/ 
Starch-0.01
⭐ Starred 3 / Starch::Util
Security Advisories (1)
CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Starch::Util - Utility functions used internally by Starch.

FUNCTIONS

load_prefixed_module

# These both return "Foo::Bar".
my $module = load_prefixed_module( 'Foo', '::Bar' );
my $module = load_prefixed_module( 'Foo', 'Foo::Bar' );

Takes a prefix to be appended to a relative package name and a relative or absolute package name. It then resolves the relative package name to an absolute one, loads it, and returns the absolute name.

apply_method_proxies

Given a data structures (array ref or hash ref) this will recursively find all method proxies, call them, and insert the return value back into the data structure.

This creates a new data structure and does not modify the original.

call_method_proxy

my @ret = call_method_proxy(
    [
        '&proxy'
        'Some::Package',
        'some_method',
        @args,
    ],
);

Is the same as:

require Some::Package;
my @ret = Some::Package->some_method( @args );

Method proxies are defined in more detail at "METHOD PROXIES" in Starch.

is_method_proxy

is_method_proxy( [ 'Foo', 'bar' ] ); # false
is_method_proxy( [ '&proxy', 'Foo', 'bar' ] ); # true

Returns true if the passed value is an array ref where the first value is &proxy.

AUTHORS AND LICENSE

See "AUTHOR" in Starch, "CONTRIBUTORS" in Starch, and "LICENSE" in Starch.