Reviews and Mentoring for fr3shw3b

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!

This page serves fr3shw3b's project application reviews and help to project application reviews. This is a part of mentoring to become a code review administrator eventually. add any advice that you may have through comments.

Supersized JQuery Plugin:
http://drupal.org/node/1837780#comment-6776652
http://drupal.org/node/1837780#comment-6897330

Commerce eurobank redirect:
http://drupal.org/node/1850716#comment-6781880
http://drupal.org/node/1850716#comment-6924756

Webform Feedback Module:
http://drupal.org/node/1852392#comment-6784556
http://drupal.org/node/1852392#comment-6897642

BetterTip:
http://drupal.org/node/1852590#comment-6784608

Email ajax check:
http://drupal.org/node/1784482#comment-6860568
http://drupal.org/node/1784482#comment-6897618

Address Field Portugal:
http://drupal.org/node/1863846#comment-6860662

Spaces OG Login / Logout
http://drupal.org/node/1867646#comment-6876014
http://drupal.org/node/1867646#comment-6889234

Menu Slice: (Didn't recognise it was a duplicate.)
http://drupal.org/node/1874178#comment-6877090

TableHover:
http://drupal.org/node/1873474#comment-6877126

Casengo Contact Widget:
http://drupal.org/node/1847914#comment-6877172
http://drupal.org/node/1847914#comment-6897570
http://drupal.org/node/1847914#comment-6901292

Further help and explanation:
http://drupal.org/node/1847914#comment-6916618

Youtube Video Uploader:
http://drupal.org/node/1874650#comment-6889170
http://drupal.org/node/1874650#comment-6897490

Assetic:
http://drupal.org/node/1826272#comment-6889266
http://drupal.org/node/1826272#comment-6897414

Deep Survey
http://drupal.org/node/1236914#comment-6921020

Registration Restriction
http://drupal.org/node/1884388#comment-6921174
http://drupal.org/node/1884388#comment-6924572

Apache Solr CSV
http://drupal.org/node/1884380#comment-6922388

Feed Loader
http://drupal.org/node/1877716#comment-6955306

Security Issues:
Webform Feedback
http://drupal.org/node/1852392#comment-6945090

Comments

Security issues

fr3shw3b's picture

Security issues such as XSS and CSRF vulnerabilities have been looked for but there has been a struggle to find them, this is where more guidance might be needed.
This is the guidance I currently use (printed out from a word document):

• Where there are custom variables created which are module specific make sure there is module.install file with hook_uninstall().
• Look for XSS vulnerabilities in user input.
• Look for heavy use of hook_init() or hook_boot() and advise against this.
• Look for markup being built outside of the theme layer, advise and give examples of how they could use the theme layer.
• Look for heavily coded functions and advise for the person to break it down and give examples to help.
• Look for empty, meaningless functions, doc block errors and logical errors such as passing integers where there should be strings or miss spellings etc.
• Look for custom functions which are used when an existing function could be used.
• Look for UX issues, naming conventions and consistencies in the module’s interface and code.
• Look for whether the module is a duplicate or not!
• Look for CSRF vulnerabilities and give advice on how to guard against this.
• Look in JavaScript for unnecessary JS Calls and advise the applicant to use Drupal behaviours.
• Identify whether there are classes and functions placed in the module file and suggest a format in which the applicant could use.
• Look for code duplication and suggest helper functions.
• Identify where there should be translatable text and where links could be formed using l().
• Give suggestions to help concerning the UI, extra features or different, more effective ways of going about the solution.
• Where PHP alone methods are used such as render and strtolower advise to use the Drupal alternative.
• Help find ways of reducing the amount of code in a project as possible.
• Look for grammatical errors.
• More to come…

Nice list!Identifying

klausi's picture

Nice list!

Identifying security issues requires a bit of practice and I learned a lot by just observing greggles as he pointed out security issues. The PAReview: security tag is used to keep track of security issues in project applications: http://drupal.org/project/issues/search/projectapplications?issue_tags=P...
Use that and you will get a feeling how and where we find them.

Hi fr3shw3b, hope you are

klausi's picture

Hi fr3shw3b,

hope you are doing well? Just wanted to ask if you are still pursuing this effort to become a git administrator? Just let me know if you need any help or advice.

I think you did a pretty good job already and I would look to continue working with you on the project application issue queue.

Code review for security advisory coverage applications

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week