Skip to main content

Module limits

Module limits 

Source
Expand description

Parser DoS limits.

These limits are uniformly applied at parser entry points so a malicious query string can’t exhaust recursion stack, RAM, or identifier bookkeeping. Limit values are documented in docs/security/parser-limits.md (issue #87).

§Defaults

LimitDefaultRationale
max_depth16Recursive descent + Pratt; above typical
hand-written queries (≤ 12).
max_input_bytes1 MiBHard cap on the token stream input.
max_identifier_chars256Long enough for legitimate UUID-tagged names,
short enough to bound HashMap pressure.
max_tokens8192Bounds token-driven parser work even when input
bytes and recursion depth stay below their caps.

Callers that need different limits (replication apply, admin DDL migrations) construct a custom ParserLimits and pass it to Parser::with_limits.

Structs§

ParserLimits
Hard limits enforced by the front-end.