Comments (8)
One would need to make a copy of the ArrayBuffer
into the host and pass this object to Buffer
.
from vm2.
Maybe read https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray/buffer about what the buffer
property should return as it seems to work as intended. The only difference is that inspection of the returned ArrayBuffer
will not print details if the ArrayBuffer
is from within the sandbox.
from vm2.
Thank you for your quick response.
I guess my real problem might be elsewhere. Here is my actual use case :
const { NodeVM } = require('vm2');
const vm = new NodeVM();
vm.run(`
function float64Buffer(arr) {
const float64Array = new Float64Array(arr);
return Buffer.from(float64Array.buffer);
}
float64Buffer([0.1,0.2]);
`);
This call throws the following error :
TypeError: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received an instance of Object
at new NodeError in core node:internal/errors — line 393
at Function.from in core node:buffer — line 328
at ReadOnlyHandler.apply in vm2/lib/bridge.js — line 485
at float64Buffer in core vm.js — line 4
in core vm.js — line 7
at VM2 Wrapper.apply in vm2/lib/bridge.js — line 485
And this seems to only happen in vm2, any idea why?
from vm2.
This is happening as Buffer
is actually the host Buffer
and it cannot handle the proxied ArrayBuffer
argument.
from vm2.
Alright, thank you. It's a little bit clearer for us now.
I guess there is no workaround to this?
We were imagining passing a specific function that could be executed outside the vm2 context.
We tried to pass it in the sandbox
configuration field, but it is still executed in vm2, I guess it is not possible to do so?
from vm2.
Thanks a lot, it does indeed work!
Do you see any drawback or security concern passing the ArrayBuffer
?
from vm2.
Last time I checked I did not find a security impact.
from vm2.
Alright, thanks again for your help, have a great day!
from vm2.
Related Issues (20)
- freeze doesn't work on Array methods (shift, pop, etc) HOT 4
- fetch not available in vm2 with node 19 HOT 1
- VM and NodeVM behaves differently on await HOT 3
- Any tips for improving performance of `vm.run()`? HOT 9
- [VM2 Sandbox Escape] Vulnerability in [email protected] HOT 13
- Sandbox Escape in [email protected] HOT 3
- Adding a Security Policy HOT 1
- Modules not loading any more? HOT 16
- Overriding functions of objects from sandbox parameter inside NodeVM HOT 3
- Lib memory leak HOT 8
- Hello, is there any way to make the large functions in node equal to those in VM2? Or not isolate large functions? HOT 16
- Usage with NextJS HOT 8
- this.pathResolve is not a function in 3.9.18 HOT 2
- Work in a bundle HOT 3
- Use external modules without filesystem access HOT 1
- Typescript Set transpilation issues
- Node's test runner not available as builtin
- Isolating Imported Modules
- Discontinued HOT 63
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vm2.