module: apply null bytes check to module read path

rvagg · saper · commit 0deecf808afc · 2017-08-17T23:20:30.000Z
PR-URL: nodejs/node#8277
diff --git a/lib/fs.js b/lib/fs.js
@@ -154,6 +154,9 @@ function makeStatsCallback(cb) {
   };
 }
 
+// This is duplicated in module.js and needs to be moved to internal/fs.js
+// once it is OK again to include internal/ resources in fs.js.
+// See: https://github.com/nodejs/node/pull/6413
 function nullCheck(path, callback) {
   if (('' + path).indexOf('\u0000') !== -1) {
     var er = new Error('Path must be a string without null bytes');
diff --git a/lib/module.js b/lib/module.js
@@ -47,6 +47,22 @@ function stat(filename) {
 stat.cache = null;
 
 
+// This is duplicated from fs.js and needs to be moved to internal/fs.js
+// once it is OK again to include internal/ resources in fs.js.
+// See: https://github.com/nodejs/node/pull/6413
+function nullCheck(path, callback) {
+  if (('' + path).indexOf('\u0000') !== -1) {
+    var er = new Error('Path must be a string without null bytes');
+    er.code = 'ENOENT';
+    if (typeof callback !== 'function')
+      throw er;
+    process.nextTick(callback, er);
+    return false;
+  }
+  return true;
+}
+
+
 function Module(id, parent) {
   this.id = id;
   this.exports = {};
@@ -159,6 +175,8 @@ function tryExtensions(p, exts, isMain) {
 
 var warned = false;
 Module._findPath = function(request, paths, isMain) {
+  nullCheck(request);
+
   if (path.isAbsolute(request)) {
     paths = [''];
   } else if (!paths || paths.length === 0) {
diff --git a/test/parallel/test-fs-null-bytes.js b/test/parallel/test-fs-null-bytes.js
@@ -137,3 +137,19 @@ fs.exists('foo\u0000bar', common.mustCall((exists) => {
   assert(!exists);
 }));
 assert(!fs.existsSync('foo\u0000bar'));
+
+function checkRequire(arg) {
+  assert.throws(function() {
+    console.error(`require(${JSON.stringify(arg)})`);
+    require(arg);
+  }, expectedError);
+}
+
+checkRequire('\u0000');
+checkRequire('foo\u0000bar');
+checkRequire('foo\u0000');
+checkRequire('foo/\u0000');
+checkRequire('foo/\u0000.js');
+checkRequire('\u0000/foo');
+checkRequire('./foo/\u0000');
+checkRequire('./\u0000/foo');

Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,9 @@ function makeStatsCallback(cb) {`
`154`	`154`	`};`
`155`	`155`	`}`
`156`	`156`
	`157`	`+// This is duplicated in module.js and needs to be moved to internal/fs.js`
	`158`	`+// once it is OK again to include internal/ resources in fs.js.`
	`159`	`+// See: https://github.com/nodejs/node/pull/6413`
`157`	`160`	`function nullCheck(path, callback) {`
`158`	`161`	`if (('' + path).indexOf('\u0000') !== -1) {`
`159`	`162`	`var er = new Error('Path must be a string without null bytes');`