Skip to main content

bssh/jump/parser/
config.rs

1// Copyright 2025 Lablup Inc. and Jeongkyu Shin
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Configuration constants and functions for jump host limits
16
17/// Default maximum number of jump hosts allowed in a chain
18/// SECURITY: Prevents resource exhaustion and excessive connection chains
19pub const DEFAULT_MAX_JUMP_HOSTS: usize = 10;
20
21/// Absolute maximum number of jump hosts, even if configured higher
22/// SECURITY: Hard limit to prevent DoS attacks regardless of configuration
23pub const ABSOLUTE_MAX_JUMP_HOSTS: usize = 30;
24
25/// Get the maximum number of jump hosts allowed
26///
27/// Reads from `BSSH_MAX_JUMP_HOSTS` environment variable, with fallback to default.
28/// The value is capped at ABSOLUTE_MAX_JUMP_HOSTS for security.
29///
30/// # Examples
31/// ```bash
32/// # Use default (10)
33/// bssh -J host1,host2,... target
34///
35/// # Set custom limit (e.g., 20)
36/// BSSH_MAX_JUMP_HOSTS=20 bssh -J host1,host2,...,host20 target
37/// ```
38pub fn get_max_jump_hosts() -> usize {
39    std::env::var("BSSH_MAX_JUMP_HOSTS")
40        .ok()
41        .and_then(|s| s.parse::<usize>().ok())
42        .map(|n| {
43            if n == 0 {
44                tracing::warn!(
45                    "BSSH_MAX_JUMP_HOSTS cannot be 0, using default: {}",
46                    DEFAULT_MAX_JUMP_HOSTS
47                );
48                DEFAULT_MAX_JUMP_HOSTS
49            } else if n > ABSOLUTE_MAX_JUMP_HOSTS {
50                tracing::warn!(
51                    "BSSH_MAX_JUMP_HOSTS={} exceeds absolute maximum {}, capping at {}",
52                    n,
53                    ABSOLUTE_MAX_JUMP_HOSTS,
54                    ABSOLUTE_MAX_JUMP_HOSTS
55                );
56                ABSOLUTE_MAX_JUMP_HOSTS
57            } else {
58                n
59            }
60        })
61        .unwrap_or(DEFAULT_MAX_JUMP_HOSTS)
62}