You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: services/shieldx-sandbox/autoheal/main.go exposes /autoheal/incident without any authentication or rate limiting. An external actor can fabricate incidents that trigger MeshController to launch replacement VMs via triggerRecovery, leading to resource exhaustion or unauthorized infrastructure changes.
Location: services/shieldx-sandbox/autoheal/main.go (handler registration) and shared/shieldx-common/core/autoheal/mesh_controller.go (HandleIncident/triggerRecovery).
Recommendation: Require strong auth (JWT/mTLS + RBAC) for incident submission, validate node identifiers, enforce quotas, and ensure recovery workflows verify origin before provisioning resources.
Done when: Unauthorized requests get 401/403, abuse tests cannot spawn incidents, and audit logs capture authenticated operators only.
