S09:2023 - Code Quality and Best Practices 🌟¶
Overview¶
While individual findings may not pose direct security threats, their combination can result in severe consequences. Violations of code quality and best practices suggest a systemic issue with security. This positions Code Quality and Best Practices Violations at #9 in the Snap Security Top 10.
Description¶
Code Quality and Best Practices encompass a set of guidelines and principles that aim to enhance the reliability, maintainability, and security of the Snap. By adopting rigorous coding standards, developers can minimize vulnerabilities, improve overall software quality, and streamline the development process.
- Bad general or API design.
- Missing linter, tsconfig.
- Non hardened defaults.
- Misleading function names.
- Invalid metadata.
- TypeScript compiler and linting errors.
- Bad documentation (inline, docs).
- No tests.
- Not following MetaMask Best Practices.
- ToDo's.
- Copy paste errors.
- Coding inefficiencies.
- Use of non-standard libraries.
- Not using TypeScript.
- Not using
@metamask/detect-provider.
How to Prevent¶
- Conduct thorough code reviews to identify and rectify potential issues. Encourage collaboration among team members to share knowledge and ensure collective code ownership.
- Employ static code analysis tools to automatically identify common coding errors, security vulnerabilities, and adherence to coding standards.
- Establish and follow secure coding guidelines relevant to MetaMask, TypeScript, JavaScript, HTML, to mitigate common security risks associated with Snap development.
- Implement a comprehensive suite of automated tests to validate the functionality and security of the Snap, covering both unit and integration testing.