Skip to content

chore(load-tests): document non-security-sensitive Math.random() usages to resolve SonarCloud hotspots#282

Merged
NickLetts2 merged 2 commits into
mainfrom
copilot/review-math-random-usage
May 15, 2026
Merged

chore(load-tests): document non-security-sensitive Math.random() usages to resolve SonarCloud hotspots#282
NickLetts2 merged 2 commits into
mainfrom
copilot/review-math-random-usage

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 15, 2026
edited
Loading

SonarCloud flagged five Math.random() calls (rule javascript:S2245) across four load-test scenarios. All usages are non-security-sensitive — they vary sleep/think-time and weight scenario routing, not secrets or tokens.

Changes

  • 03-concurrent-uploads.js L143 — sleep jitter
  • 06-full-stress.js L90 — weighted scenario routing (40/30/20/10% split)
  • 06-full-stress.js L145 — sleep jitter
  • 08-screening-session.js L333 — think-time jitter
  • 09-soak.js L298 — think-time jitter

Added a two-line comment above each usage, consistent with the pattern already established in 07-admin-journey.js (previously marked SAFE):

// Math.random() is safe here: adds non-cryptographic timing jitter to simulate realistic user think-time.
// Not a security-sensitive use case (no token generation, secret material, or authentication involved).
sleep(2 + Math.random() * 2);

The five SonarCloud hotspots can now be marked SAFE with justification: used only for load-test randomisation; not used for secrets, credentials, tokens, or authorisation decisions.

Copilot AI linked an issue May 15, 2026 that may be closed by this pull request
Security Hotspots: Review Math.random usage in load tests and mark safe where appropriate #273
Closed
5 tasks
Copilot AI changed the title [WIP] Review Math.random usage in load tests and mark safe where appropriate chore(load-tests): document non-security-sensitive Math.random() usages to resolve SonarCloud hotspots May 15, 2026
Copilot AI requested a review from NickLetts2 May 15, 2026 20:09
@NickLetts2 NickLetts2 marked this pull request as ready for review May 15, 2026 20:36
Copilot AI review requested due to automatic review settings May 15, 2026 20:36
@NickLetts2 NickLetts2 merged commit 3e9b8c3 into main May 15, 2026
6 of 7 checks passed
Copilot AI review requested due to automatic review settings May 15, 2026 20:57
NickLetts2 added a commit that referenced this pull request Jun 1, 2026
@NickLetts2
Merge pull request #282 from NickLetts2/copilot/review-math-random-usage
b98e622 
chore(load-tests): document non-security-sensitive Math.random() usages to resolve SonarCloud hotspots
@NickLetts2 NickLetts2 deleted the copilot/review-math-random-usage branch June 2, 2026 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NickLetts2 NickLetts2 Awaiting requested review from NickLetts2

Assignees

@NickLetts2 NickLetts2

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security Hotspots: Review Math.random usage in load tests and mark safe where appropriate

2 participants

@NickLetts2