Skip to main content

ExecutionLimits

bashkit

Struct ExecutionLimits 

Source 
pub struct ExecutionLimits {
Show 14 fields
    pub max_commands: usize,
    pub max_loop_iterations: usize,
    pub max_total_loop_iterations: usize,
    pub max_function_depth: usize,
    pub timeout: Duration,
    pub parser_timeout: Duration,
    pub max_input_bytes: usize,
    pub max_ast_depth: usize,
    pub max_parser_operations: usize,
    pub max_stdout_bytes: usize,
    pub max_stderr_bytes: usize,
    pub max_subst_depth: usize,
    pub max_file_descriptors: usize,
    pub capture_final_env: bool,

}
Expand description

Resource limits for script execution

Fields§

§max_commands: usize

Maximum number of commands that can be executed (fuel model) Default: 10,000

§max_loop_iterations: usize

Maximum iterations for a single loop Default: 10,000

§max_total_loop_iterations: usize

Maximum total loop iterations across all loops (nested and sequential). Prevents nested loop multiplication attack (TM-DOS-018). Default: 1,000,000

§max_function_depth: usize

Maximum function call depth (recursion limit) Default: 100

§timeout: Duration

Execution timeout Default: 30 seconds

§parser_timeout: Duration

Parser timeout (separate from execution timeout) Default: 5 seconds This limits how long the parser can spend parsing a script before giving up. Protects against parser hang attacks (V3 in threat model).

§max_input_bytes: usize

Maximum input script size in bytes Default: 10MB (10,000,000 bytes) Protects against memory exhaustion from large scripts (V1 in threat model).

§max_ast_depth: usize

Maximum AST nesting depth during parsing Default: 100 Protects against stack overflow from deeply nested scripts (V4 in threat model).

§max_parser_operations: usize

Maximum parser operations (fuel model for parsing) Default: 100,000 Protects against parser DoS attacks that could otherwise cause CPU exhaustion.

§max_stdout_bytes: usize

Maximum stdout capture size in bytes Default: 1MB (1,048,576 bytes) Prevents unbounded output accumulation from runaway commands.

§max_stderr_bytes: usize

Maximum stderr capture size in bytes Default: 1MB (1,048,576 bytes) Prevents unbounded error output accumulation.

§max_subst_depth: usize

Maximum command substitution nesting depth. Default: 32

§max_file_descriptors: usize

Maximum persistent custom file descriptors opened via exec N>file, exec N<file, or fd duplication. Standard fds 0/1/2 do not count. Default: 1024

§capture_final_env: bool

Whether to capture the final environment state in ExecResult. Default: false (opt-in to avoid cloning cost when not needed)

Implementations§

Source§

impl ExecutionLimits

Source

pub fn new() -> Self

Create new limits with defaults

Source

pub fn cli() -> Self

Relaxed limits for CLI / interactive use.

Command/loop counters are effectively unlimited — the user chose to run the script, so counting-based limits are unhelpful. Timeout is removed (user has Ctrl-C). Stdout/stderr caps are raised to 10 MB.

Limits that guard against crashes are kept: function depth, AST depth, parser fuel, parser timeout, input size.

Source

pub fn max_commands(self, count: usize) -> Self

Set maximum command count. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_loop_iterations(self, count: usize) -> Self

Set maximum loop iterations (per-loop). Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_total_loop_iterations(self, count: usize) -> Self

Set maximum total loop iterations (across all nested/sequential loops). Prevents TM-DOS-018 nested loop multiplication. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_function_depth(self, depth: usize) -> Self

Set maximum function depth. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn timeout(self, timeout: Duration) -> Self

Set execution timeout

Source

pub fn parser_timeout(self, timeout: Duration) -> Self

Set parser timeout

Source

pub fn max_input_bytes(self, bytes: usize) -> Self

Set maximum input script size in bytes. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_ast_depth(self, depth: usize) -> Self

Set maximum AST nesting depth. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_parser_operations(self, ops: usize) -> Self

Set maximum parser operations. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_stdout_bytes(self, bytes: usize) -> Self

Set maximum stdout capture size in bytes. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_stderr_bytes(self, bytes: usize) -> Self

Set maximum stderr capture size in bytes. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_subst_depth(self, depth: usize) -> Self

Set maximum command substitution nesting depth. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn max_file_descriptors(self, count: usize) -> Self

Set maximum persistent custom file descriptors. Passing 0 is treated as “use default” (no-op) to prevent misconfiguration.

Source

pub fn capture_final_env(self, capture: bool) -> Self

Enable capturing final environment state in ExecResult

Trait Implementations§

Source§

impl Clone for ExecutionLimits

Source§

fn clone(&self) -> ExecutionLimits

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ExecutionLimits

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ExecutionLimits

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<'a, T> FromIn<'a, T> for T

Source§

fn from_in(t: T, _: &'a Allocator) -> T

Converts to this type from the input type within the given allocator.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<'a, T, U> IntoIn<'a, U> for T
where U: FromIn<'a, T>,

Source§

fn into_in(self, allocator: &'a Allocator) -> U

Converts this type into the (usually inferred) input type within the given allocator.
Source§

impl<D> OwoColorize for D

Source§

fn fg<C>(&self) -> FgColorDisplay<'_, C, Self>
where C: Color,

Set the foreground color generically Read more
Source§

fn bg<C>(&self) -> BgColorDisplay<'_, C, Self>
where C: Color,

Set the background color generically. Read more
Source§

fn black(&self) -> FgColorDisplay<'_, Black, Self>

Change the foreground color to black
Source§

fn on_black(&self) -> BgColorDisplay<'_, Black, Self>

Change the background color to black
Source§

fn red(&self) -> FgColorDisplay<'_, Red, Self>

Change the foreground color to red
Source§

fn on_red(&self) -> BgColorDisplay<'_, Red, Self>

Change the background color to red
Source§

fn green(&self) -> FgColorDisplay<'_, Green, Self>

Change the foreground color to green
Source§

fn on_green(&self) -> BgColorDisplay<'_, Green, Self>

Change the background color to green
Source§

fn yellow(&self) -> FgColorDisplay<'_, Yellow, Self>

Change the foreground color to yellow
Source§

fn on_yellow(&self) -> BgColorDisplay<'_, Yellow, Self>

Change the background color to yellow
Source§

fn blue(&self) -> FgColorDisplay<'_, Blue, Self>

Change the foreground color to blue
Source§

fn on_blue(&self) -> BgColorDisplay<'_, Blue, Self>

Change the background color to blue
Source§

fn magenta(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to magenta
Source§

fn on_magenta(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to magenta
Source§

fn purple(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to purple
Source§

fn on_purple(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to purple
Source§

fn cyan(&self) -> FgColorDisplay<'_, Cyan, Self>

Change the foreground color to cyan
Source§

fn on_cyan(&self) -> BgColorDisplay<'_, Cyan, Self>

Change the background color to cyan
Source§

fn white(&self) -> FgColorDisplay<'_, White, Self>

Change the foreground color to white
Source§

fn on_white(&self) -> BgColorDisplay<'_, White, Self>

Change the background color to white
Source§

fn default_color(&self) -> FgColorDisplay<'_, Default, Self>

Change the foreground color to the terminal default
Source§

fn on_default_color(&self) -> BgColorDisplay<'_, Default, Self>

Change the background color to the terminal default
Source§

fn bright_black(&self) -> FgColorDisplay<'_, BrightBlack, Self>

Change the foreground color to bright black
Source§

fn on_bright_black(&self) -> BgColorDisplay<'_, BrightBlack, Self>

Change the background color to bright black
Source§

fn bright_red(&self) -> FgColorDisplay<'_, BrightRed, Self>

Change the foreground color to bright red
Source§

fn on_bright_red(&self) -> BgColorDisplay<'_, BrightRed, Self>

Change the background color to bright red
Source§

fn bright_green(&self) -> FgColorDisplay<'_, BrightGreen, Self>

Change the foreground color to bright green
Source§

fn on_bright_green(&self) -> BgColorDisplay<'_, BrightGreen, Self>

Change the background color to bright green
Source§

fn bright_yellow(&self) -> FgColorDisplay<'_, BrightYellow, Self>

Change the foreground color to bright yellow
Source§

fn on_bright_yellow(&self) -> BgColorDisplay<'_, BrightYellow, Self>

Change the background color to bright yellow
Source§

fn bright_blue(&self) -> FgColorDisplay<'_, BrightBlue, Self>

Change the foreground color to bright blue
Source§

fn on_bright_blue(&self) -> BgColorDisplay<'_, BrightBlue, Self>

Change the background color to bright blue
Source§

fn bright_magenta(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright magenta
Source§

fn on_bright_magenta(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright magenta
Source§

fn bright_purple(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright purple
Source§

fn on_bright_purple(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright purple
Source§

fn bright_cyan(&self) -> FgColorDisplay<'_, BrightCyan, Self>

Change the foreground color to bright cyan
Source§

fn on_bright_cyan(&self) -> BgColorDisplay<'_, BrightCyan, Self>

Change the background color to bright cyan
Source§

fn bright_white(&self) -> FgColorDisplay<'_, BrightWhite, Self>

Change the foreground color to bright white
Source§

fn on_bright_white(&self) -> BgColorDisplay<'_, BrightWhite, Self>

Change the background color to bright white
Source§

fn bold(&self) -> BoldDisplay<'_, Self>

Make the text bold
Source§

fn dimmed(&self) -> DimDisplay<'_, Self>

Make the text dim
Source§

fn italic(&self) -> ItalicDisplay<'_, Self>

Make the text italicized
Source§

fn underline(&self) -> UnderlineDisplay<'_, Self>

Make the text underlined
Make the text blink
Make the text blink (but fast!)
Source§

fn reversed(&self) -> ReversedDisplay<'_, Self>

Swap the foreground and background colors
Source§

fn hidden(&self) -> HiddenDisplay<'_, Self>

Hide the text
Source§

fn strikethrough(&self) -> StrikeThroughDisplay<'_, Self>

Cross out the text
Source§

fn color<Color>(&self, color: Color) -> FgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the foreground color at runtime. Only use if you do not know which color will be used at compile-time. If the color is constant, use either OwoColorize::fg or a color-specific method, such as OwoColorize::green, Read more
Source§

fn on_color<Color>(&self, color: Color) -> BgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the background color at runtime. Only use if you do not know what color to use at compile-time. If the color is constant, use either OwoColorize::bg or a color-specific method, such as OwoColorize::on_yellow, Read more
Source§

fn fg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> FgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the foreground color to a specific RGB value.
Source§

fn bg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> BgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the background color to a specific RGB value.
Source§

fn truecolor(&self, r: u8, g: u8, b: u8) -> FgDynColorDisplay<'_, Rgb, Self>

Sets the foreground color to an RGB value.
Source§

fn on_truecolor(&self, r: u8, g: u8, b: u8) -> BgDynColorDisplay<'_, Rgb, Self>

Sets the background color to an RGB value.
Source§

fn style(&self, style: Style) -> Styled<&Self>

Apply a runtime-determined style
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more