Skip to main content

ExecutionLimits

Struct ExecutionLimits

pub struct ExecutionLimits {
    pub max_commands: usize,
    pub max_loop_iterations: usize,
    pub max_total_loop_iterations: usize,
    pub max_function_depth: usize,
    pub timeout: Duration,
    pub parser_timeout: Duration,
    pub max_input_bytes: usize,
    pub max_ast_depth: usize,
    pub max_parser_operations: usize,
    pub max_stdout_bytes: usize,
    pub max_stderr_bytes: usize,
    pub capture_final_env: bool,
}

Expand description

Resource limits for script execution

Fields§

§max_commands: usize

Maximum number of commands that can be executed (fuel model) Default: 10,000

§max_loop_iterations: usize

Maximum iterations for a single loop Default: 10,000

§max_total_loop_iterations: usize

Maximum total loop iterations across all loops (nested and sequential). Prevents nested loop multiplication attack (TM-DOS-018). Default: 1,000,000

§max_function_depth: usize

Maximum function call depth (recursion limit) Default: 100

§timeout: Duration

Execution timeout Default: 30 seconds

§parser_timeout: Duration

Parser timeout (separate from execution timeout) Default: 5 seconds This limits how long the parser can spend parsing a script before giving up. Protects against parser hang attacks (V3 in threat model).

§max_input_bytes: usize

Maximum input script size in bytes Default: 10MB (10,000,000 bytes) Protects against memory exhaustion from large scripts (V1 in threat model).

§max_ast_depth: usize

Maximum AST nesting depth during parsing Default: 100 Protects against stack overflow from deeply nested scripts (V4 in threat model).

§max_parser_operations: usize

Maximum parser operations (fuel model for parsing) Default: 100,000 Protects against parser DoS attacks that could otherwise cause CPU exhaustion.

§max_stdout_bytes: usize

Maximum stdout capture size in bytes Default: 1MB (1,048,576 bytes) Prevents unbounded output accumulation from runaway commands.

§max_stderr_bytes: usize

Maximum stderr capture size in bytes Default: 1MB (1,048,576 bytes) Prevents unbounded error output accumulation.

§capture_final_env: bool

Whether to capture the final environment state in ExecResult. Default: false (opt-in to avoid cloning cost when not needed)

Implementations§

impl ExecutionLimits

pub fn new() -> Self

Create new limits with defaults

pub fn max_commands(self, count: usize) -> Self

Set maximum command count

pub fn max_loop_iterations(self, count: usize) -> Self

Set maximum loop iterations (per-loop)

pub fn max_total_loop_iterations(self, count: usize) -> Self

Set maximum total loop iterations (across all nested/sequential loops). Prevents TM-DOS-018 nested loop multiplication.

pub fn max_function_depth(self, depth: usize) -> Self

Set maximum function depth

pub fn timeout(self, timeout: Duration) -> Self

Set execution timeout

pub fn parser_timeout(self, timeout: Duration) -> Self

Set parser timeout

pub fn max_input_bytes(self, bytes: usize) -> Self

Set maximum input script size in bytes

pub fn max_ast_depth(self, depth: usize) -> Self

Set maximum AST nesting depth

pub fn max_parser_operations(self, ops: usize) -> Self

Set maximum parser operations

pub fn max_stdout_bytes(self, bytes: usize) -> Self

Set maximum stdout capture size in bytes

pub fn max_stderr_bytes(self, bytes: usize) -> Self

Set maximum stderr capture size in bytes

pub fn capture_final_env(self, capture: bool) -> Self

Enable capturing final environment state in ExecResult

Trait Implementations§

impl Clone for ExecutionLimits

fn clone(&self) -> ExecutionLimits

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for ExecutionLimits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for ExecutionLimits

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for ExecutionLimits

impl RefUnwindSafe for ExecutionLimits

impl Send for ExecutionLimits

impl Sync for ExecutionLimits

impl Unpin for ExecutionLimits

impl UnsafeUnpin for ExecutionLimits

impl UnwindSafe for ExecutionLimits

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> DynClone for T
where T: Clone,

fn __clone_box(&self, _: Private) -> *mut ()

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.