Code Reviews

In industry, it’s best practice to do “code reviews,” whereby one or more colleagues must review your code for problems before you can release it to users, much like a TF reviews your problem sets. Suppose that you’ve been asked to review some code that a (future) colleague has written.

For each of the snippets of code below, in no more than three sentences, explain why the code is incorrect, poorly designed, susceptible to crash, and/or vulnerable to attack, inferring from each snippet what it’s meant to do, and advise how to fix it. Assume that any functions, types, and variables used therein have been defined (elsewhere) and that any requisite libraries have been included or imported.

  1. (2 points.)

     char *get_string(char *prompt)
     {
         printf("%s", prompt);
         char *s;
         scanf("%s", s);
         return s;
     }
    
  1. (2 points.)

     node *n = malloc(sizeof(node));
     n->number = 13;
     n->next = NULL;
    
  1. (2 points.)

     <form action="/login" method="get">
         <input name="username" type="text">
         <input name="password" type="password">
         <input type="submit">
     </form>
    
  1. (2 points.)

     @app.route("/search", methods=["GET"])
     def search():
         q = request.args.get("q")
         results = db.execute(f"SELECT * FROM books WHERE title LIKE '{q}'")
         return render_template("results.html", results=results)
    
  1. (2 points.)

     @app.route("/register", methods=["POST"])
     def register():
         username = request.form.get("username")
         password = request.form.get("password")
         db.execute("INSERT INTO users (username, password) VALUES(?, ?)", username, password)
         return redirect("/")