/ 
Amon2-6.14
⭐ Starred 163 / Amon2::Web
Security Advisories (1)
CVE-2025-15604 (2026-03-28)

Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Before version 6.06, there was no fallback when /dev/urandom was not available. Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string. This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.

NAME

Amon2::Web - Web Application Base.

SYNOPSIS

package MyApp;
use parent qw/Amon2/;

package MyApp::Web;
use parent qw/MyApp Amon2::Web/;

DESCRIPTION

This is a web application base class.

METHODS

$c->create_request()

Create new request object from $c.

You can override this method to change request object's class.

$c->create_response($code, \@headers, \@body)

Create new response object.

You can override this method to change response object's class.

$c->create_view()

Create new view object. View object should have $view->render(@_) method.

You can override this method to change view object's class.

$c->dispatch() : Plack::Response

Do dispatch request. This method must return instance of Plack::Response.

You can override this method to change behavior.

$c->html_content_type() : Str

Returns default Content-Type value for the HTML response.

You can override this method to change behavior.

$c->request() : Plack::Request
$c->req() : Plack::Request

This is a accessor method to get the request object in this context.

$c->redirect($location : Str, \%parameters) : Plack::Response

Create a response object to redirect for $location with \%parameters.

$c->redirect('/foo', +{bar => 3})

is same as following(if base URL is http://localhost:5000/)

$c->create_response(302, [Location => 'http://localhost:5000/foo?bar=3'])
$c->res_403()

Create new response object which has 403 status code.

$c->res_404()

Create new response object which has 404 status code.

$c->res_405()

Create new response object which has 405 status code.

$c->create_simple_status_page($code, $message)

Create a new response object which represents specified status code.

MyApp->to_app() : CodeRef

Create an instance of PSGI application.

$c->uri_for($path: Str, \%args) : Str

Create URI from $path and \%args.

This method returns relative URI.

$c->render($tmpl[, @args|%args]) : Plack::Web::Response

This method renders HTML.

$c->encoding()

Return a encoding object using Encode::find_encoding().

You can override this method to change behavior.

$c->encode_html($html) : Str

This method encodes HTML from bytes.

You can override this method to change behavior.