Security Advisories (2)

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Loader - Load all kinds of things

SYNOPSIS

use Mojo::Loader qw(data_section find_modules load_class);

# Find modules in a namespace
for my $module (find_modules 'Some::Namespace') {

  # Load them safely
  my $e = load_class $module;
  warn qq{Loading "$module" failed: $e} and next if ref $e;

  # And extract files from the DATA section
  say data_section($module, 'some_file.txt');
}

DESCRIPTION

Mojo::Loader is a class loader and plugin framework. Aside from finding modules and loading classes, it allows multiple files to be stored in the DATA section of a class, which can then be accessed individually.

package Foo;

1;
__DATA__

@@ test.txt
This is the first file.

@@ test2.html (base64)
VGhpcyBpcyB0aGUgc2Vjb25kIGZpbGUu

@@ test
This is the
third file.

Each file has a header starting with @@, followed by the file name and optional instructions for decoding its content. Currently only the Base64 encoding is supported, which can be quite convenient for the storage of binary data.

FUNCTIONS

Mojo::Loader implements the following functions, which can be imported individually.

data_section

my $all   = data_section 'Foo::Bar';
my $index = data_section 'Foo::Bar', 'index.html';

Extract embedded file from the DATA section of a class, all files will be cached once they have been accessed for the first time.

# List embedded files
say for keys %{data_section 'Foo::Bar'};

file_is_binary

my $bool = file_is_binary 'Foo::Bar', 'test.png';

Check if embedded file from the DATA section of a class was Base64 encoded.

find_packages

my @pkgs = find_packages 'MyApp::Namespace';

Search for packages in a namespace non-recursively.

find_modules

my @modules = find_modules 'MyApp::Namespace';
my @modules = find_modules 'MyApp::Namespace', {recursive => 1};

Search for modules in a namespace.

These options are currently available:

recursive

recursive => 1

Search namespace recursively.

load_class

my $e = load_class 'Foo::Bar';

Load a class and catch exceptions, returns a false value if loading was successful, a true value if the class was not found, or a Mojo::Exception object if loading failed. Note that classes are checked for a new method to see if they are already loaded, so trying to load the same class multiple times may yield different results.

# Handle exceptions
if (my $e = load_class 'Foo::Bar') {
  die ref $e ? "Exception: $e" : 'Not found!';
}

load_classes

my @classes = load_classes 'Foo::Bar';

Load all classes in a namespace recursively.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)