| line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
|
1
|
|
|
|
|
|
|
package HTTP::Session::ID::SHA1; |
|
2
|
2
|
|
|
2
|
|
258881
|
use strict; |
|
|
2
|
|
|
|
|
4
|
|
|
|
2
|
|
|
|
|
61
|
|
|
3
|
2
|
|
|
2
|
|
7
|
use warnings; |
|
|
2
|
|
|
|
|
3
|
|
|
|
2
|
|
|
|
|
96
|
|
|
4
|
2
|
|
|
2
|
|
9
|
use Carp (); |
|
|
2
|
|
|
|
|
5
|
|
|
|
2
|
|
|
|
|
20
|
|
|
5
|
2
|
|
|
2
|
|
936
|
use Digest::SHA (); |
|
|
2
|
|
|
|
|
5457
|
|
|
|
2
|
|
|
|
|
63
|
|
|
6
|
2
|
|
|
2
|
|
389
|
use Crypt::URandom (); |
|
|
2
|
|
|
|
|
3123
|
|
|
|
2
|
|
|
|
|
236
|
|
|
7
|
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
sub generate_id { |
|
9
|
5
|
|
|
5
|
0
|
1388
|
my ($class, $sid_length) = @_; |
|
10
|
5
|
50
|
33
|
|
|
36
|
if ( !defined($sid_length) || $sid_length !~ /\A[1-9][0-9]*\z/ ) { |
|
11
|
0
|
|
|
|
|
0
|
Carp::croak "sid_length must be a positive integer"; |
|
12
|
|
|
|
|
|
|
} |
|
13
|
|
|
|
|
|
|
# Hash cryptographically secure random bytes (CVE-2026-3256). sha1 output is |
|
14
|
|
|
|
|
|
|
# 160 bits, so 20 random bytes fully seed it; preserves the legacy hex format. |
|
15
|
5
|
|
|
|
|
10
|
return substr(Digest::SHA::sha1_hex(Crypt::URandom::urandom(20)), 0, $sid_length); |
|
16
|
|
|
|
|
|
|
} |
|
17
|
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
1; |