Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

module: prevent crashes in require.resolve() when path is not a string #56942

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

module: prevent crashes in require.resolve() when path is not a string #56942

wants to merge 1 commit into from
+25 −0

Conversation

Aditi-1400
Copy link

Fixes: #47698

Previously, require.resolve() would crash when:

  • The first parameter was a relative path and
  • The paths array contained non-string entries

This commit fixes the issue by adding a check in Module._findPath to ensure all elements in paths are strings, and adding a validation in stat before calling InternalModuleStat to guard against non-string filenames.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/loaders

@nodejs-github-bot nodejs-github-bot added module Issues and PRs related to the module subsystem. needs-ci PRs that need a full CI run. labels Feb 6, 2025
joyeecheung
joyeecheung approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@joyeecheung joyeecheung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@joyeecheung joyeecheung added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 6, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 6, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65040/

@codecov Codecov
Copy link

codecov bot commented Feb 6, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.15%. Comparing base (9dee7b9) to head (ba86f84).
Report is 45 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #56942      +/-   ##
==========================================
- Coverage   89.17%   89.15%   -0.03%     
==========================================
  Files         665      665              
  Lines      192554   192853     +299     
  Branches    37064    37151      +87     
==========================================
+ Hits       171710   171929     +219     
- Misses      13645    13695      +50     
- Partials     7199     7229      +30
Files with missing lines Coverage Δ
lib/internal/modules/cjs/loader.js 98.26% <100.00%> (+<0.01%) ⬆️

... and 37 files with indirect coverage changes

@joyeecheung joyeecheung added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65046/

@aduh95 aduh95 added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Feb 7, 2025
@joyeecheung
Copy link
Member

@Aditi-1400 Can you wrap the commit message by 72 characters? https://github.com/nodejs/node/actions/runs/13198267230/job/36844336252?pr=56942

This was referenced Feb 7, 2025
Open
Open
@Aditi-1400
module: fix require.resolve() crash on non-string paths
ba86f84 
Previously, `require.resolve()` could crash when:
- The first parameter was a relative path and
- The `paths` array contained non-string entries

This commit fixes the issue by adding a check in
`Module._findPath` to ensure all elements in `paths`
are strings, and adding a validation in `stat` before
calling `InternalModuleStat` to guard against
non-string filenames.
@joyeecheung joyeecheung added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 10, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 10, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65116/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@lpinca lpinca lpinca approved these changes

@joyeecheung joyeecheung joyeecheung approved these changes

@aduh95 aduh95 aduh95 approved these changes

@jsumners-nr jsumners-nr jsumners-nr approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. module Issues and PRs related to the module subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

require.resolve crashes if first param is a relative path and the paths array contains an object
7 participants
@Aditi-1400 @nodejs-github-bot @joyeecheung @jasnell @lpinca @aduh95 @jsumners-nr