Harden expression evaluation resource bounds

xoofx · Copilot · xoofx · commit 2d01bd15a111 · 2026-03-21T07:32:17.000+01:00
Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/Scriban.Tests/TestFiles/200-statements/215-for-statement-error1.out.txt b/src/Scriban.Tests/TestFiles/200-statements/215-for-statement-error1.out.txt
@@ -1 +1 @@
-text(5,1) : error : Exceeding number of iteration limit `1000` for loop statement.
+text(5,11) : error : Range expression exceeds LoopLimit `1000`.
diff --git a/src/Scriban.Tests/TestRuntime.cs b/src/Scriban.Tests/TestRuntime.cs
@@ -121,6 +121,58 @@ public void ResetShouldClearCumulativeRenderOutputTracking()
             Assert.AreEqual("xy", smallTemplate.Render(context));
         }
 
+        [Test]
+        public void StringMultiplicationShouldRespectLimitToString()
+        {
+            var context = new TemplateContext
+            {
+                LimitToString = 5
+            };
+            var template = Template.Parse("{{ 'ab' * 3 }}");
+
+            var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render(context));
+
+            StringAssert.Contains("LimitToString", exception!.Message);
+        }
+
+        [Test]
+        public void BigIntegerShiftShouldRejectOversizedAmounts()
+        {
+            var template = Template.Parse("{{ 1 << 1048577 }}");
+
+            var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render());
+
+            StringAssert.Contains("Shift amount", exception!.Message);
+        }
+
+        [Test]
+        public void RangeExpressionShouldRespectLoopLimit()
+        {
+            var context = new TemplateContext
+            {
+                LoopLimit = 5
+            };
+            var template = Template.Parse("1..6", lexerOptions: new LexerOptions { Mode = ScriptMode.ScriptOnly });
+
+            var exception = Assert.Throws<ScriptRuntimeException>(() => template.Evaluate(context));
+
+            StringAssert.Contains("LoopLimit", exception!.Message);
+        }
+
+        [Test]
+        public void ArrayJoinShouldRespectLimitToString()
+        {
+            var context = new TemplateContext
+            {
+                LimitToString = 3
+            };
+            var template = Template.Parse("{{ ['ab', 'cd'] | array.join '' }}");
+
+            var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render(context));
+
+            StringAssert.Contains("LimitToString", exception!.Message);
+        }
+
         [Test]
         public void TestAssignValToDictionary()
         {
@@ -1456,7 +1508,7 @@ public void TestNestedLoopLimit()
 
             // This should throw because the inner loop has 3 iterations, exceeding limit of 2
             var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render(context));
-            Assert.That(exception.Message, Does.Contain("Exceeding number of iteration limit `2` for loop statement"));
+            Assert.That(exception.Message, Does.Contain("LoopLimit `2`"));
         }
 
         [Test]
@@ -1479,7 +1531,7 @@ public void TestNestedLoopLimitSimple()
 
             // This should throw because inner loop has 4 iterations > limit of 3
             var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render(context));
-            Assert.That(exception.Message, Does.Contain("Exceeding number of iteration limit `3` for loop statement"));
+            Assert.That(exception.Message, Does.Contain("LoopLimit `3`"));
         }
 
         [Test]
@@ -1572,7 +1624,7 @@ public void TestNestedLoopLimitIndependentCounters()
 
             // This should throw on the inner loop (5 iterations > 3 limit)
             var exception = Assert.Throws<ScriptRuntimeException>(() => template.Render(context));
-            Assert.That(exception.Message, Does.Contain("Exceeding number of iteration limit `3` for loop statement"));
+            Assert.That(exception.Message, Does.Contain("LoopLimit `3`"));
         }
 
         [Test]
diff --git a/src/Scriban/Functions/ArrayFunctions.cs b/src/Scriban/Functions/ArrayFunctions.cs
@@ -389,6 +389,7 @@ public static string Join(TemplateContext context, SourceSpan span, IEnumerable
             {
                 if (afterFirst)
                 {
+                    ValidateJoinedTextLength(context, span, text.Length, delimiter?.Length ?? 0);
                     text.Append(delimiter);
                 }
 
@@ -400,12 +401,21 @@ public static string Join(TemplateContext context, SourceSpan span, IEnumerable
                     item = context.ObjectToString(result);
                 }
 
+                ValidateJoinedTextLength(context, span, text.Length, item?.Length ?? 0);
                 text.Append(item);
                 afterFirst = true;
             }
             return text.ToString();
         }
 
+        private static void ValidateJoinedTextLength(TemplateContext context, SourceSpan span, int currentLength, int additionalLength)
+        {
+            if (context.LimitToString > 0 && additionalLength > 0 && (long)currentLength + additionalLength > context.LimitToString)
+            {
+                throw new ScriptRuntimeException(span, $"Joined string exceeds LimitToString `{context.LimitToString}`.");
+            }
+        }
+
         /// <summary>
         /// Returns the last element of the input `list`.
         /// </summary>
@@ -806,4 +816,4 @@ public override string ToString()
             }
         }
     }
-}
+}
diff --git a/src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs b/src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-text(5,1) : error : Exceeding number of iteration limit `1000` for loop statement.
	`1`	+text(5,11) : error : Range expression exceeds LoopLimit `1000`.
Original file line number	Diff line number	Diff line change
`@@ -389,6 +389,7 @@ public static string Join(TemplateContext context, SourceSpan span, IEnumerable`
`389`	`389`	`{`
`390`	`390`	`if (afterFirst)`
`391`	`391`	`{`
	`392`	`+ ValidateJoinedTextLength(context, span, text.Length, delimiter?.Length ?? 0);`
`392`	`393`	`text.Append(delimiter);`
`393`	`394`	`}`
`394`	`395`
`@@ -400,12 +401,21 @@ public static string Join(TemplateContext context, SourceSpan span, IEnumerable`
`400`	`401`	`item = context.ObjectToString(result);`
`401`	`402`	`}`
`402`	`403`
	`404`	`+ ValidateJoinedTextLength(context, span, text.Length, item?.Length ?? 0);`
`403`	`405`	`text.Append(item);`
`404`	`406`	`afterFirst = true;`
`405`	`407`	`}`
`406`	`408`	`return text.ToString();`
`407`	`409`	`}`
`408`	`410`
	`411`	`+ private static void ValidateJoinedTextLength(TemplateContext context, SourceSpan span, int currentLength, int additionalLength)`
	`412`	`+ {`
	`413`	`+ if (context.LimitToString > 0 && additionalLength > 0 && (long)currentLength + additionalLength > context.LimitToString)`
	`414`	`+ {`
	`415`	+ throw new ScriptRuntimeException(span, $"Joined string exceeds LimitToString `{context.LimitToString}`.");
	`416`	`+ }`
	`417`	`+ }`
	`418`	`+`
`409`	`419`	`/// <summary>`
`410`	`420`	/// Returns the last element of the input `list`.
`411`	`421`	`/// </summary>`
`@@ -806,4 +816,4 @@ public override string ToString()`
`806`	`816`	`}`
`807`	`817`	`}`
`808`	`818`	`}`
`809`		`-}`
	`819`	`+}`