module: apply null bytes check to module read path

PR-URL: nodejs/node#8277

lib/fs.js

@@ -154,6 +154,9 @@ function makeStatsCallback(cb) {
   };
 }
 
+// This is duplicated in module.js and needs to be moved to internal/fs.js
+// once it is OK again to include internal/ resources in fs.js.
+// See: https://github.com/nodejs/node/pull/6413
 function nullCheck(path, callback) {
   if (('' + path).indexOf('\u0000') !== -1) {
     var er = new Error('Path must be a string without null bytes');

lib/module.js

@@ -47,6 +47,22 @@ function stat(filename) {
 stat.cache = null;
 
 
+// This is duplicated from fs.js and needs to be moved to internal/fs.js
+// once it is OK again to include internal/ resources in fs.js.
+// See: https://github.com/nodejs/node/pull/6413
+function nullCheck(path, callback) {
+  if (('' + path).indexOf('\u0000') !== -1) {
+    var er = new Error('Path must be a string without null bytes');
+    er.code = 'ENOENT';
+    if (typeof callback !== 'function')
+      throw er;
+    process.nextTick(callback, er);
+    return false;
+  }
+  return true;
+}
+
+
 function Module(id, parent) {
   this.id = id;
   this.exports = {};
@@ -159,6 +175,8 @@ function tryExtensions(p, exts, isMain) {
 
 var warned = false;
 Module._findPath = function(request, paths, isMain) {
+  nullCheck(request);
+
   if (path.isAbsolute(request)) {
     paths = [''];
   } else if (!paths || paths.length === 0) {

test/parallel/test-fs-null-bytes.js

@@ -137,3 +137,19 @@ fs.exists('foo\u0000bar', common.mustCall((exists) => {
   assert(!exists);
 }));
 assert(!fs.existsSync('foo\u0000bar'));
+
+function checkRequire(arg) {
+  assert.throws(function() {
+    console.error(`require(${JSON.stringify(arg)})`);
+    require(arg);
+  }, expectedError);
+}
+
+checkRequire('\u0000');
+checkRequire('foo\u0000bar');
+checkRequire('foo\u0000');
+checkRequire('foo/\u0000');
+checkRequire('foo/\u0000.js');
+checkRequire('\u0000/foo');
+checkRequire('./foo/\u0000');
+checkRequire('./\u0000/foo');