Things to Look for in a Code Review


Data Browser - Viewing Site Sector 23 Code Bank		Logged in as:	Guest

Similar Topics...

SQL times out in web, but not in Management Studio

Determine which roles can access a .NET page

Insert with MS Access; return AutoNumber

What does enableSessionState=ReadOnly actually do

Reporting Services - The Item '/Data Sources' Does Not Exist - Lost Administrator rights to SSRS

Get Users in AD Group or Groups for a User

Should you use var in C

Cannot access a disposed object. 'transaction

Determine what users are in a group on a database

Call Bing REST Mapping Services from .NET

Allow user input to DevExpress comboboxedit

Cannot access a closed file error at PostedFile.SaveAs

google ads access to font blocked by cors policy

Ok Google, what does a total lunar eclipse look like

PdfSharp Review

Page-Break-After results in extra page in Chrome

Sector 23 Code Bank

Upload Multiple Files ASP.NET 4.0, Using HTML5 Input File and/or Drop Target

NET Export GridView to a CSV (that Excel can Actually Read

Angular JS - hide code while rendering

Testing SQL Code without cache - SQL Server

Lulu Book Creation Review

Visual Studio 2013 Review

Set width of anchor (a) in CSS

The Sector 23 Code Bank

Uninstall Outlook Add-In doesn't remove Menu

Open Outlook Email with BCC's on Client from ASP.NET

Image.Save: Value cannot be null. Parameter name: encoder

Encode Mailto Body Text to Open in Email Client

Things to Look for in a Code Review
Code reviews are important, but the time should be used wisely. The following should be your top priorities to check for, from most important to least.

#1 Is it secure?
If the software has security vulnerabilities, that is a worst-case scenario. It can result in great risk and harm to people and institutions. Bad actors can cause serious damage financially, socially, or criminally. You do not want to be the person who let this past your gate.
Skim through the code and spot check entry points and SQL/script executions. Particularly look for common mistakes, like:
- SQL/script injection
- Wrong/too much access granted to users or services
- Not checking inputs
- Missing server side validation
- Unsecured data, especially things like passwords, SSNs, or credit card numbers

#2 Does it work?
If the software doesn't do what it is supposed to do, not only is the customer unhappy, you and the team will lose time down the road when you have to reimplement and retest the feature. Check for the following in particular:
- Boundary conditions/edge cases
- Null checks
- Type casting
- Memory leaks
- Overflow issues (now or future)

#3 Is it performant
Developers are great at writing software that works in DEV for a small data set and later times out in PROD, leading to frustrated users. In particular, watch for:
- Network/SQL access done in a loop instead of in batches
- Datasets passed in entirety instead of in batches
- UNION instead of UNION ALL or DISTINCT instead of proper joins
- Multiple calls for the same data
- Moving or storing much more data than is necessary (e.g. Select * from table just to print a few rows or columns)

#4 Is it maintainable
Ensure code isn't being written that will take huge amounts of resources to maintain. Consider the following:
- Does this code generally use software stacks and design standards familiar to our organization?
- Is code being duplicated, which could instead be shared and reused?
- Is the code properly checked in to a source control system and release bundle?
- Is documentation for this feature required, and if so, is it up to date and easily found?

#5 Is it formatted well
Some developers incorrectly look at this first as it is the easiest to analyze and take issue with.
In fact, not only is it the least important, this is something I generally recommend you do not check at all . Why not?
- The user doesn't care
- Your company's money for your time could be used on other things
- Functionality is not impacted
- It is easy to upset others by questioning their programming style
At best, if someone's code is bothering you, casually mention it or put an occasional non-actionable comment with the suggestion. If it really bothers you, your best bet is to simply clean it up yourself.

Ultimately, not only are these important to the code review, they should always be in the mind of the developer. The best code review is one where no issues are found! If a developer follows these guidelines up front, everyone saves time by minimizing the back and forth of identifying and resolving issues. Even so, the code review is an important step in the release process, because no one is perfect. Having another set of eyes check your work not only results in better software, it increases team communication and knowledge by ensuring developers are staying abreast of each other's coding paradigms and techniques.

Created By: amos 7/28/2023 11:21:25 PM
Updated: 7/28/2023 11:56:13 PM