 1db9046d · 32024ba8 · 32024ba8
Commit 32024ba8 authored 5 years ago by MengxinLiu Committed by oilbeater 5 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 139 additions and 63 deletions
+139 -63
--- a/.github/workflows/build-arm64-image.yaml
+++ b/.github/workflows/build-arm64-image.yaml
@@ -22,7 +22,9 @@ jobs:
      - name: Docker Buildx
        uses: crazy-max/ghaction-docker-buildx@v1.4.0
      - name: Build
-        run: make release-arm
+        run: |
+          go get -u github.com/securego/gosec/cmd/gosec
+          make release-arm
      - name: Push
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}

--- a/.github/workflows/build-x86-image.yaml
+++ b/.github/workflows/build-x86-image.yaml
@@ -39,7 +39,9 @@ jobs:
          make ut

      - name: Build
-        run: make release
+        run: |
+          go get -u github.com/securego/gosec/cmd/gosec
+          make release

      - name: Init Kind
        run: |

--- a/Makefile
+++ b/Makefile
@@ -47,6 +47,7 @@ lint:
 	@gofmt -d ${GOFILES_NOVENDOR} 
 	@gofmt -l ${GOFILES_NOVENDOR} | read && echo "Code differs from gofmt's style" 1>&2 && exit 1 || true
 	@GOOS=linux go vet ./...
+	@GOOS=linux gosec -exclude=G204 ./...

 build-bin:
 	docker run --rm -e GOOS=linux -e GOCACHE=/tmp -e GOARCH=${ARCH} -e GOPROXY=https://goproxy.cn \

--- a/cmd/controller/controller.go
+++ b/cmd/controller/controller.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" // #nosec
 	"os"
 	"time"

@@ -28,7 +28,7 @@ func main() {
 	go loopOvnNbctlDaemon(config)
 	go func() {
 		http.Handle("/metrics", promhttp.Handler())
-		klog.Fatal(http.ListenAndServe(fmt.Sprintf("0.0.0.0:%d", config.PprofPort), nil))
+		klog.Fatal(http.ListenAndServe(fmt.Sprintf("localhost:%d", config.PprofPort), nil))
 	}()

 	ctl := controller.NewController(config)
@@ -41,14 +41,18 @@ func loopOvnNbctlDaemon(config *controller.Configuration) {
 		time.Sleep(5 * time.Second)

 		if _, err := os.Stat(daemonSocket); os.IsNotExist(err) || daemonSocket == "" {
-			ovs.StartOvnNbctlDaemon(config.OvnNbHost, config.OvnNbPort)
+			if err := ovs.StartOvnNbctlDaemon(config.OvnNbHost, config.OvnNbPort); err != nil {
+				klog.Errorf("failed to start ovn-nbctl daemon %v", err)
+			}
 		}

 		// ovn-nbctl daemon may hang and cannot precess further request.
 		// In case of that, we need to start a new daemon.
 		if err := ovs.CheckAlive(); err != nil {
 			klog.Warningf("ovn-nbctl daemon doesn't return, start a new daemon")
-			ovs.StartOvnNbctlDaemon(config.OvnNbHost, config.OvnNbPort)
+			if err := ovs.StartOvnNbctlDaemon(config.OvnNbHost, config.OvnNbPort); err != nil {
+				klog.Errorf("failed to start ovn-nbctl daemon %v", err)
+			}
 		}
 	}
 }
--- a/cmd/daemon/cniserver.go
+++ b/cmd/daemon/cniserver.go
@@ -5,7 +5,7 @@ import (
 	"github.com/alauda/kube-ovn/pkg/util"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" // #nosec

 	kubeovninformer "github.com/alauda/kube-ovn/pkg/client/informers/externalversions"
 	"github.com/alauda/kube-ovn/pkg/daemon"

--- a/cmd/webhook/server.go
+++ b/cmd/webhook/server.go
@@ -2,7 +2,7 @@ package main

 import (
 	"flag"
-	_ "net/http/pprof"
+	_ "net/http/pprof" // #nosec
 	"os"
 	"time"

@@ -28,9 +28,15 @@ var (
 )

 func init() {
-	corev1.AddToScheme(scheme)
-	appsv1.AddToScheme(scheme)
-	ovnv1.AddToScheme(scheme)
+	if err := corev1.AddToScheme(scheme); err != nil {
+		klog.Fatalf("failed to add scheme, %v", err)
+	}
+	if err := appsv1.AddToScheme(scheme); err != nil {
+		klog.Fatalf("failed to add scheme, %v", err)
+	}
+	if err := ovnv1.AddToScheme(scheme); err != nil {
+		klog.Fatalf("failed to add scheme, %v", err)
+	}
 }

 func main() {
@@ -99,12 +105,16 @@ func loopOvnNbctlDaemon(ovnNbHost string, ovnNbPort int) {
 		time.Sleep(5 * time.Second)

 		if _, err := os.Stat(daemonSocket); os.IsNotExist(err) || daemonSocket == "" {
-			ovs.StartOvnNbctlDaemon(ovnNbHost, ovnNbPort)
+			if err := ovs.StartOvnNbctlDaemon(ovnNbHost, ovnNbPort); err != nil {
+				klog.Errorf("failed to start ovn-nbctl daemon, %v", err)
+			}
 		}

 		if err := ovs.CheckAlive(); err != nil {
 			klog.Warningf("ovn-nbctl daemon doesn't return, start a new daemon")
-			ovs.StartOvnNbctlDaemon(ovnNbHost, ovnNbPort)
+			if err := ovs.StartOvnNbctlDaemon(ovnNbHost, ovnNbPort); err != nil {
+				klog.Errorf("failed to start ovn-nbctl daemon, %v", err)
+			}
 		}
 	}
 }
--- a/pkg/controller/config.go
+++ b/pkg/controller/config.go
@@ -89,8 +89,6 @@ func ParseFlags() (*Configuration, error) {
 		argsDefaultVlanRange     = pflag.String("default-vlan-range", "1,4095", "The default vlan range, default: 1-4095")
 	)

-	flag.Set("alsologtostderr", "true")
-
 	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
 	klog.InitFlags(klogFlags)

@@ -99,7 +97,9 @@ func ParseFlags() (*Configuration, error) {
 		f2 := klogFlags.Lookup(f1.Name)
 		if f2 != nil {
 			value := f1.Value.String()
-			f2.Value.Set(value)
+			if err := f2.Value.Set(value); err != nil {
+				klog.Fatalf("failed to set flag, %v", err)
+			}
 		}
 	})


--- a/pkg/controller/network_policy.go
+++ b/pkg/controller/network_policy.go
@@ -470,14 +470,14 @@ func (c *Controller) podMatchNetworkPolicies(pod *corev1.Pod) []string {
 	nps, _ := c.npsLister.NetworkPolicies(corev1.NamespaceAll).List(labels.Everything())
 	match := []string{}
 	for _, np := range nps {
-		if isPodMatchNetworkPolicy(pod, podNs, np, np.Namespace) {
+		if isPodMatchNetworkPolicy(pod, *podNs, np, np.Namespace) {
 			match = append(match, fmt.Sprintf("%s/%s", np.Namespace, np.Name))
 		}
 	}
 	return match
 }

-func isPodMatchNetworkPolicy(pod *corev1.Pod, podNs *corev1.Namespace, policy *netv1.NetworkPolicy, policyNs string) bool {
+func isPodMatchNetworkPolicy(pod *corev1.Pod, podNs corev1.Namespace, policy *netv1.NetworkPolicy, policyNs string) bool {
 	sel, _ := metav1.LabelSelectorAsSelector(&policy.Spec.PodSelector)
 	if pod.Labels == nil {
 		pod.Labels = map[string]string{}
@@ -487,14 +487,14 @@ func isPodMatchNetworkPolicy(pod *corev1.Pod, podNs *corev1.Namespace, policy *n
 	}
 	for _, npr := range policy.Spec.Ingress {
 		for _, npp := range npr.From {
-			if isPodMatchPolicyPeer(pod, podNs, &npp, policyNs) {
+			if isPodMatchPolicyPeer(pod, podNs, npp, policyNs) {
 				return true
 			}
 		}
 	}
 	for _, npr := range policy.Spec.Egress {
 		for _, npp := range npr.To {
-			if isPodMatchPolicyPeer(pod, podNs, &npp, policyNs) {
+			if isPodMatchPolicyPeer(pod, podNs, npp, policyNs) {
 				return true
 			}
 		}
@@ -502,7 +502,7 @@ func isPodMatchNetworkPolicy(pod *corev1.Pod, podNs *corev1.Namespace, policy *n
 	return false
 }

-func isPodMatchPolicyPeer(pod *corev1.Pod, podNs *corev1.Namespace, policyPeer *netv1.NetworkPolicyPeer, policyNs string) bool {
+func isPodMatchPolicyPeer(pod *corev1.Pod, podNs corev1.Namespace, policyPeer netv1.NetworkPolicyPeer, policyNs string) bool {
 	if policyPeer.IPBlock != nil {
 		return false
 	}

--- a/pkg/controller/pod.go
+++ b/pkg/controller/pod.go
@@ -128,7 +128,12 @@ func (c *Controller) enqueueDeletePod(obj interface{}) {
 		// down scale statefulset
 		numIndex := len(strings.Split(p.Name, "-")) - 1
 		numStr := strings.Split(p.Name, "-")[numIndex]
-		index, _ := strconv.Atoi(numStr)
+		index, err := strconv.ParseInt(numStr, 10, 0)
+		if err != nil {
+			klog.Errorf("failed to parse %s to int", numStr)
+			return
+		}
+
 		if int32(index) >= *ss.Spec.Replicas {
 			c.deletePodQueue.Add(key)
 			return

--- a/pkg/daemon/config.go
+++ b/pkg/daemon/config.go
@@ -67,7 +67,6 @@ func ParseFlags() (*Configuration, error) {
 	// mute info log for ipset lib
 	logrus.SetLevel(logrus.WarnLevel)

-	flag.Set("alsologtostderr", "true")
 	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
 	klog.InitFlags(klogFlags)

@@ -76,7 +75,9 @@ func ParseFlags() (*Configuration, error) {
 		f2 := klogFlags.Lookup(f1.Name)
 		if f2 != nil {
 			value := f1.Value.String()
-			f2.Value.Set(value)
+			if err := f2.Value.Set(value); err != nil {
+				klog.Fatalf("failed to set flag, %v", err)
+			}
 		}
 	})


--- a/pkg/daemon/handler.go
+++ b/pkg/daemon/handler.go
@@ -35,7 +35,9 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
 	if err := req.ReadEntity(&podRequest); err != nil {
 		errMsg := fmt.Errorf("parse add request failed %v", err)
 		klog.Error(errMsg)
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, request.CniResponse{Err: errMsg.Error()})
+		if err := resp.WriteHeaderAndEntity(http.StatusBadRequest, request.CniResponse{Err: errMsg.Error()}); err != nil {
+			klog.Errorf("failed to write response, %v", err)
+		}
 		return
 	}

@@ -48,7 +50,9 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
 		if err != nil {
 			errMsg := fmt.Errorf("get pod %s/%s failed %v", podRequest.PodNamespace, podRequest.PodName, err)
 			klog.Error(errMsg)
-			resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()})
+			if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
+				klog.Errorf("failed to write response, %v", err)
+			}
 			return
 		}
 		if pod.Annotations[fmt.Sprintf(util.AllocatedAnnotationTemplate, podRequest.Provider)] != "true" {
@@ -79,12 +83,16 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
 	if pod.Annotations[fmt.Sprintf(util.AllocatedAnnotationTemplate, podRequest.Provider)] != "true" {
 		err := fmt.Errorf("no address allocated to pod %s/%s, please see kube-ovn-controller logs to find errors", pod.Name, pod.Name)
 		klog.Error(err)
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: err.Error()})
+		if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: err.Error()}); err != nil {
+			klog.Errorf("failed to write response, %v", err)
+		}
 		return
 	}

 	if err := csh.createOrUpdateIPCr(podRequest, subnet, ip, macAddr); err != nil {
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: err.Error()})
+		if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: err.Error()}); err != nil {
+			klog.Errorf("failed to write response, %v", err)
+		}
 		return
 	}

@@ -94,12 +102,16 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
 		if err != nil {
 			errMsg := fmt.Errorf("configure nic failed %v", err)
 			klog.Error(errMsg)
-			resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()})
+			if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
+				klog.Errorf("failed to write response, %v", err)
+			}
 			return
 		}
 	}

-	resp.WriteHeaderAndEntity(http.StatusOK, request.CniResponse{Protocol: util.CheckProtocol(ipAddr), IpAddress: strings.Split(ipAddr, "/")[0], MacAddress: macAddr, CIDR: cidr, Gateway: gw})
+	if err := resp.WriteHeaderAndEntity(http.StatusOK, request.CniResponse{Protocol: util.CheckProtocol(ipAddr), IpAddress: strings.Split(ipAddr, "/")[0], MacAddress: macAddr, CIDR: cidr, Gateway: gw}); err != nil {
+		klog.Errorf("failed to write response, %v", err)
+	}
 }

 func (csh cniServerHandler) createOrUpdateIPCr(podRequest request.CniRequest, subnet, ip, macAddr string) error {
@@ -155,7 +167,9 @@ func (csh cniServerHandler) handleDel(req *restful.Request, resp *restful.Respon
 	if err != nil {
 		errMsg := fmt.Errorf("parse del request failed %v", err)
 		klog.Error(errMsg)
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, request.CniResponse{Err: errMsg.Error()})
+		if err := resp.WriteHeaderAndEntity(http.StatusBadRequest, request.CniResponse{Err: errMsg.Error()}); err != nil {
+			klog.Errorf("failed to write response, %v", err)
+		}
 		return
 	}

@@ -165,7 +179,9 @@ func (csh cniServerHandler) handleDel(req *restful.Request, resp *restful.Respon
 		if err != nil {
 			errMsg := fmt.Errorf("del nic failed %v", err)
 			klog.Error(errMsg)
-			resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()})
+			if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
+				klog.Errorf("failed to write response, %v", err)
+			}
 			return
 		}
 	}
@@ -174,7 +190,9 @@ func (csh cniServerHandler) handleDel(req *restful.Request, resp *restful.Respon
 	if err != nil && !k8serrors.IsNotFound(err) {
 		errMsg := fmt.Errorf("del ipcrd for %s failed %v", fmt.Sprintf("%s.%s", podRequest.PodName, podRequest.PodNamespace), err)
 		klog.Error(errMsg)
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()})
+		if err := resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
+			klog.Errorf("failed to write response, %v", err)
+		}
 		return
 	}


--- a/pkg/daemon/ovs.go
+++ b/pkg/daemon/ovs.go
@@ -27,7 +27,9 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, netns, container
 	defer func() {
 		// Remove veth link in case any error during creating pod network.
 		if err != nil {
-			netlink.LinkDel(&veth)
+			if err := netlink.LinkDel(&veth); err != nil {
+				klog.Errorf("failed to delete veth, %v", err)
+			}
 		}
 	}()
 	if err = netlink.LinkAdd(&veth); err != nil {

--- a/pkg/ovs/ovn-nbctl.go
+++ b/pkg/ovs/ovn-nbctl.go
@@ -628,7 +628,7 @@ func (c Client) SetAddressesToAddressSet(addresses []string, as string) error {
 }

 // StartOvnNbctlDaemon start a daemon and set OVN_NB_DAEMON env
-func StartOvnNbctlDaemon(nbHost string, nbPort int) (string, error) {
+func StartOvnNbctlDaemon(nbHost string, nbPort int) error {
 	klog.Infof("start ovn-nbctl daemon")
 	output, err := exec.Command(
 		"pkill",
@@ -637,7 +637,7 @@ func StartOvnNbctlDaemon(nbHost string, nbPort int) (string, error) {
 	).CombinedOutput()
 	if err != nil {
 		klog.Errorf("failed to kill old ovn-nbctl daemon: %q", output)
-		return "", err
+		return err
 	}

 	output, err = exec.Command(
@@ -649,12 +649,15 @@ func StartOvnNbctlDaemon(nbHost string, nbPort int) (string, error) {
 	).CombinedOutput()
 	if err != nil {
 		klog.Errorf("start ovn-nbctl daemon failed, %q", output)
-		return "", err
+		return err
 	}

 	daemonSocket := strings.TrimSpace(string(output))
-	os.Setenv("OVN_NB_DAEMON", daemonSocket)
-	return daemonSocket, nil
+	if err := os.Setenv("OVN_NB_DAEMON", daemonSocket); err != nil {
+		klog.Errorf("failed to set env OVN_NB_DAEMON, %v", err)
+		return err
+	}
+	return nil
 }

 // CheckAlive check if kube-ovn-controller can access ovn-nb from nbctl-daemon

--- a/pkg/pinger/config.go
+++ b/pkg/pinger/config.go
@@ -49,7 +49,9 @@ func ParseFlags() (*Configuration, error) {
 		f2 := klogFlags.Lookup(f1.Name)
 		if f2 != nil {
 			value := f1.Value.String()
-			f2.Value.Set(value)
+			if err := f2.Value.Set(value); err != nil {
+				klog.Fatalf("failed to set flag %v", err)
+			}
 		}
 	})


--- a/pkg/speaker/config.go
+++ b/pkg/speaker/config.go
@@ -43,7 +43,9 @@ func ParseFlags() (*Configuration, error) {
 		argKubeConfigFile  = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.")
 	)

-	flag.Set("alsologtostderr", "true")
+	if err := flag.Set("alsologtostderr", "true"); err != nil {
+		klog.Fatalf("failed to set flag, %v", err)
+	}
 	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
 	klog.InitFlags(klogFlags)

@@ -52,7 +54,9 @@ func ParseFlags() (*Configuration, error) {
 		f2 := klogFlags.Lookup(f1.Name)
 		if f2 != nil {
 			value := f1.Value.String()
-			f2.Value.Set(value)
+			if err := f2.Value.Set(value); err != nil {
+				klog.Fatalf("failed to set flag, %v", err)
+			}
 		}
 	})


--- a/pkg/speaker/pod.go
+++ b/pkg/speaker/pod.go
@@ -244,9 +244,11 @@ func (c *Controller) handleDeletePod(key string) error {
 			attrInterfaces, _ := apiutil.UnmarshalPathAttributes(path.Pattrs)
 			nextHop := getNextHopFromPathAttributes(attrInterfaces)
 			if nextHop.String() == host {
-				c.config.BgpServer.DeletePath(context.Background(), &api.DeletePathRequest{
+				if err := c.config.BgpServer.DeletePath(context.Background(), &api.DeletePathRequest{
 					Path: path,
-				})
+				}); err != nil {
+					klog.Errorf("failed to delete path %s, %v", path, err)
+				}
 			}
 		}
 	}

--- a/pkg/webhook/static_ip.go
+++ b/pkg/webhook/static_ip.go
@@ -84,7 +84,7 @@ func (v *ValidatingHook) PodCreateHook(ctx context.Context, req admission.Reques
 	}
 	// Get logical switch name
 	lsName := v.opt.DefaultLS
-	var subnet *ovnv1.Subnet
+	var subnet ovnv1.Subnet
 	subnetList := &ovnv1.SubnetList{}
 	err := v.cache.List(ctx, subnetList)
 	if err != nil {
@@ -94,7 +94,7 @@ func (v *ValidatingHook) PodCreateHook(ctx context.Context, req admission.Reques
 		for _, ns := range s.Spec.Namespaces {
 			if ns == o.GetNamespace() {
 				lsName = s.Name
-				subnet = &s
+				subnet = s
 				break
 			}
 		}
@@ -283,7 +283,7 @@ func (v *ValidatingHook) podControllerCreate(ctx context.Context, staticIPSAnno,
 	// Get logical switch name
 	lsName := v.opt.DefaultLS
 	subnetList := &ovnv1.SubnetList{}
-	var subnet *ovnv1.Subnet
+	var subnet ovnv1.Subnet
 	err := v.cache.List(ctx, subnetList)
 	if err != nil {
 		return ctrlwebhook.Errored(http.StatusBadRequest, err)
@@ -292,7 +292,7 @@ func (v *ValidatingHook) podControllerCreate(ctx context.Context, staticIPSAnno,
 		for _, ns := range s.Spec.Namespaces {
 			if ns == namespace {
 				lsName = s.Name
-				subnet = &s
+				subnet = s
 				break
 			}
 		}
@@ -363,7 +363,7 @@ func (v *ValidatingHook) podControllerUpdate(ctx context.Context, oldStaticIPSAn
 	}
 	// Get logical switch name
 	lsName := v.opt.DefaultLS
-	var subnet *ovnv1.Subnet
+	var subnet ovnv1.Subnet
 	subnetList := &ovnv1.SubnetList{}
 	err := v.cache.List(ctx, subnetList)
 	if err != nil {
@@ -373,7 +373,7 @@ func (v *ValidatingHook) podControllerUpdate(ctx context.Context, oldStaticIPSAn
 		for _, ns := range s.Spec.Namespaces {
 			if ns == namespace {
 				lsName = s.Name
-				subnet = &s
+				subnet = s
 				break
 			}
 		}

--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@@ -86,7 +86,7 @@ func (f *Framework) WaitPodReady(pod, namespace string) error {
 			return nil
 		}

-		switch getPodStatus(p) {
+		switch getPodStatus(*p) {
 		case Completed:
 			return fmt.Errorf("pod already completed")
 		case Running:
@@ -118,7 +118,7 @@ func (f *Framework) WaitDeploymentReady(deployment, namespace string) error {

 		ready := true
 		for _, pod := range pods.Items {
-			switch getPodStatus(&pod) {
+			switch getPodStatus(pod) {
 			case Completed:
 				return fmt.Errorf("pod already completed")
 			case Running:
@@ -155,7 +155,7 @@ func (f *Framework) WaitStatefulsetReady(statefulset, namespace string) error {

 		ready := true
 		for _, pod := range pods.Items {
-			switch getPodStatus(&pod) {
+			switch getPodStatus(pod) {
 			case Completed:
 				return fmt.Errorf("pod already completed")
 			case Running:
@@ -224,7 +224,7 @@ const (
 	Initing           = "Initing"
 )

-func getPodContainerStatus(pod *corev1.Pod, reason string) string {
+func getPodContainerStatus(pod corev1.Pod, reason string) string {
 	for i := len(pod.Status.ContainerStatuses) - 1; i >= 0; i-- {
 		container := pod.Status.ContainerStatuses[i]

@@ -243,7 +243,7 @@ func getPodContainerStatus(pod *corev1.Pod, reason string) string {
 	return reason
 }

-func getPodStatus(pod *corev1.Pod) string {
+func getPodStatus(pod corev1.Pod) string {
 	reason := string(pod.Status.Phase)
 	if pod.Status.Reason != "" {
 		reason = pod.Status.Reason
@@ -261,7 +261,7 @@ func getPodStatus(pod *corev1.Pod) string {
 	return reason
 }

-func getPodInitStatus(pod *corev1.Pod, reason string) (bool, string) {
+func getPodInitStatus(pod corev1.Pod, reason string) (bool, string) {
 	initializing := false
 	for i := range pod.Status.InitContainerStatuses {
 		container := pod.Status.InitContainerStatuses[i]

--- a/test/e2e/ip/static_ip.go
+++ b/test/e2e/ip/static_ip.go
@@ -35,7 +35,7 @@ var _ = Describe("[IP Allocation]", func() {
 					Containers: []corev1.Container{
 						{
 							Name:            name,
-							Image:           "index.alauda.cn/claas/pause:3.1",
+							Image:           "nginx:alpine",
 							ImagePullPolicy: corev1.PullIfNotPresent,
 						},
 					},
@@ -85,7 +85,7 @@ var _ = Describe("[IP Allocation]", func() {
 							Containers: []corev1.Container{
 								{
 									Name:            name,
-									Image:           "index.alauda.cn/claas/pause:3.1",
+									Image:           "nginx:alpine",
 									ImagePullPolicy: corev1.PullIfNotPresent,
 								},
 							},
@@ -138,7 +138,7 @@ var _ = Describe("[IP Allocation]", func() {
 							Containers: []corev1.Container{
 								{
 									Name:            name,
-									Image:           "index.alauda.cn/claas/pause:3.1",
+									Image:           "nginx:alpine",
 									ImagePullPolicy: corev1.PullIfNotPresent,
 								},
 							},

--- a/test/e2e/subnet/normal.go
+++ b/test/e2e/subnet/normal.go
@@ -7,7 +7,9 @@ import (
 	"github.com/alauda/kube-ovn/test/e2e/framework"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog"
 	"os"
 	"time"
 )
@@ -15,12 +17,30 @@ import (
 var _ = Describe("[Subnet]", func() {
 	f := framework.NewFramework("subnet", fmt.Sprintf("%s/.kube/config", os.Getenv("HOME")))
 	BeforeEach(func() {
-		f.OvnClientSet.KubeovnV1().Subnets().Delete(f.GetName(), &metav1.DeleteOptions{})
-		f.KubeClientSet.CoreV1().Namespaces().Delete(f.GetName(), &metav1.DeleteOptions{})
+		if err := f.OvnClientSet.KubeovnV1().Subnets().Delete(f.GetName(), &metav1.DeleteOptions{}); err != nil {
+			if !k8serrors.IsNotFound(err) {
+				klog.Fatalf("failed to delete subnet %s, %v", f.GetName(), err)
+
+			}
+		}
+		if err := f.KubeClientSet.CoreV1().Namespaces().Delete(f.GetName(), &metav1.DeleteOptions{}); err != nil {
+			if !k8serrors.IsNotFound(err) {
+				klog.Fatalf("failed to delete ns %s, %v", f.GetName(), err)
+			}
+		}
 	})
 	AfterEach(func() {
-		f.OvnClientSet.KubeovnV1().Subnets().Delete(f.GetName(), &metav1.DeleteOptions{})
-		f.KubeClientSet.CoreV1().Namespaces().Delete(f.GetName(), &metav1.DeleteOptions{})
+		if err := f.OvnClientSet.KubeovnV1().Subnets().Delete(f.GetName(), &metav1.DeleteOptions{}); err != nil {
+			if !k8serrors.IsNotFound(err) {
+				klog.Fatalf("failed to delete subnet %s, %v", f.GetName(), err)
+
+			}
+		}
+		if err := f.KubeClientSet.CoreV1().Namespaces().Delete(f.GetName(), &metav1.DeleteOptions{}); err != nil {
+			if !k8serrors.IsNotFound(err) {
+				klog.Fatalf("failed to delete ns %s, %v", f.GetName(), err)
+			}
+		}
 	})

 	Describe("Create", func() {