Code Review Lab — practice secure code review
loading…
Code review is a skill.
Practice it.
Build the instinct that catches vulnerabilities in review.
loading daily challenge…
Build the instinct that catches vulnerabilities in review.
Build the instinct that catches vulnerabilities in review. Hands-on challenges in real production code.
TuneCrate is a music-library backend built in Go using gqlgen on top of PostgreSQL. Users browse and filter a catalog of tracks through the discovery page, which calls the searchTracks(genre, sort) GraphQL query. The filtering resolver was written quickly to support flexible genre and sort options. Review the resolvers backing the catalog and see whether any client-supplied input reaches the database in a way it shouldn't.
“We dropped Code Review Lab into our security training rotation. Two weeks later our engineers were catching things in PR review we'd historically missed.”