first commit
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
# Code Review Best Practices
|
||||
|
||||
## Default review order
|
||||
1. Understand intent and scope.
|
||||
2. Check architecture and correctness.
|
||||
3. Check tests and failure handling.
|
||||
4. Check security and performance risks.
|
||||
5. Leave clear, prioritized comments.
|
||||
|
||||
## Comment severity
|
||||
- `blocking` - correctness, security, data loss, major maintainability issue
|
||||
- `important` - should be fixed before merge if practical
|
||||
- `nit` - polish only
|
||||
|
||||
## Good reviewer habits
|
||||
- summarize first,
|
||||
- separate required changes from suggestions,
|
||||
- quote the code path or failure mode,
|
||||
- praise good decisions when they matter.
|
||||
@@ -0,0 +1,9 @@
|
||||
# Common Bugs Checklist
|
||||
|
||||
- null / undefined handling
|
||||
- off-by-one and empty-input behavior
|
||||
- race conditions or double-submit paths
|
||||
- missing authorization checks
|
||||
- silent error swallowing
|
||||
- expensive loops or repeated queries
|
||||
- test gaps on unhappy paths
|
||||
@@ -0,0 +1,12 @@
|
||||
# Security Review Guide
|
||||
|
||||
## Check for
|
||||
- unsanitized input,
|
||||
- SQL or shell injection,
|
||||
- insecure deserialization,
|
||||
- secret leakage,
|
||||
- missing authz checks,
|
||||
- unsafe filesystem or network defaults.
|
||||
|
||||
## Review note pattern
|
||||
`Blocking: this path accepts untrusted input and passes it to X without validation.`
|
||||
Reference in New Issue
Block a user