forbid requires of binary extensions

[fabiosantoscode]

Since binary extensions can do anything they please, return null when requiring them.

I haven't tested it, but according to the docs a file is only loaded as a binary extension if it's a .node file.

[ryzokuken]

@fabiosantoscode that seems fairly straightforward also. Would you like to make a PR for that?

[ryzokuken]

Oh wait, my bad.

[ryzokuken]

Looks fair, thanks for the PR. I was thinking about this, and since we’re throwing the file into vm.compileFunction, it makes no sense to accept files which aren’t valid JavaScript files. Can you change the workflow so that if the extension isn’t a JavaScript extension (.js and .mjs, I guess), it bails to the standard require method?

[ryzokuken]

Now that I think about it, forbidding requiring something with the current codebase is a bad idea since secureRequire takes over the require chain in the submodules and this would break the code if any of the submodules require anything which can’t be handled with secureRequire. For this reason, secureRequire shouldn’t throw on weird file types but just bail to standard require (which is what the user would try anyway).

If we do want to throw something, we should only throw it on the first level (direct requires).