bashkit 0.8.0

Awesomely fast virtual sandbox with bash and file system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

//! Centralized DoS / resource caps for individual builtins.
//!
//! These constants are referenced by the threat model (TM-DOS-*).
//! Keeping them in one place makes auditing easier: every adjustment
//! lands in a single file, so a reviewer can read all per-builtin
//! limits without grepping the tree.
//!
//! Tunable runtime limits that are part of a public config surface
//! (e.g. `PythonLimits`, `TypeScriptLimits`, `SqliteLimits`, ssh
//! defaults) live on their own config types and are intentionally
//! NOT mirrored here.

/// Max width/precision for printf-style format specifiers to prevent
/// memory exhaustion. Shared by `printf` and `awk`.
pub(crate) const MAX_FORMAT_WIDTH: usize = 10_000;

/// archive: cap on decompression expansion ratio (zip-bomb guard).
pub(crate) const ARCHIVE_MAX_DECOMPRESSION_RATIO: usize = 100;

/// awk: max parser recursion depth.
pub(crate) const AWK_MAX_PARSER_DEPTH: usize = 100;
/// awk: max user-function call depth at runtime.
pub(crate) const AWK_MAX_CALL_DEPTH: usize = 64;
/// awk: total output byte cap per invocation.
pub(crate) const AWK_MAX_OUTPUT_BYTES: usize = 10_000_000;
/// awk: max distinct files held open by `getline < file`.
pub(crate) const AWK_MAX_GETLINE_CACHED_FILES: usize = 100;

/// curl: max number of HTTP redirects to follow.
#[cfg(feature = "http_client")]
pub(crate) const CURL_MAX_REDIRECTS: u32 = 10;

/// dirs/pushd/popd: max entries on the directory stack.
pub(crate) const DIRSTACK_MAX_SIZE: usize = 4096;

/// mktemp: max name-collision retries before giving up.
pub(crate) const MKTEMP_MAX_ATTEMPTS: usize = 64;

/// numfmt: total output / padding / precision cap.
pub(crate) const NUMFMT_MAX_OUTPUT_BYTES: usize = 1_048_576;

/// parallel: cap on Cartesian product expansion.
pub(crate) const PARALLEL_MAX_CARTESIAN_PRODUCT: usize = 100_000;

/// printf: max diagnostic message length.
pub(crate) const PRINTF_MAX_DIAG_CHARS: usize = 1_024;

/// retry: max retry attempts.
pub(crate) const RETRY_MAX_ATTEMPTS: u32 = 10_000;

/// sed: max group-nesting depth in `s` replacements.
pub(crate) const SED_MAX_GROUP_NESTING_DEPTH: usize = 128;

/// sleep: max sleep duration.
pub(crate) const SLEEP_MAX_SECONDS: f64 = 60.0;

/// template: max template-expansion recursion depth.
pub(crate) const TEMPLATE_MAX_DEPTH: usize = 100;

/// timeout: max timeout duration in seconds (5 minutes).
pub(crate) const TIMEOUT_MAX_SECONDS: u64 = 300;

/// yaml: max nesting depth.
pub(crate) const YAML_MAX_DEPTH: usize = 100;

/// yes: max lines and total output bytes per invocation.
pub(crate) const YES_MAX_LINES: usize = 10_000;
pub(crate) const YES_MAX_OUTPUT_BYTES: usize = 1_048_576;