Security Advisories (13)

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

NAME

Test::Mojo - Testing Mojo!

SYNOPSIS

use Test::Mojo;
my $t = Test::Mojo->new(app => 'MyApp');

$t->get_ok('/welcome')
  ->status_is(200)
  ->content_like(qr/Hello!/, 'welcome message!');

$t->post_form_ok('/search', {title => 'Perl', author => 'taro'})
  ->status_is(200)
  ->content_like(qr/Perl.+taro/);

$t->delete_ok('/something')
  ->status_is(200)
  ->header_is('X-Powered-By' => 'Mojo (Perl)')
  ->content_is('Hello world!');

DESCRIPTION

Test::Mojo is a collection of testing helpers for everyone developing Mojo and Mojolicious applications.

ATTRIBUTES

Test::Mojo implements the following attributes.

`app`

my $app = $t->app;
$t      = $t->app(MyApp->new);

`client`

my $client = $t->client;
$t         = $t->client(Mojo::Client->new);

`redirects`

my $redirects = $t->redirects;
$t            = $t->redirects([]);

`tx`

my $tx = $t->tx;
$t     = $t->tx(Mojo::Transaction::Simple->new);

`max_redirects`

my $max_redirects = $t->max_redirects;
$t                = $t->max_redirects(3);

METHODS

Test::Mojo inherits all methods from Mojo::Base and implements the following new ones.

`content_is`

$t = $t->content_is('working!');
$t = $t->content_is('working!', 'right content!');

`content_like`

$t = $t->content_like(qr/working!/);
$t = $t->content_like(qr/working!/, 'right content!');

`content_type_is`

$t = $t->content_type_is('text/html');
$t = $t->content_type_is('text/html', 'right content type!');

`content_type_like`

$t = $t->content_type_like(qr/text/);
$t = $t->content_type_like(qr/text/, 'right content type!');

`delete_ok`

$t = $t->delete_ok('/foo');
$t = $t->delete_ok('/foo', {Expect => '100-continue'});
$t = $t->delete_ok('/foo', 'Hi there!');
$t = $t->delete_ok('/foo', {Expect => '100-continue'}, 'Hi there!');
$t = $t->delete_ok(
   '/foo',
   {Expect => '100-continue'},
   'Hi there!',
   'request worked!'
);

`get_ok`

$t = $t->get_ok('/foo');
$t = $t->get_ok('/foo', {Expect => '100-continue'});
$t = $t->get_ok('/foo', 'Hi there!');
$t = $t->get_ok('/foo', {Expect => '100-continue'}, 'Hi there!');
$t = $t->get_ok(
    '/foo',
    {Expect => '100-continue'},
    'Hi there!',
    'request worked!'
);

`head_ok`

$t = $t->head_ok('/foo');
$t = $t->head_ok('/foo', {Expect => '100-continue'});
$t = $t->head_ok('/foo', 'Hi there!');
$t = $t->head_ok('/foo', {Expect => '100-continue'}, 'Hi there!');
$t = $t->head_ok(
    '/foo',
    {Expect => '100-continue'},
    'Hi there!',
    'request worked!'
);

`header_is`

$t = $t->header_is(Expect => '100-continue');
$t = $t->header_is(Expect => '100-continue', 'right header!');

`header_like`

$t = $t->header_like(Expect => qr/100-continue/);
$t = $t->header_like(Expect => qr/100-continue/, 'right header!');

`json_content_is`

$t = $t->json_content_is([1, 2, 3]);
$t = $t->json_content_is([1, 2, 3], 'right content!');

`post_ok`

$t = $t->post_ok('/foo');
$t = $t->post_ok('/foo', {Expect => '100-continue'});
$t = $t->post_ok('/foo', 'Hi there!');
$t = $t->post_ok('/foo', {Expect => '100-continue'}, 'Hi there!');
$t = $t->post_ok('/foo', 'Hi there!', 'request worked!');
$t = $t->post_ok(
    '/foo',
    {Expect => '100-continue'},
    'Hi there!',
    'request worked!'
);

`post_form_ok`

$t = $t->post_form_ok('/foo' => {test => 123});
$t = $t->post_form_ok('/foo' => 'UTF-8' => {test => 123});
$t = $t->post_form_ok('/foo', {test => 123}, {Expect => '100-continue'});
$t = $t->post_form_ok(
    '/foo',
    'UTF-8',
    {test => 123},
    {Expect => '100-continue'}
);
$t = $t->post_form_ok('/foo', {test => 123}, 'Hi there!');
$t = $t->post_form_ok('/foo', 'UTF-8', {test => 123}, 'Hi there!');
$t = $t->post_form_ok(
    '/foo',
    {test   => 123},
    {Expect => '100-continue'},
    'Hi there!'
);
$t = $t->post_form_ok(
    '/foo',
    'UTF-8',
    {test   => 123},
    {Expect => '100-continue'},
    'Hi there!'
);

`put_ok`

$t = $t->put_ok('/foo');
$t = $t->put_ok('/foo', {Expect => '100-continue'});
$t = $t->put_ok('/foo', 'Hi there!');
$t = $t->put_ok('/foo', {Expect => '100-continue'}, 'Hi there!');
$t = $t->put_ok(
    '/foo',
    {Expect => '100-continue'},
    'Hi there!',
    'request worked!'
);

`reset_session`

$t = $t->reset_session;

`status_is`

$t = $t->status_is(200);
$t = $t->status_is(200, 'right status!');

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

ATTRIBUTES

app

client

redirects

tx

max_redirects

METHODS

content_is

content_like

content_type_is

content_type_like

delete_ok

get_ok

head_ok

header_is

header_like

json_content_is

post_ok

post_form_ok

put_ok

reset_session

status_is

SEE ALSO

Module Install Instructions

Keyboard Shortcuts