TEXT 15
Untitled Guest on 15th October 2020 01:00:33 PM
  1. = Code Review
  2. == Javascript
  3. * [ ] Always use === instead of ==
  4. * [ ] Even though variables are hoisted up in JS, make sure to declare vars on top of method. This promotes readability
  5. * [ ] Make sure exceptions that are caught and show to the user are also localized and make sense.
  6. == Java
  7. === Clean code
  8. * [ ] Use Intention-Revealing Names
  9. * [ ] Pick one word per concept
  10. * [ ] Use Solution/Problem Domain Names
  11. * [ ] Classes should be small!
  12. * [ ] Functions should be small!
  13. * [ ] Do one Thing
  14. * [ ] Don't Repeat Yourself (Avoid Duplication)
  15. * [ ] Explain yourself in code
  16. * [ ] Make sure the code formatting is applied
  17. * [ ] Use Exceptions rather than Return codes
  18. * [ ] Don't return Null
  19. === Security
  20. * [ ] Make class final if not being used for inheritance
  21. * [ ] Avoid duplication of code
  22. * [ ] Restrict privileges: Application to run with the least privilege mode required for functioning
  23. * [ ] Minimize the accessibility of classes and members
  24. * [ ] Document security related information
  25. * [ ] Input into a system should be checked for valid data size and range
  26. * [ ] Avoid excessive logs for unusual behavior
  27. * [ ] Release resources (Streams, Connections, etc) in all cases
  28. * [ ] Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)
  29. * [ ] Do not log highly sensitive information
  30. * [ ] Consider purging highly sensitive from memory after use
  31. * [ ] Avoid dynamic SQL, use prepared statement
  32. * [ ] Limit the accessibility of packages,classes, interfaces, methods, and fields
  33. * [ ] Limit the extensibility of classes and methods (by making it final)
  34. * [ ] Validate inputs (for valid data, size, range, boundary conditions, etc)
  35. * [ ] Validate output from untrusted objects as input
  36. * [ ] Define wrappers around native methods (not declare a native method public)
  37. * [ ] Treat output from untrusted object as input
  38. * [ ] Make public static fields final (to avoid caller changing the value)
  39. * [ ] Avoid exposing constructors of sensitive classes
  40. * [ ] Avoid serialization for security-sensitive classes
  41. * [ ] Guard sensitive data during serialization
  42. * [ ] Be careful caching results of potentially privileged operations
  43. === Performance
  44. * [ ] Avoid excessive synchronization
  45. * [ ] Keep Synchronized Sections Small
  46. * [ ] Beware the performance of string concatenation
  47. * [ ] Beware code within loop blocks
  48. * [ ] Use saveAll() instead of save()
  49. * [ ] Avoid creating unnecessary objects
  50. === General
  51. * [ ] Favor the use of standard exceptions
  52. * [ ] Don't ignore exceptions
  53. * [ ] Use checked exceptions for recoverable conditions and runtime exceptions for programming errors
  54. * [ ] Check parameters for validity
  55. * [ ] Return empty arrays or collections, not nulls
  56. * [ ] Minimize the accessibility of classes and members
  57. * [ ] In public classes, use accessor methods, not public fields
  58. * [ ] Minimize the scope of local variables
  59. * [ ] Refer to objects by their interfaces
  60. * [ ] Adhere to generally accepted naming conventions
  61. * [ ] Avoid finalizers
  62. * [ ] Always override hashCode when you override equals
  63. * [ ] Always override toString
  64. * [ ] Use enums instead of int constants
  65. * [ ] Use marker interfaces to define types
  66. * [ ] Synchronize access to shared mutable data
  67. * [ ] Prefer executors to tasks and threads
  68. * [ ] Document thread safety
  69. == Angular
  70. === General
  71. * [ ] Are all vars used somewhere?
  72. * [ ] Do the vars have properly cased, and meaningful names?
  73. * [ ] Style looks appropriate
  74. * [ ] No unnecessarily duplicated logic
  75. * [ ] Code intent is clear upon initial reading
  76. * [ ] Any code that isn't clear, but is needed, has an effective comment
  77. * [ ] Are method calls or attribute lookups every called on entities that could be undefined/null?
  78. * [ ] The functions can appropriately handle unexpected inputs.
  79. * [ ] Commented *code* has been removed (comments themselves are fine).
  80. * [ ] There are tests for the proposed functionality (if not, there's a good reason)
  81. * [ ] You've actually read the tests, and have a sense of what's being tested and what isn't. (or this is n/a)
  82. === HTML / CSS
  83. * [ ] No embeded CSS
  84. * [ ] Style blocks are externalized to .css files
  85. * [ ] Consistent naming conventions are used
  86. * [ ] CSS validates against the W3C validator
  87. * [ ] CSS selectors are only as specific as they need to be; grouped logically
  88. * [ ] A print-friendly .css file is included in the page
  89. * [ ] A reset.css file is included in the page
  90. * [ ] CSS sprites are used to combine images
  91. * [ ] CSS selectors gets more specific across files
  92. * [ ] CSS shorthand is used for properties that support it
  93. * [ ] CSS selectors are not tag qualified
  94. * [ ] CSS properties are alphabetical (except for vendor-specific properties) (Why? See: Parable of the brown M&Ms)
  95. * [ ] HTML within components
  96. === Angular Specific
  97. * [ ] No DOM manipulation is happening inside controllers
  98. * [ ] View logic is non-existant or minimal
  99. * [ ] Among the rendering logic, there are no good candidates to be extracted into a filter
  100. * [ ] Among the controller logic, there are no good candidates to be extracted into a service
  101. * [ ] Among all the logic, there are no good candidates to be extracted into a directive
  102. * [ ] Among the partials, there are no good candidates for extraction into an ng-include
  103. * [ ] No unneeded controllers were created.
  104. === Final Checks
  105. * [ ] It has indeed passed build tests before getting merged
  106. * [ ] It does what the description says it does
  107. * [ ] Any technical debt has been added to the log

Paste is for source code and general debugging text.

Login or Register to edit, delete and keep track of your pastes and more.

Raw Paste

Login or Register to edit or fork this paste. It's free.