Add SSL verification and response size limits to discovery service

- Enable SSL certificate verification (verify=True) for all HTTP requests - Implement streaming with size limits (10MB default) to prevent memory exhaustion - Add _read_response_with_limit() helper for secure response reading - Update all test mocks to support streaming API with iter_content() - Fix test assertions to expect new security parameters - Enforce deterministic rounding in progress mapper tests Security improvements: - Prevents MITM attacks through SSL verification - Guards against DoS via oversized responses - Ensures proper resource cleanup with response.close() 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-30 21:49:30 -05:00 · 2025-10-14 22:31:19 +02:00
parent d696918ff0
commit 968e5b73fe
4 changed files with 288 additions and 129 deletions
--- a/python/tests/progress_tracking/test_progress_mapper.py
+++ b/python/tests/progress_tracking/test_progress_mapper.py
@@ -265,10 +265,10 @@ class TestProgressMapper:
        # Code extraction (longest phase)
        assert mapper.map_progress("code_extraction", 0) == 40
        progress_25 = mapper.map_progress("code_extraction", 25)
-        assert progress_25 in [52, 53]  # 40 + (25% of 50) = 52.5, could round to 52 or 53
+        assert progress_25 in [52, 53]  # 40 + (25% of 50) = 52.5, banker's rounding rounds to 52 (even)
        assert mapper.map_progress("code_extraction", 50) == 65  # 40 + (50% of 50) = 65
        progress_75 = mapper.map_progress("code_extraction", 75)
-        assert progress_75 in [77, 78]  # 40 + (75% of 50) = 77.5, could round to 77 or 78
+        assert progress_75 == 78  # 40 + (75% of 50) = 77.5 -> 78 (rounds to even per banker's rounding)
        assert mapper.map_progress("code_extraction", 100) == 90

        # Finalization