diff --git a/cmd/frpc/sub/root.go b/cmd/frpc/sub/root.go
index b599d46c..bf1eb3b0 100644
--- a/cmd/frpc/sub/root.go
+++ b/cmd/frpc/sub/root.go
@@ -224,6 +224,7 @@ func runClientWithToken(token string, unsafeFeatures *security.UnsafeFeatures) e
 	}
 
 	// Fetch config from API
+	// #nosec G107 -- URL is constructed from trusted source (environment variable or hardcoded)
 	url := fmt.Sprintf("%s/api/v1/tunnel/frpc/config/%s", apiServer, token)
 	resp, err := http.Get(url)
 	if err != nil {
diff --git a/pkg/nathole/controller.go b/pkg/nathole/controller.go
index c08c81c9..a1411317 100644
--- a/pkg/nathole/controller.go
+++ b/pkg/nathole/controller.go
@@ -220,7 +220,7 @@ func (c *Controller) HandleVisitor(m *msg.NatHoleVisitor, transporter transport.
 	// Make hole-punching decisions based on the NAT information of the client and visitor.
 	vResp, cResp, err := c.analysis(session)
 	if err != nil {
-		log.Debugf("sid [%s] analysis error: %v", err)
+		log.Debugf("sid [%s] analysis error: %v", sid, err)
 		vResp = c.GenNatHoleResponse(session.visitorMsg.TransactionID, nil, err.Error())
 		cResp = c.GenNatHoleResponse(session.clientMsg.TransactionID, nil, err.Error())
 	}
diff --git a/pkg/util/log/log.go b/pkg/util/log/log.go
index 6c6c36b5..61a9f4d6 100644
--- a/pkg/util/log/log.go
+++ b/pkg/util/log/log.go
@@ -111,7 +111,7 @@ type RotateFileWriter struct {
 
 func (w *RotateFileWriter) openFile() error {
 	var err error
-	w.file, err = os.OpenFile(w.filePath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+	w.file, err = os.OpenFile(w.filePath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
 	return err
 }
 
@@ -129,7 +129,9 @@ func (w *RotateFileWriter) checkRotate() error {
 		oldPath := w.filePath
 		newPath := w.filePath + "." + w.currentDate
 		if _, err := os.Stat(oldPath); err == nil {
-			os.Rename(oldPath, newPath)
+			if err := os.Rename(oldPath, newPath); err != nil {
+				return err
+			}
 		}
 
 		// Clean up old log files