From 6059846a22973125273e940301a8b6d74fe603b5 Mon Sep 17 00:00:00 2001
From: Justin King <jcking@google.com>
Date: Fri, 12 Apr 2024 09:31:00 -0700
Subject: [PATCH] Further restrict default parser limits

PiperOrigin-RevId: 624204076
---
 parser/internal/options.h | 4 ++--
 parser/parser.cc          | 2 +-
 parser/parser_test.cc     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/parser/internal/options.h b/parser/internal/options.h
index fb465eecd..ec2552204 100644
--- a/parser/internal/options.h
+++ b/parser/internal/options.h
@@ -17,8 +17,8 @@
 
 namespace cel_parser_internal {
 
-inline constexpr int kDefaultErrorRecoveryLimit = 30;
-inline constexpr int kDefaultMaxRecursionDepth = 50;
+inline constexpr int kDefaultErrorRecoveryLimit = 12;
+inline constexpr int kDefaultMaxRecursionDepth = 32;
 inline constexpr int kExpressionSizeCodepointLimit = 100'000;
 inline constexpr int kDefaultErrorRecoveryTokenLookaheadLimit = 512;
 inline constexpr bool kDefaultAddMacroCalls = false;
diff --git a/parser/parser.cc b/parser/parser.cc
index 8219cfb31..47ec1715f 100644
--- a/parser/parser.cc
+++ b/parser/parser.cc
@@ -1043,7 +1043,7 @@ void ExprRecursionListener::enterEveryRule(ParserRuleContext* ctx) {
   // continue if this were treated as a syntax error and the problem would
   // continue to manifest.
   if (ctx->getRuleIndex() == CelParser::RuleExpr) {
-    if (recursion_depth_ >= max_recursion_depth_) {
+    if (recursion_depth_ > max_recursion_depth_) {
       throw ParseCancellationException(
           absl::StrFormat("Expression recursion limit exceeded. limit: %d",
                           max_recursion_depth_));
diff --git a/parser/parser_test.cc b/parser/parser_test.cc
index 74f61f86a..01411b547 100644
--- a/parser/parser_test.cc
+++ b/parser/parser_test.cc
@@ -889,7 +889,7 @@ std::vector<TestInfo> test_cases = {
      "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
      "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
      "]]]]]]",
-     "", "Expression recursion limit exceeded. limit: 50", "", "", "", false},
+     "", "Expression recursion limit exceeded. limit: 32", "", "", "", false},
     {
         // Note, the ANTLR parse stack may recurse much more deeply and permit
         // more detailed expressions than the visitor can recurse over in