| line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
|
1
|
|
|
|
|
|
|
package HTTP::Session::ID::MD5; |
|
2
|
2
|
|
|
2
|
|
230892
|
use strict; |
|
|
2
|
|
|
|
|
2
|
|
|
|
2
|
|
|
|
|
64
|
|
|
3
|
2
|
|
|
2
|
|
8
|
use warnings; |
|
|
2
|
|
|
|
|
2
|
|
|
|
2
|
|
|
|
|
115
|
|
|
4
|
2
|
|
|
2
|
|
21
|
use Carp (); |
|
|
2
|
|
|
|
|
2
|
|
|
|
2
|
|
|
|
|
36
|
|
|
5
|
2
|
|
|
2
|
|
10
|
use Digest::MD5 (); |
|
|
2
|
|
|
|
|
3
|
|
|
|
2
|
|
|
|
|
23
|
|
|
6
|
2
|
|
|
2
|
|
818
|
use Crypt::URandom (); |
|
|
2
|
|
|
|
|
6694
|
|
|
|
2
|
|
|
|
|
212
|
|
|
7
|
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
# Digest::MD5 was first released with perl 5.007003 |
|
9
|
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
sub generate_id { |
|
11
|
5
|
|
|
5
|
0
|
1374
|
my ($class, $sid_length) = @_; |
|
12
|
5
|
50
|
33
|
|
|
53
|
if ( !defined($sid_length) || $sid_length !~ /\A[1-9][0-9]*\z/ ) { |
|
13
|
0
|
|
|
|
|
0
|
Carp::croak "sid_length must be a positive integer"; |
|
14
|
|
|
|
|
|
|
} |
|
15
|
|
|
|
|
|
|
# Hash cryptographically secure random bytes (CVE-2026-3256). md5 output is |
|
16
|
|
|
|
|
|
|
# 128 bits, so 16 random bytes fully seed it; preserves the legacy hex format. |
|
17
|
5
|
|
|
|
|
11
|
return substr(Digest::MD5::md5_hex(Crypt::URandom::urandom(16)), 0, $sid_length); |
|
18
|
|
|
|
|
|
|
} |
|
19
|
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
1; |