1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
//! Centralized DoS / resource caps for individual builtins.
//!
//! These constants are referenced by the threat model (TM-DOS-*).
//! Keeping them in one place makes auditing easier: every adjustment
//! lands in a single file, so a reviewer can read all per-builtin
//! limits without grepping the tree.
//!
//! Tunable runtime limits that are part of a public config surface
//! (e.g. `PythonLimits`, `TypeScriptLimits`, `SqliteLimits`, ssh
//! defaults) live on their own config types and are intentionally
//! NOT mirrored here.
/// Max width/precision for printf-style format specifiers to prevent
/// memory exhaustion. Shared by `printf` and `awk`.
pub const MAX_FORMAT_WIDTH: usize = 10_000;
/// archive: cap on decompression expansion ratio (zip-bomb guard).
pub const ARCHIVE_MAX_DECOMPRESSION_RATIO: usize = 100;
/// awk: max parser recursion depth.
pub const AWK_MAX_PARSER_DEPTH: usize = 100;
/// awk: max comma-separated subscripts in one array key.
pub const AWK_MAX_MULTI_SUBSCRIPTS: usize = 100;
/// awk: max user-function call depth at runtime.
pub const AWK_MAX_CALL_DEPTH: usize = 64;
/// awk: total output byte cap per invocation.
pub const AWK_MAX_OUTPUT_BYTES: usize = 10_000_000;
/// awk: max distinct output redirection targets per invocation.
pub const AWK_MAX_OUTPUT_TARGETS: usize = 1_024;
/// awk: max distinct files held open by `getline < file`.
pub const AWK_MAX_GETLINE_CACHED_FILES: usize = 100;
/// awk: max bytes read from one `getline < file` input.
pub const AWK_MAX_GETLINE_FILE_BYTES: usize = 10_000_000;
/// awk: max total bytes retained by all `getline < file` inputs.
pub const AWK_MAX_GETLINE_CACHE_BYTES: usize = 10_000_000;
/// curl: max number of HTTP redirects to follow.
pub const CURL_MAX_REDIRECTS: u32 = 10;
/// curl: max request body bytes for `-d`, `-d @-`, `-d @file`, and multipart assembly.
pub const CURL_MAX_REQUEST_BODY_BYTES: usize = 10_000_000;
/// expand/unexpand: max accepted tab stop width.
pub const EXPAND_MAX_TAB_STOP: usize = 10_000;
/// expand: max output bytes per invocation before interpreter-level truncation.
pub const EXPAND_MAX_OUTPUT_BYTES: usize = 1_048_576;
/// dirs/pushd/popd: max entries on the directory stack.
pub const DIRSTACK_MAX_SIZE: usize = 4096;
/// dirs/pushd/popd: max UTF-8 bytes per restored directory-stack entry.
pub const DIRSTACK_MAX_ENTRY_BYTES: usize = 4096;
/// find: total stdout cap for default and `-printf` output.
pub const FIND_MAX_OUTPUT_BYTES: usize = 1_048_576;
/// mktemp: max name-collision retries before giving up.
pub const MKTEMP_MAX_ATTEMPTS: usize = 64;
/// numfmt: total output / padding / precision cap.
pub const NUMFMT_MAX_OUTPUT_BYTES: usize = 1_048_576;
/// parallel: cap on Cartesian product expansion.
pub const PARALLEL_MAX_CARTESIAN_PRODUCT: usize = 100_000;
/// printf: max diagnostic message length.
pub const PRINTF_MAX_DIAG_CHARS: usize = 1_024;
/// retry: max retry attempts.
pub const RETRY_MAX_ATTEMPTS: u32 = 10_000;
/// sed: max group-nesting depth in `s` replacements.
pub const SED_MAX_GROUP_NESTING_DEPTH: usize = 128;
/// sleep: max sleep duration.
pub const SLEEP_MAX_SECONDS: f64 = 60.0;
/// template: max template-expansion recursion depth.
pub const TEMPLATE_MAX_DEPTH: usize = 100;
/// timeout: max timeout duration in seconds (5 minutes).
pub const TIMEOUT_MAX_SECONDS: u64 = 300;
/// yaml: max nesting depth.
pub const YAML_MAX_DEPTH: usize = 100;
/// yes: max lines and total output bytes per invocation.
pub const YES_MAX_LINES: usize = 10_000;
pub const YES_MAX_OUTPUT_BYTES: usize = 1_048_576;