egutierrez
e7bdcc978c
Ports the auditor's TestAudit_DoSBodyLimitNoAuth: an unsigned oversized POST to /blobs is now rejected 413 without the resident set spiking (measured via /proc/self/status, delta bounded to <96 MiB vs the attack's 400 MB+). Covers both a truthful over-ceiling Content-Length (rejected pre-read) and a chunked unknown-length sender (MaxBytesReader caps the read). Plus golden (normal blob stored), boundary (exactly at the ceiling accepted), the 1 MiB control-plane ceiling, and the per-IP rate limit (flood -> 429, distinct IPs not throttled). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>