comment on

Acting on the advice from this node, we have begun the planning process for basic code reviews on scripts listed at the Perl Archive. This code review will aid in categorizing scripts based on its security and basic programming practices. I've used this node as a reference when creating the basic points for code review.

Unless otherwise noted, each script will receive 1 point for compliance, -1 point for non-compliance on each of the following:

Uses warnings
Uses strict
Security (up to 4 points).
- Uses -T
- Implements valid checks on all user input for potential security breaches or other damage
- Does not appear to allow arbitrary commands
- Using $CGI::POST_MAX or otherwise limiting maximum post size (thanks crazyinsomniac)
Html output - uses CGI, HTML::Template, HTML::Mason, or other suitable alternative
Form parsing - uses CGI, CGI::Lite, or other suitable module-derived alternative
Uses modules where applicable (-1 for using cgi-lib.pl)
Style, based on clarity and modularity (up to 2 points)
Documentation / comments (-2 for no comments; +2 for effective use of commenting)
Use HERE docs for lengthy text (-2 points for multiple print statements and "\"escape syndrome\"")
Checks return value of specific functions (aside from open, close, flock, can you suggest others to be added to this function list?)
Preserve file integrity by correctly using flock when necessary.
Anything else?

Since there will probably be instances when one or more of the points above will not be applicable to a script, a 0 point value will be used. This will equal N/A and will not affect the total score.

I realize that this does not come anywhere close to a comprehensive code review, but the only way we can realisticly implement any sort of code review at all is if we keep it simple (after all, there are ~4k scripts to review). Even this paltry review process can guilt/embarass even a few programmers into revamping their scripts, it will be worth the effort.

It's only fair that the program authors should bear the cost for more intensive code reviews on their own programs. If a program's author wishes to have an in-depth, individualized code review, we will refer them to various programmers who have expressed interest in performing this service (some for a fee, some as volunteers). The reviewer will then let me know the point score of the script. Perhaps there may be some rekindled interest in a code review section here?

Once a script has been reviewed, it will have a "detail" page on the site with the results of the review.

Any suggestions, enhancements, or critiques you can offer on this list would be very helpful :)

Jasmine

Update: Tainting/security point updated based on two replies from wog (1, 2) and a /msg from crazyinsomniac.

Update: Changed "excessive commenting" to "effective use of commenting", based on rchiav's suggestion.

Update: By monk magic, I presume, this node has been relocated to Meditations, where I'm able to edit the root node (thanks!). So, the updated list is back here.

In reply to Code review on script site by Jazz

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.