Add JSON and regex guardrails

Author: mgomes

ROADMAP.md

@@ -296,7 +296,7 @@ Goal: reduce host-side boilerplate for common scripting tasks.
 ### Compatibility and Safety
 
 - [x] Define deterministic behavior for locale-sensitive operations.
-- [ ] Add quotas/guards around potentially expensive operations.
+- [x] Add quotas/guards around potentially expensive operations.
 - [ ] Ensure new stdlib functions are capability-safe where required.
 
 ### Testing and Docs

docs/builtins.md

@@ -102,6 +102,8 @@ payload = JSON.parse("{\"id\":\"p-1\",\"score\":10}")
 payload[:score] # 10
 ```
 
+`JSON.parse` enforces a 1 MiB input limit.
+
 ### `JSON.stringify(value)`
 
 Serializes supported values (`hash`/`object`, `array`, scalar primitives) into
@@ -111,6 +113,8 @@ a JSON string:
 raw = JSON.stringify({ id: "p-1", score: 10, tags: ["a", "b"] })
 ```
 
+`JSON.stringify` enforces a 1 MiB output limit.
+
 ## Regex
 
 ### `Regex.match(pattern, text)`
@@ -132,6 +136,8 @@ Regex.replace_all("ID-12 ID-34", "ID-[0-9]+", "X")       # "X X"
 Regex.replace("ID-12", "ID-([0-9]+)", "X-$1")            # "X-12"
 ```
 
+Regex helpers enforce input guards (max pattern size 16 KiB, max text size 1 MiB).
+
 ## Module Loading
 
 ### `require(module_name, as: alias?)`

vibes/builtins.go

@@ -13,7 +13,12 @@ import (
 	"time"
 )
 
-const randomIDAlphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+const (
+	randomIDAlphabet    = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	maxJSONPayloadBytes = 1 << 20
+	maxRegexInputBytes  = 1 << 20
+	maxRegexPatternSize = 16 << 10
+)
 
 func builtinAssert(exec *Execution, receiver Value, args []Value, kwargs map[string]Value, block Value) (Value, error) {
 	if len(args) == 0 {
@@ -225,7 +230,12 @@ func builtinJSONParse(exec *Execution, receiver Value, args []Value, kwargs map[
 		return NewNil(), fmt.Errorf("JSON.parse does not accept blocks")
 	}
 
-	decoder := json.NewDecoder(strings.NewReader(args[0].String()))
+	raw := args[0].String()
+	if len(raw) > maxJSONPayloadBytes {
+		return NewNil(), fmt.Errorf("JSON.parse input exceeds limit %d bytes", maxJSONPayloadBytes)
+	}
+
+	decoder := json.NewDecoder(strings.NewReader(raw))
 	decoder.UseNumber()
 
 	var decoded any
@@ -267,6 +277,9 @@ func builtinJSONStringify(exec *Execution, receiver Value, args []Value, kwargs
 	if err != nil {
 		return NewNil(), fmt.Errorf("JSON.stringify failed: %v", err)
 	}
+	if len(payload) > maxJSONPayloadBytes {
+		return NewNil(), fmt.Errorf("JSON.stringify output exceeds limit %d bytes", maxJSONPayloadBytes)
+	}
 	return NewString(string(payload)), nil
 }
 
@@ -384,12 +397,20 @@ func builtinRegexMatch(exec *Execution, receiver Value, args []Value, kwargs map
 	if args[0].Kind() != KindString || args[1].Kind() != KindString {
 		return NewNil(), fmt.Errorf("Regex.match expects string pattern and text")
 	}
+	pattern := args[0].String()
+	text := args[1].String()
+	if len(pattern) > maxRegexPatternSize {
+		return NewNil(), fmt.Errorf("Regex.match pattern exceeds limit %d bytes", maxRegexPatternSize)
+	}
+	if len(text) > maxRegexInputBytes {
+		return NewNil(), fmt.Errorf("Regex.match text exceeds limit %d bytes", maxRegexInputBytes)
+	}
 
-	re, err := regexp.Compile(args[0].String())
+	re, err := regexp.Compile(pattern)
 	if err != nil {
 		return NewNil(), fmt.Errorf("Regex.match invalid regex: %v", err)
 	}
-	match := re.FindString(args[1].String())
+	match := re.FindString(text)
 	if match == "" {
 		return NewNil(), nil
 	}
@@ -426,6 +447,12 @@ func builtinRegexReplaceInternal(args []Value, kwargs map[string]Value, block Va
 	text := args[0].String()
 	pattern := args[1].String()
 	replacement := args[2].String()
+	if len(pattern) > maxRegexPatternSize {
+		return NewNil(), fmt.Errorf("%s pattern exceeds limit %d bytes", method, maxRegexPatternSize)
+	}
+	if len(text) > maxRegexInputBytes {
+		return NewNil(), fmt.Errorf("%s text exceeds limit %d bytes", method, maxRegexInputBytes)
+	}
 
 	re, err := regexp.Compile(pattern)
 	if err != nil {

vibes/runtime_test.go

@@ -1887,6 +1887,52 @@ func TestJSONAndRegexMalformedInputs(t *testing.T) {
 	}
 }
 
+func TestJSONAndRegexSizeGuards(t *testing.T) {
+	engine := MustNewEngine(Config{MemoryQuotaBytes: 4 << 20})
+	script, err := engine.Compile(`
+    def parse_raw(raw)
+      JSON.parse(raw)
+    end
+
+    def stringify_value(value)
+      JSON.stringify(value)
+    end
+
+    def regex_match_guard(pattern, text)
+      Regex.match(pattern, text)
+    end
+    `)
+	if err != nil {
+		t.Fatalf("compile error: %v", err)
+	}
+
+	largeJSON := `{"data":"` + strings.Repeat("x", maxJSONPayloadBytes) + `"}`
+	_, err = script.Call(context.Background(), "parse_raw", []Value{NewString(largeJSON)}, CallOptions{})
+	if err == nil || !strings.Contains(err.Error(), "JSON.parse input exceeds limit") {
+		t.Fatalf("expected JSON.parse size guard error, got %v", err)
+	}
+
+	largeValue := NewHash(map[string]Value{
+		"data": NewString(strings.Repeat("x", maxJSONPayloadBytes)),
+	})
+	_, err = script.Call(context.Background(), "stringify_value", []Value{largeValue}, CallOptions{})
+	if err == nil || !strings.Contains(err.Error(), "JSON.stringify output exceeds limit") {
+		t.Fatalf("expected JSON.stringify size guard error, got %v", err)
+	}
+
+	largePattern := strings.Repeat("a", maxRegexPatternSize+1)
+	_, err = script.Call(context.Background(), "regex_match_guard", []Value{NewString(largePattern), NewString("aaa")}, CallOptions{})
+	if err == nil || !strings.Contains(err.Error(), "Regex.match pattern exceeds limit") {
+		t.Fatalf("expected Regex.match pattern guard error, got %v", err)
+	}
+
+	largeText := strings.Repeat("a", maxRegexInputBytes+1)
+	_, err = script.Call(context.Background(), "regex_match_guard", []Value{NewString("a+"), NewString(largeText)}, CallOptions{})
+	if err == nil || !strings.Contains(err.Error(), "Regex.match text exceeds limit") {
+		t.Fatalf("expected Regex.match text guard error, got %v", err)
+	}
+}
+
 func TestLocaleSensitiveOperationsDeterministic(t *testing.T) {
 	script := compileScript(t, `
     def locale_ops()