Security Advisories (2)

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojolicious::Command - Command base class

SYNOPSIS

# Lowercase command name
package Mojolicious::Command::mycommand;
use Mojo::Base 'Mojolicious::Command', -signatures;

# Short description
has description => 'My first Mojo command';

# Usage message from SYNOPSIS
has usage => sub ($self) { $self->extract_usage };

sub run ($self, @args) {

  # Magic here! :)
}

=head1 SYNOPSIS

  Usage: APPLICATION mycommand [OPTIONS]

  Options:
    -s, --something   Does something

=cut

DESCRIPTION

Mojolicious::Command is an abstract base class for Mojolicious commands.

See "COMMANDS" in Mojolicious::Commands for a list of commands that are available by default.

ATTRIBUTES

Mojolicious::Command implements the following attributes.

app

my $app  = $command->app;
$command = $command->app(Mojolicious->new);

Application for command, defaults to a Mojo::HelloWorld object. Note that this attribute is weakened.

# Introspect
say "Template path: $_" for @{$command->app->renderer->paths};

description

my $description = $command->description;
$command        = $command->description('Foo');

Short description of command, used for the command list.

quiet

my $bool = $command->quiet;
$command = $command->quiet($bool);

Limited command output.

template

my $template = $command->template;
$command     = $command->template({vars => 1});

Attribute values passed to Mojo::Template objects used to render templates with "render_data", defaults to activating vars.

usage

my $usage = $command->usage;
$command  = $command->usage('Foo');

Usage information for command, used for the help screen.

METHODS

Mojolicious::Command inherits all methods from Mojo::Base and implements the following new ones.

chmod_file

$command = $command->chmod_file('/home/sri/foo.txt', 0644);

Change mode of a file.

chmod_rel_file

$command = $command->chmod_rel_file('foo/foo.txt', 0644);

Portably change mode of a file relative to the current working directory.

create_dir

$command = $command->create_dir('/home/sri/foo/bar');

Create a directory if it does not exist already.

create_rel_dir

$command = $command->create_rel_dir('foo/bar/baz');

Portably create a directory relative to the current working directory if it does not exist already.

extract_usage

my $usage = $command->extract_usage;

Extract usage message from the SYNOPSIS section of the file this method was called from with "extract_usage" in Mojo::Util.

help

$command->help;

Print usage information for command.

rel_file

my $path = $command->rel_file('foo/bar.txt');

Return a Mojo::File object relative to the current working directory.

render_data

my $data = $command->render_data('foo_bar');
my $data = $command->render_data('foo_bar', @args);
my $data = $command->render_data('foo_bar', {foo => 'bar'});

Render a template from the DATA section of the command class with Mojo::Loader and Mojo::Template. The template can be configured with "template".

render_to_file

$command = $command->render_to_file('foo_bar', '/home/sri/foo.txt');
$command = $command->render_to_file('foo_bar', '/home/sri/foo.txt', @args);
$command = $command->render_to_file(
  'foo_bar', '/home/sri/foo.txt', {foo => 'bar'});

Render a template with "render_data" to a file if it does not exist already, and create the directory if necessary.

render_to_rel_file

$command = $command->render_to_rel_file('foo_bar', 'foo/bar.txt');
$command = $command->render_to_rel_file('foo_bar', 'foo/bar.txt', @args);
$command = $command->render_to_rel_file(
  'foo_bar', 'foo/bar.txt', {foo => 'bar'});

Portably render a template with "render_data" to a file relative to the current working directory if it does not exist already, and create the directory if necessary.

run

$command->run;
$command->run(@ARGV);

Run command. Meant to be overloaded in a subclass.

write_file

$command = $command->write_file('/home/sri/foo.txt', 'Hello World!');

Write text to a file if it does not exist already, and create the directory if necessary.

write_rel_file

$command = $command->write_rel_file('foo/bar.txt', 'Hello World!');

Portably write text to a file relative to the current working directory if it does not exist already, and create the directory if necessary.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)