Mike/ShieldAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FRE-4807: Remediate security review Medium findings

Browse Source 
- Add SHA256 verification for k6 binary download (supply chain integrity)
- Remove literal 'test-token' fallback for API_TOKEN in CI workflow;
  add validation step that fails if LOAD_TEST_API_TOKEN secret is missing
- Replace 'test-token' fallback with empty string + warning in run-all.sh
- Replace 'test-token' fallback with empty string in all 4 service scripts
This commit is contained in:
Michael Freno
2026-05-13 13:39:57 -04:00
parent 6c4d0b91ca
commit 81173d7ab5
6 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/load-test/run-all.sh
View File

@@ -16,7 +16,10 @@ mkdir -p "$REPORT_DIR"
BASE_URL="${LOAD_TEST_BASE_URL:-http://localhost:3000}"
TARGET_RPS="${TARGET_RPS:-500}"
DURATION="${DURATION:-300s}"
API_TOKEN="${API_TOKEN:-test-token}"
API_TOKEN="${API_TOKEN:-}"
if [[ -z "$API_TOKEN" ]]; then
echo "⚠️ API_TOKEN not set (load tests will run without auth)"
fi
echo "=== ShieldAI Combined Load Test ==="
echo "Timestamp: $TIMESTAMP"