Check whether the code file (aspx, aspx.cs, ascx, ascx.cs, .svc, .svc.cs etc.) follows the standard naming conventions
Does the code file contain Summary comments at the top, and whether the information filled there is enough to understand about the code file?
Is the code separated into logical regions? Are the region names correct and convey the right message?
Does all methods carry Summary Comments (that start with ///)?
Are the comments descriptive enough to explain the intended purpose of the method?
Are all arguments/parameters and return types included in thee summary description?
Is proper line spacing provided between logical code blocks within a method?
Does the code file inherit the prescribed base classes? For example, all user web pages must inherit SynecticPage, admin pages must inherit SynecticAdminPage and central admin pages must inherit SynecticCentralAdminPage. Same way, all user controls must inherit SynecticControl. All WCF Web Services must inherit AuthorizedService.
Does all controls used in the file/page follow the standard naming conventions?
Does all method names used in the file/page follow the standard naming conventions?
Does all variables used in the file/page follow the standard naming conventions?
Are exceptions properly anticipated, handled and logged wherever necessary?
Is there any hardcoding of values while initializing objects? Particularly OrganisationId, OeId, UserId etc?
Are any connection strings hardcoded?
Are any configuration information hardcoded (which is supposed to be kept in the web.config file)?
Is there any string hardcoded within the file, which forms an output of the UI directly (potential multilingual issue)
Is the code properly intended and formatted? Use Ctrl K + D to format code.
Does any aspx page hard code styles, that are supposed to have been used from the stylesheet??
Are all aspx and html tags properly started and properly ended?
Is there any alert box in the page? (potential multilingual issue)
Are there any SQL queries that are created with concatenating values? (potential sql injection issue). Convert such queries to Stored Procedures
All queries should be done on and beyond the WCF Service Layer. There should not be any queries in other namespaces. Do any of such queries exist in the code files?
Is the page properly displayed in design view without "Error loading control" messages
Does the code contain non-initialized or unused variables (warnings - which are potential errors)
Are there any unwanted try/catch blocks in the application?
Does the code contain service calls / sp calls / query executions in a loop?… Are all service connections closed properly using open within try and close within finally block after checking the connection state?
Is there any business logic chek in stored procedures?
Are common functions properly referenced instead of standard conversion functions like Convert.ToInt32 etc?
Is there any dead code available in the code files?
Is there any inline HTML code available, which could have been implemented as a server control? (potential multilingual issue)
Are arrays handled efficiently? Is there a possibility of "Index was outside the bounds of the Array" error?
Does the code contain unwanted loops, indefinite loops, arrays etc?
Are nested if conditions used? Can they be rewritten using some other structure?
Are "Switch-case" used? If yes, then is "break" placed in all "case" constructs? Is there a "default" in place?
Are validations done for all control values as per table column descriptions?
Is "Rowversion" used propertly to check for concurrency issues in database?
Are error messages properly conveyed to the user?
Is the screen loaded (at runtime) as per performance standards laid out?
No comments:
Post a Comment