/ 
Mojolicious-7.78
⭐ Starred 2674
/ Mojo::Exception
Security Advisories (7)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Exception - Exceptions with context

SYNOPSIS

use Mojo::Exception;

# Throw exception and show stack trace
eval { Mojo::Exception->throw('Something went wrong!') };
say "$_->[1]:$_->[2]" for @{$@->frames};

# Customize exception
eval {
  my $e = Mojo::Exception->new('Died at test.pl line 3.');
  die $e->trace(2)->inspect->verbose(1);
};
say $@;

DESCRIPTION

Mojo::Exception is a container for exceptions with context information.

ATTRIBUTES

Mojo::Exception implements the following attributes.

frames

my $frames = $e->frames;
$e         = $e->frames([$frame1, $frame2]);

Stack trace if available.

# Extract information from the last frame
my ($package, $filename, $line, $subroutine, $hasargs, $wantarray, $evaltext,
    $is_require, $hints, $bitmask, $hinthash) = @{$e->frames->[-1]};

line

my $line = $e->line;
$e       = $e->line([3, 'die;']);

The line where the exception occurred if available.

lines_after

my $lines = $e->lines_after;
$e        = $e->lines_after([[4, 'say $foo;'], [5, 'say $bar;']]);

Lines after the line where the exception occurred if available.

lines_before

my $lines = $e->lines_before;
$e        = $e->lines_before([[1, 'my $foo = 23;'], [2, 'my $bar = 24;']]);

Lines before the line where the exception occurred if available.

message

my $msg = $e->message;
$e      = $e->message('Died at test.pl line 3.');

Exception message, defaults to Exception!.

verbose

my $bool = $e->verbose;
$e       = $e->verbose($bool);

Enable context information for "to_string".

METHODS

Mojo::Exception inherits all methods from Mojo::Base and implements the following new ones.

inspect

$e = $e->inspect;
$e = $e->inspect($source1, $source2);

Inspect "message", "frames" and optional additional sources to fill "lines_before", "line" and "lines_after" with context information.

new

my $e = Mojo::Exception->new;
my $e = Mojo::Exception->new('Died at test.pl line 3.');

Construct a new Mojo::Exception object and assign "message" if necessary.

to_string

my $str = $e->to_string;

Render exception.

# Render exception with context
say $e->verbose(1)->to_string;

throw

Mojo::Exception->throw('Something went wrong!');

Throw exception from the current execution context.

# Longer version
die Mojo::Exception->new('Something went wrong!')->trace->inspect;

trace

$e = $e->trace;
$e = $e->trace($skip);

Generate stack trace and store all "frames", defaults to skipping 1 call frame.

# Skip 3 call frames
$e->trace(3);

# Skip no call frames
$e->trace(0);

OPERATORS

Mojo::Exception overloads the following operators.

bool

my $bool = !!$e;

Always true.

stringify

my $str = "$e";

Alias for "to_string".

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.