Table of Contents
This page is not intended to include a comprehensive list of everything that should be checked during a code review for CPS. Instead it attempt to list to less well known or very often (forgotten) rules that we should apply in CPS to keep the high quality of our production and test code.
Security Related Checks
Description | Notes | |
---|---|---|
1 | Do not log any user data at any log level | since we do not know what is in the user data there could also be sensitive information inside it. Be awara of logging objects, make sure the toString() implementation doesn't include user data for that object. So instead maybe just log fields that are well defined and do not contain user data. |
Simple is Good, Complex is Bad
...