Skip to content

security

Douwe de Vries edited this page Jul 1, 2026 · 1 revision

Security

Load Rift runs local load tests from user-provided collections, so the main security concerns are token handling, generated artifacts, file access, and release integrity.

Trust boundaries

Boundary Source Notes
Tauri commands src-tauri/src/commands/ Frontend can invoke registered commands only
File selection src/lib/tauri/dialog.ts Collection import and report export are user-driven
k6 child process src-tauri/src/k6/process/runtime.rs Generated scripts execute against user-configured targets
Temp artifacts src-tauri/src/k6/process/runtime.rs Private by default, optional debug preservation
Release assets .github/workflows/release.yml, scripts/install-apt-repo.sh Signing and checksum checks protect distribution

Token and data handling

Auth tokens can come from the runner form, runtime variables, or a pasted cURL command. src/app/hooks/useCurlImport.ts clears the pasted command after extracting base URL or bearer token. src/app/persistence.ts persists non-secret runner preferences but does not persist auth token, base URL, advanced JSON, or variable overrides.

Artifact handling

The k6 runtime writes script.js, summary.json, and metrics.json into private temp directories. On Unix, directories are set to 0700 and files to 0600 in src-tauri/src/k6/process/runtime.rs. LOADRIFT_PRESERVE_K6_ARTIFACTS=true keeps artifacts for debugging, but preserved files may contain request URLs, headers, bodies, and tokens.

Tauri security settings

src-tauri/tauri.conf.json sets a restrictive production CSP and a dev CSP for local Vite. src-tauri/capabilities/default.json grants core defaults plus dialog open/save for the main window.

Release integrity

The APT installer in scripts/install-apt-repo.sh verifies a signed checksum and pinned signer fingerprint before installing repository configuration. .github/workflows/release.yml validates signing secrets and fingerprints before publishing signed artifacts.

For runtime debugging flags, see Debugging.

Clone this wiki locally