pr feedback: use a different approach of allowing requires

Author: PavelSafronov

src/runtime_adapters.ts

@@ -8,6 +8,14 @@ import type * as os from 'os';
 
 import { type MongoClientOptions } from './mongo_client';
 
+/**
+ * @internal
+ *
+ * This propery can be set on the global object to allow the driver to require otherwise blocked modules.
+ * This is used by our test suite to allow tests to access the `os` module without allowing user code to do so.
+ */
+export const ALLOWED_DRIVER_REQUIRE_PROPERTY_NAME = 'allowedDriverRequire';
+
 /**
  * @public
  * @experimental
@@ -43,9 +51,14 @@ export interface Runtime {
  * not provided by in `options`, and returns a `Runtime`.
  */
 export function resolveRuntimeAdapters(options: MongoClientOptions): Runtime {
-  const correctRequire = (globalThis as any).__driver_require || require;
-
-  return {
-    os: options.runtimeAdapters?.os ?? correctRequire('os')
-  };
+  (globalThis as any)[ALLOWED_DRIVER_REQUIRE_PROPERTY_NAME] = true;
+  try {
+    const runtime = {
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      os: options.runtimeAdapters?.os ?? require('os')
+    };
+    return runtime;
+  } finally {
+    (globalThis as any)[ALLOWED_DRIVER_REQUIRE_PROPERTY_NAME] = false;
+  }
 }

test/tools/runner/vm_context_helper.ts

@@ -5,6 +5,8 @@ import { isBuiltin } from 'node:module';
 import * as path from 'node:path';
 import * as vm from 'node:vm';
 
+import { ALLOWED_DRIVER_REQUIRE_PROPERTY_NAME } from '../../mongodb_all';
+
 const allowedModules = new Set([
   '@aws-sdk/credential-providers',
   '@mongodb-js/saslprep',
@@ -20,7 +22,7 @@ const allowedModules = new Set([
 ]);
 const blockedModules = new Set(['os']);
 
-// TODO: NODE-7460 - Remove Error and other unnecessary exports
+// TODO: NODE-7460 - Remove Error, Map, Math, Promise, and other unnecessary exports
 const exposedGlobals = new Set([
   'AbortController',
   'AbortSignal',
@@ -56,11 +58,12 @@ const exposedGlobals = new Set([
  */
 function createRestrictedRequire() {
   return function restrictedRequire(moduleName: string) {
+    const isAllowedBySymbol = !!sandbox[ALLOWED_DRIVER_REQUIRE_PROPERTY_NAME];
     const isModuleBuiltin = isBuiltin(moduleName);
     const isModuleAllowed = allowedModules.has(moduleName);
     const isModuleBlocked = blockedModules.has(moduleName);
     const shouldAllow = isModuleAllowed || isModuleBuiltin;
-    const shouldBlock = isModuleBlocked || !shouldAllow;
+    const shouldBlock = (isModuleBlocked || !shouldAllow) && !isAllowedBySymbol;
 
     if (shouldBlock) {
       throw new Error(`Access to core module '${moduleName}' is restricted in this context`);
@@ -75,9 +78,6 @@ const context = {
   // Custom require that blocks core modules
   require: createRestrictedRequire(),
 
-  // Driver require
-  __driver_require: require,
-
   // Needed for some modules
   global: undefined as any,
   globalThis: undefined as any
@@ -93,7 +93,7 @@ for (const globalName of exposedGlobals) {
 // Create a sandbox context with necessary globals
 const sandbox = vm.createContext(context);
 
-// Make global and globalThis point to the sandbox
+// Make globalThis point to the sandbox
 sandbox.globalThis = sandbox;
 
 /**