diff --git a/lib/common/reset-search-paths.js b/lib/common/reset-search-paths.js index 4d09f6c89ca6..924cb388d4d9 100644 --- a/lib/common/reset-search-paths.js +++ b/lib/common/reset-search-paths.js @@ -9,31 +9,19 @@ module.paths = [] module.parent.paths = [] // Prevent Node from adding paths outside this app to search paths. +const resourcesPathWithTrailingSlash = process.resourcesPath + path.sep +const originalNodeModulePaths = Module._nodeModulePaths Module._nodeModulePaths = function (from) { - from = path.resolve(from) - + const paths = originalNodeModulePaths(from) + const fromPath = path.resolve(from) + path.sep // If "from" is outside the app then we do nothing. - const skipOutsidePaths = from.startsWith(process.resourcesPath) - - // Following logic is copied from module.js. - const splitRe = process.platform === 'win32' ? /[\/\\]/ : /\// - const paths = [] - const parts = from.split(splitRe) - - let tip - let i - for (tip = i = parts.length - 1; i >= 0; tip = i += -1) { - const part = parts[tip] - if (part === 'node_modules') { - continue - } - const dir = parts.slice(0, tip + 1).join(path.sep) - if (skipOutsidePaths && !dir.startsWith(process.resourcesPath)) { - break - } - paths.push(path.join(dir, 'node_modules')) + if (fromPath.startsWith(resourcesPathWithTrailingSlash)) { + return paths.filter(function (candidate) { + return candidate.startsWith(resourcesPathWithTrailingSlash) + }) + } else { + return paths } - return paths } // Patch Module._resolveFilename to always require the Electron API when diff --git a/spec/modules-spec.js b/spec/modules-spec.js index fbc66a082512..f2c45b0a71b4 100644 --- a/spec/modules-spec.js +++ b/spec/modules-spec.js @@ -1,4 +1,5 @@ const assert = require('assert') +const Module = require('module') const path = require('path') const temp = require('temp') @@ -47,3 +48,54 @@ describe('third-party module', function () { }) }) }) + +describe('Module._nodeModulePaths', function () { + describe('when the path is inside the resources path', function () { + it('does not include paths outside of the resources path', function () { + let modulePath = process.resourcesPath + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(process.resourcesPath, 'node_modules') + ]) + + modulePath = process.resourcesPath + '-foo' + let nodeModulePaths = Module._nodeModulePaths(modulePath) + assert(nodeModulePaths.includes(path.join(modulePath, 'node_modules'))) + assert(nodeModulePaths.includes(path.join(modulePath, '..', 'node_modules'))) + + modulePath = path.join(process.resourcesPath, 'foo') + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(process.resourcesPath, 'foo', 'node_modules'), + path.join(process.resourcesPath, 'node_modules') + ]) + + modulePath = path.join(process.resourcesPath, 'node_modules', 'foo') + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(process.resourcesPath, 'node_modules', 'foo', 'node_modules'), + path.join(process.resourcesPath, 'node_modules') + ]) + + modulePath = path.join(process.resourcesPath, 'node_modules', 'foo', 'bar') + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(process.resourcesPath, 'node_modules', 'foo', 'bar', 'node_modules'), + path.join(process.resourcesPath, 'node_modules', 'foo', 'node_modules'), + path.join(process.resourcesPath, 'node_modules') + ]) + + modulePath = path.join(process.resourcesPath, 'node_modules', 'foo', 'node_modules', 'bar') + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(process.resourcesPath, 'node_modules', 'foo', 'node_modules', 'bar', 'node_modules'), + path.join(process.resourcesPath, 'node_modules', 'foo', 'node_modules'), + path.join(process.resourcesPath, 'node_modules') + ]) + }) + }) + + describe('when the path is outside the resources path', function () { + it('includes paths outside of the resources path', function () { + let modulePath = path.resolve('/foo') + assert.deepEqual(Module._nodeModulePaths(modulePath), [ + path.join(modulePath, 'node_modules') + ]) + }) + }) +})