reference :https://www.codeproject.com/Articles/1156196/Code-Review-Checklist
Introduction(简介)
The purpose of this article is to propose an ideal and simple checklist that can be used for code review for most languages. Even though there are a lot of code review techniques available everywhere along with how to write good code and how to handle bias while reviewing, etc., they always miss the vital points while looking for the extras. The main idea of this article is to give straightforward and crystal clear review points for code reviewers to review efficiently with least time possible.
这篇文章的目的就是提出一个完美而且简单的检查列表,用来检查所有语言的代码;
尽管如此,当在检查代码的时候,如何去写好一段代码已经怎样去处理别名的问题,有很多中方式;
Purpose of Code Review(代码检查的目的)
The ultimate purpose of code review is to investigate the code to find weak spots, faults, strengths and ways to optimize the code for better performance. It is mainly to deliver a bug-free (at least near perfect) application that meets the purpose (requirements) while meeting the industry standards.
代码检查最重要的方式,就是发现代码中糟糕的点,错误;为了更好的执行,用最优的方式去优化代码中;为了工业的需求,满足客户需求,最完美的代码;
The code review checklists are illustrated in two parts:
Code Review Checklist - Fundamental
Code Review Checklist - Comprehensive
代码中检查列表,主要包括两部分:
代码检查列表——基础性
代码检查列表-可理解的
Code Review Checklist - Fundamental(代码检查-基础性的)
Objective based [Purposeful]The code achieves its purpose. In simple terms, it does what it is supposed to.
基于目的「目标」:代码完成它的目的;在最基本的编程模式中,代码实现的就是基于它的目的;
Unbreakable [Validated]Validations are used wherever necessary. The code never breaks under any circumstances. Especially under invalid inputs that come from the user end. Regardless of it being a negative, over-sized, invalid format, etc., every input passed should be processed, sanitized before taking it further. Every object is checked for its actual data existence before accessing its properties.
不可破坏性的【验证】:代码可被验证的
Responses are handled [Error handling and Data formatting]Not just the error messages, every response that is returned by the server must be properly handled. It should have necessary headers, response messages, error codes and any other necessary details attached with it in required format. All possible scenarios are tested to avoid deadlocks, timeouts, etc.
Follows architecture [No design deviation]Verify that the approved architecture/design is followed throughout the application (If there is none, consider putting it in place). If there are any design changes required, ensure that these are documented, baselined and approved before implementing them in the existing code.
Unit tested [Reliable]Every core method has a unit test which passes.
Reusable [No repetition]All methods serve a limited and clear purpose (follows DRY principle). Functions are reused wherever applicable and written in such a way that they can be re-used in the future implementations. There is no duplication of code. Logics make use of general functions without ambiguity.
Performance oriented [Speedy response & Scalability]The landing of the application is swift. There are no long delays between the requests and responses. Raw string concatenations are avoided and proper methods such as StringBuilder
are used. The code is scalable and able to handle a large amount of data and upcoming features.
Secure [Safe code]The code is secure in terms of authentications (with encryption), injections, roles, unauthorized access, directory browsing, SQL injection, cross-side scripting, etc. It follows the OWASP 10 security principles.
Code Review Checklist - Comprehensive
Manageable [Crisp and Formatted]The code is readable, commented and easy to manage. It is friendly formatted and easy to read/understand. Methods are not too big to manage and they don't exceed readable size.
Meets coding conventions and standards [Standardized approach]The code follows the coding conventions, standards and is consistent with the existing application code. There are no commented code and hard coded values.
Detach connections after usage [Memory handling]Resources that are not automatically released after usage are freed. Connections, ports are closed properly.
Has configurable logging[Traceability]Log every transaction or the ones that require logging. They are stored in a repository (as a file) as well as in the database (as text). Logging in different stages for different purposes can be enabled/disabled in the configuration file (like web.config)
Code coverage is more than 95% [Efficiency]Code coverage is as important as the unit test cases passing. 95% of the code is covered (which means 95% code is actually tested via unit test cases).
On-demand resource delivery[Fast]Resources are fetched and delivered only on demand. Necessary options are available for dealing with huge data such as paginations, etc.
No warnings / console logs [Data safety]No compiler warnings arise while running the application. Logs that are used while developing are cleared and none of the application information (especially the sensitive ones) are written in the browser console.
Legal usage of third-party tools/libraries[Licencing]External libraries are used only if proven necessary for the application. If there are third-party tools or libraries used, then the licenses and legal usages are verified and complaint.
References
https://smartbear.com/learn/code-review/what-is-code-review/?q=code+review
http://www.evoketechnologies.com/blog/code-review-checklist-perform-effective-code-reviews/
http://www.codeproject.com/Articles/524235/Codeplusreviewplusguidelines