fix: warn on disabled TLS and cap response body size (#4 #7)

[Liohtml]

Summary

Two HTTP-client hardening fixes:

• [repo-monitor] High: TLS certificate verification can be disabled with no warning #4 (High) — TLS verification could be silently disabled: verify_ssl(false) passed danger_accept_invalid_certs(true) to reqwest with no visible signal. Added a log::warn! on Fetcher::new so disabling TLS verification surfaces in logs.
• [repo-monitor] Medium: Unbounded response body read — OOM risk on large HTTP responses #7 (Medium) — unbounded response body read: resp.text().await pulled the entire body into memory with no cap, so a hostile or misconfigured server could trigger OOM. Added FetcherConfig.max_body_bytes (default 50 MiB) plus a corresponding builder method. The client now (a) rejects when the advertised Content-Length exceeds the cap, and (b) streams chunks with a running size check so servers that lie about or omit Content-Length still cannot exhaust memory.

Test plan

• 2 new tests covering the default cap and the builder override
• cargo test — full suite green
• cargo clippy --all-targets -- -D warnings clean
• cargo fmt --check clean

Closes #4
Closes #7

---

Generated by Claude Code

Summary by CodeRabbit

• New Features

  • Added configurable HTTP response body size limit (default: 50 MiB) to prevent excessive memory usage from large responses.

• Bug Fixes

  • Added warning when SSL certificate verification is disabled.
  • Improved response body handling to enforce maximum size constraints.

• Tests

  • Added unit tests for response body size limit configuration and defaults.

[coderabbitai]

Warning

Review limit reached

@Liohtml, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 12 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 4b6d580d-4dcc-41aa-b104-4d3fa5915160

📥 Commits

Reviewing files that changed from the base of the PR and between 6b086e7 and 148e74d.

📒 Files selected for processing (1)

• src/fetchers/client.rs

📝 Walkthrough

Walkthrough

The PR adds HTTP response body size limiting to prevent excessive memory usage. A new max_body_bytes configuration field (default 50 MiB) is added to FetcherConfig with a builder method. The client implementation replaces simple resp.text() calls with chunked streaming that enforces the size cap, checking Content-Length upfront and accumulating bytes with overflow detection. Tests verify the configuration.

Changes

HTTP response body size limiting

Layer / File(s)	Summary
Configuration contract src/fetchers/config.rs	FetcherConfig struct gains max_body_bytes: usize field (50 MiB default), and FetcherConfigBuilder gains .max_body_bytes(bytes) method for customization.
Client-side body size enforcement src/fetchers/client.rs	HTTP client enforces the size limit via Content-Length preflight check and chunked streaming with accumulation; response binding made mutable; SSL verification warning added to constructor.
Configuration tests tests/fetchers_config.rs	Unit tests validate default value and builder override for max_body_bytes.

🎯 2 (Simple) | ⏱️ ~12 minutes

🐰 A body size cap so bodies don't grow too wide,
Fifty megs by default, a cautious guard with pride,
Chunks stream and accumulate with careful care,
Memory stays in check, no bloat anywhere!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the two main changes: adding a warning when TLS is disabled and implementing a cap on response body size. Both changes are substantive parts of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/http-client-hardening

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/fetchers/client.rs`:
- Around line 197-213: The chunk-reading loop must handle chunk read errors and
avoid unchecked size arithmetic: replace the while-let with a match on
resp.chunk().await so any Err(e) immediately returns
Err(FetcherError::RequestFailed(format!("chunk read error: {}", e))); when
checking Content-Length convert safely via
usize::try_from(resp.content_length().unwrap()) (or return an error if
conversion fails) instead of casting with as; and when accumulating use
checked_add (e.g. bytes.len().checked_add(chunk.len())) to detect overflow—if
checked_add yields None or the sum > max_body, stop reading and return
Err(FetcherError::RequestFailed(format!("response body too large: {} (max {})",
sum_or_estimate, max_body))); ensure you never push chunk into bytes after
detecting overflow or on chunk read error.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d5acaecc-23cc-4d82-9705-72e05ae42e1a

📥 Commits

Reviewing files that changed from the base of the PR and between 805f55b and 6b086e7.

📒 Files selected for processing (3)

• src/fetchers/client.rs
• src/fetchers/config.rs
• tests/fetchers_config.rs