Security Advisories (1)

CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Starch::Factory - Role applicator and class creator.

DESCRIPTION

This class consumes the Starch::Plugin::Bundle role and is used by Starch to apply specified plugins to manager, state, and store classes.

Normally there is no need to interact with this class directly.

OPTIONAL ARGUMENTS

plugins

This is the "plugins" in Starch::Plugin::Bundle attribute, but altered to be an argument.

base_manager_class

The base class of the Starch manager object. Default to Starch::Manager.

base_state_class

The base class of Starch state objects. Default to Starch::State.

ATTRIBUTES

manager_class

The anonymous class which extends "base_manager_class" and has "manager_roles" in Starch::Plugin::Bundle applied to it.

state_class

The anonymous class which extends "base_state_class" and has "state_roles" in Starch::Plugin::Bundle applied to it.

METHODS

base_store_class

my $class = $factory->base_store_class( '::Memory' );
# Starch::Store::Memory

my $class = $factory->base_store_class( 'Starch::Store::Memory' );
# Starch::Store::Memory

Given an absolute or relative store class name this will return the resolved class name.

store_class

my $class = $factory->store_class( '::Memory' );

Given an absolute or relative store class name this will return an anonymous class which extends the store class and has "store_roles" in Starch::Plugin::Bundle applied to it.

new_store

my $store = $factory->new_store( class=>'::Memory', %args );

Creates and returns a new "store_class" object with the factory argument set.

Note that since the "expires" in Starch::Store argument is required you must specify it.

SUPPORT

See "SUPPORT" in Starch.

AUTHORS

See "AUTHORS" in Starch.

COPYRIGHT AND LICENSE

See "COPYRIGHT AND LICENSE" in Starch.

To install Starch, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Starch

CPAN shell

perl -MCPAN -e shell
install Starch

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)