/ 
Amon2-6.12
⭐ Starred 163 / Amon2::Web::Request
Security Advisories (1)
CVE-2025-15604 (2026-03-28)

Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Before version 6.06, there was no fallback when /dev/urandom was not available. Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string. This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.

NAME

Amon2::Web::Request - Amon2 Request Class

DESCRIPTION

This is a child class of Plack::Request. Please see Plack::Request for more details.

AUTOMATIC DECODING

This class decode query/body parameters automatically. Return value of $req->param(), $req->body_parameters, etc. is the decoded value.

METHODS

$req->uri_with($args, $behavior)

Returns a rewritten URI object for the current request. Key/value pairs passed in will override existing parameters. You can remove an existing parameter by passing in an undef value. Unmodified pairs will be preserved.

You may also pass an optional second parameter that puts uri_with into append mode:

$req->uri_with( { key => 'value' }, { mode => 'append' } );
$req->body_parameters_raw()
$req->query_parameters_raw()
$req->parameters_raw()
$req->param_raw()
$req->param_raw($key)
$req->param_raw($key => $val)

These methods are the accessor to raw values. 'raw' means the value is not decoded.