Live Code Reviews
G. Wade Johnson lead the group, but he mostly asked for opinions and directed the review process. Several people had volunteered to have their code reviewed. Unfortunately, we were not able to get the review working for Jim Bacon due to technical difficulties with the remote connection.
Robert Stone volunteered his
module for review. Much of the review involved the group learning about the
DBIx::Class::InflateColumn infrastructure and reviewing design
decisions. Overall, there were no major issues that anyone found in looking
through the module.
The final module we discussed was Wade Johnson's
module. Since there was more code in this module, and it was a bit older, we
thought there was a fair chance that we would find more to abuse. The group
agreed that the interface was a bit surprising. Wade admitted that he was
experimenting with an idea at the time, and a different approach might have
been better. He spent some time describing the concept of Sparklines and
explaining the interface. During this time, JD noticed that there was a
CGI script in the module. This
immediately tickled his security interest, which lead him to find an injection
flaw pretty quickly. The group discussed changes broke up for the night.
We had 8 people attending this month. As always, we'd like to thank cPanel, Inc. for providing the meeting space and food for the group.